NATIONAL MOBILE ID
How one Middle Eastern country took national ID from smart cards to citizen mobile devices.
A Middle Eastern state had already successfully deployed a smart card based national ID scheme to citizens and residents. As part of a process of digital transformation, the government wished to enable citizens to access digital services directly from their own mobile devices. A key requirement was to simplify citizen access to services while maintaining the highest security standards.
THE CHALLENGE
The government specified a number of strategic goals of the mobile national ID solution:
- Mobile – The ID should be contained within a government app and should work on any citizen mobile device.
- PKI – A certificate from the existing national PKI should be used to identify citizens.
- Low impact deployment – The issuance should be a low operational cost, reuse the existing infrastructure and bind the mobile ID to the existing smart card based eID.
- Usage policy – The government wanted control over the use of an additional second authentication factor including PIN, fingerprint or facial ID.
- ID Provider – the government app should be capable of providing a citizen authentication service to third parties such as banking or healthcare providers.
THE SOLUTION
The existing MyID credential management system, already in place for smart card based national identities, was extended to enable the delivery and usage of PKI based national identities on mobile devices. Meeting each one of the government’s stated goals:
- Mobile – The MyID mobile SDK was embedded within the government app, enabling ID usage on citizen iOS and Android device.
- PKI – The mobile SDK connects back to the MyID server which is in turn connected to the national PKI, taking care of key generation and certificate delivery.
- Low impact deployment – Citizens authenticate themselves with their eID card at one of the existing citizen self-service kiosks, the mobile certificate collection is then triggered by scanning a QR code displayed on the kiosk ensuring the right people get the correct mobile ID.
- Usage policy – The mobile SDK supports PIN, fingerprint and facial ID and provides policy control enabling the government application to decide which can be used for which operation.
- ID Provider – The mobile SDK provides a simple standards-based interface enabling third party apps to call into the government app to identify a citizen on their behalf. Ensuring the digitally signed authentication occurs within the government app maintains the security of the digital Mobile ID and avoids the need to share keys between applications.
MyID was successfully extended to incorporate mobile identity issuance and usage with the mobile SDK being embed in the government app on iOS and Android platforms. The program has been live for over two years with millions of Mobile IDs now issued and in use.