GID1

06.08.2015

The management of personal identity in the mobile ecosystem: security, privacy and trust

Image | Marc Falardeau

“For personal and non-transferable use” is a disclaimer that can be found accompanying many products and services marketed today, and there now exist a whole series of articles specifically designed to certify personal identity.

Identity begins in the physical world, based on the characteristics of each individual, and later, as a consequence of activity carried out on the Internet, is transferred to the digital realm. Mobile identity, then, becomes a natural extension within a context in which mobile technologies have penetrated most sectors.

 Who are the main agents involved in the mobile identity ecosystem?

Firstly, the public. The massive spread of smartphones and connectivity have given rise to a hyperconnected citizen who needs to be constantly informed to feel more secure when confronting his day-to-day routine. The possibility of connecting at any time, and from any place, to check everything from traffic, to the news, maps, one’s agenda, email and the social networks, have fuelled the trend of accessing the Internet using mobile devices.

The ease and convenience with which the citizen accesses services and contents make him the main agent driving demand; his new needs are what lead to the development of better products and services. Simultaneously, however, the large selection of tools that citizens have at their disposal must guarantee adequate levels of control, privacy and security.

Other key agents in the mobile identity ecosystem include suppliers of services. These agents (such as banks) depend to a great extent on the security level of their interactions with users to be able to conduct their activity in the optimal manner.

Finally, the public sector is the last of the relevant agents engaged in the formation of mobile identity. Governments should promote the deployment of mobile consultation services (both public and private), and also ought to foment the necessary initiatives and investments to help citizens embrace their widespread use. In addition, public entities should endeavour to serve as suppliers of government services for citizens in an open way.

GID2

Image | ID_M, Mobile Identity

What processes are involved in identity management?

The establishment of an identity service is based on the application of principles and processes that guarantee a relationship of trust between the organisation providing the service and the individual who wishes to access it, whether physical or digital.

The creation of digital identity entails four key processes aimed at establishing this relationship of trust:

  • Registration: For an individual to be recognised by a system he first must register in it. For this he will be asked for the necessary credentials to verify his identity.
  • Authentication: When attempting to access certain services or resources, the individual must verify his identity. He does so by introducing the credentials obtained from his registration, in the online sphere, or by exhibiting his physical credentials, in the physical world. As this is one of the most important phases for the security of identity management, it is common for the verifying organisation to ask the person for some typical confirmation information: his mobile phone number, a PIN, password, or biometric characteristics (such as a fingerprint).
  • Authorization: Once the individual’s identity has been certified, he is assigned the permits and privileges necessary to access the services he wishes to.
  • Revocation: When the individual ceases to be associated with the system his credentials are rescinded through the revocation process.

This protocol, already applied in the physical world, must also be transferred to the digital sphere. Identity management in the physical world helps to mitigate the risks associated with interactions between people, or between people and entities, and increases the trust between the parties participating in the interaction. It is, as such, a fundamental issue for economic and social life.

In the digital domain, where the link between the agents interacting is basically intangible, it is even more important to reinforce security measures to establish this relationship of trust.

The potential of smartphones as a new identification tool that is totally safe, reliable and private, is what the ID_M, Mobile Identity report, produced by Mobile World Capital Barcelona Foundation, analyses, in addition to other issues.