Moving Beyond Barcodes
We all have many plastic cards in our wallets – driver’s license, credit cards, healthcare cards, and more. Many have some mechanism for exchanging data with a reader either via a barcode, magnetic strip, or chip. Unfortunately, these mechanisms for exchanging data do not always provide the best authentication.
Barcodes are for automation, not Identification
The use of barcodes, magnetic strips, and chips can automate the process of reading the information from the card but there is no mechanism to prove that the person carrying the card is the person to whom it was issued. Visual identification via a picture on the card can help but there is no proof that the card has not been altered. Some readers can employ external communication with the card issuer or a verification agent to confirm the data on the card but this is tedious and requires an internet connection.
Digital baby steps
We are starting to see visual representations of plastic cards being stored on smartphones. These can be used for identity verification because smartphones can present a barcode for scanning or can read a presented barcode. These types of exchanges require the phone and reader to be near one another. If you have used a digital airline boarding pass on your phone you know that finding the right position for scanning can be difficult, even when the reader is stationary. While that is a minor inconvenience when boarding an airplane, it can be a safety issue for a police officer during a traffic stop or confrontation. The peer to peer communication technologies in smartphones allow us to move beyond these type of barcode exchanges to a more secure solution.
Identification in the Digital Era
Smartphones can securely exchange data with one another over a short distance using wifi or Bluetooth connections. Digital identity documents can be signed by an issuing authority and securely transferred and stored on smartphones. Biometric authentication on the smartphone insures that the owner of the phone is the owner of the identity document stored on that phone. Security is improved.
Once an individual has been properly authenticated, identity documents can be issued immediately. Documents can be updated, replaced, or revoked as necessary. There is no need to physically travel to an issuing authority for a replacement and to wait for a plastic card to be printed and mailed. Convenience is improved.
During a verification request the owner can select the identity traits to share with the requester. You no longer need to reveal your exact age or birthdate to a bartender, but only the confirmation that you are of legal drinking age. Since data is transferred digitally, there is no awkward coordination of alignment for proper scanning of a barcode. Authentication can be performed at a safe distance. Safety is improved.
This new ecosystem is available today via IBM Mobile Identity. Explore more at mi.ibmjstart.com.
Upcoming Mobile Identity Events:
- connect:ID May 1-3, 2017, Washington, DC. See us at Booth 621
- K(NO)W Identity May 15-17, 2017, Washington, DC
- AAMVA Region IV May 21-24, 2017, Seattle, WA