We all have many plastic cards in our wallets — driver’s license, credit cards, healthcare cards and more. Many have some mechanism for exchanging data with a reader either via a barcode, magnetic strip or chip. Unfortunately, these mechanisms for exchanging data do not always provide the best authentication.
Barcodes are for automation, not identification
The use of barcodes, magnetic strips and chips, can automate the process of reading the information from the card but there is no mechanism to prove that the person carrying the card is the person to whom it was issued. Visual identification via a picture on the card can help but there is no proof that the card has not been altered. Some readers can employ external communication with the card issuer or a verification agent to confirm the data on the card but this is tedious and requires an internet connection.
Digital baby steps
We are starting to see visual representations of plastic cards being stored on smartphones. These can be used for identity verification because smartphones can present a barcode for scanning or can read a presented barcode. These types of exchanges require the phone and reader to be near one another. If you have used a digital airline boarding pass on your phone you know that finding the right position for scanning can be difficult, even when the reader is stationary. While that is a minor inconvenience when boarding an airplane, it can be a safety issue for a police officer during a traffic stop or confrontation. The peer to peer communication technologies in smartphones allow us to move beyond these type of barcode exchanges to a more secure solution.
Identification in the digital era
Smartphones can securely exchange data with one another over a short distance using wifi or Bluetooth connections. Digital identity documents can be signed by an issuing authority and securely transferred and stored on smartphones. Biometric authentication on the smartphone insures that the owner of the phone is the owner of the identity document stored on that phone. Security is improved.
Once an individual has been properly authenticated, identity documents can be issued immediately. Documents can be updated, replaced or revoked, as necessary. There is no need to physically travel to an issuing authority for a replacement and to wait for a plastic card to be printed and mailed. Convenience is improved.
During a verification request the owner can select the identity traits to share with the requester. You no longer need to reveal your exact age or birthdate to a bartender, but only the confirmation that you are of legal drinking age. Since data is transferred digitally, there is no awkward coordination of alignment for proper scanning of a barcode. Authentication can be performed at a safe distance. Safety is improved.
The insurance industry at its core is built on the legal promise to pay a compensation in case of a loss. Trust is at the core of this promise. However, the level of trust consumers have on their insurance provider is average. The IBM Institute for Business Value (IBV) surveyed 1,100 business insurance executives in 34 countries […]
Technology innovations like IoT, autonomous systems and mobile solutions invariably bring with them increased risks and security threats. Today’s news cycle features a constant stream of stories on hackers commandeering household nanny-cams, smart thermostats and video-enabled doorbells. The expansion of the Internet of Things has dramatically increased the attack surface. As the number of connected […]
A survey by the National Coffee Association finds that 64 percent of Americans, age 18 and over, drink coffee daily. After factoring in the less-caffeinated casual coffee drinker, this results in 400 million cups of coffee consumed daily in the United States. That may seem like a lot, until compared with most European countries who […]