Consumers are increasingly using mobile devices to access a variety of digital services, and service providers are grappling with how to provide authentication methods that are more secure and convenient than passwords or one-time passcodes.
The Secure Technology Alliance, formerly known as the Smart Card Alliance, explores the new authentication mechanisms and use cases where authentication is critical in a new white paper released today.
The white paper “Mobile Identity Authentication,” was developed by the Secure Technology Alliance Mobile Council.
Mobile identity (ID) authentication is the process of validating the identity of a mobile device user. It can rely on a number of on-device technologies to identify a user reliably and conveniently.
In this white paper, the Secure Technology Alliance provides an overview of mobile ID authentication, highlights use cases that rely on secure user credentials stored on a mobile device, and provides perspectives on how emerging technologies and standards are addressing the growing need for mobile ID authentication.
(Learn More about Smart Card Alliance Mission Expansion and Name Change to Secure Technology Alliance, courtesy of Secure Technology Alliance and YouTube)
“Mobile ID authentication provides an answer to the security vs. usability conundrum that many organizations face with authentication, especially now that users expect to use their mobile devices to connect to services without manual entry of personal information that could be compromising their security,” said Randy Vanderhoof, executive director of the Secure Technology Alliance.
“By reading this white paper, security-minded professionals across a wide range of industries will understand the benefits and challenges of mobile ID authentication, and get several recommendations on the best practices for implementation.”
The white paper provides:
- An overview of, and market drivers for mobile ID authentication
- An exploration of use cases that rely on secure user credentials stored on a mobile device, including for mobile device access, payments, access control, government issued citizen credentials, and online banking
- Best practices for authenticated ID credential protection on mobile devices, including using hardware secure elements (SEs), trusted execution environments (TEE) and NFC-based Host Card Emulation (HCE)
- Perspectives on how emerging technologies and standards are addressing the growing need for mobile ID authentication, including FIDO Authentication, W3C Web Crypto API, 3D Secure Protocol and Client TLS Certificates
Participants involved in the development of this white paper included: Capgemini; CH2M; CPI Card Group; Discover Financial Services; First Data; FIS; HID Global; ID Technology Partners; Intercede; IQ Devices; JPMorgan Chase; Oberthur Technologies; Paygility Advisors; SHAZAM; TSYS; Vantiv; Verifone; and Wells Fargo.
The Secure Technology Alliance, is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT).
The Secure Technology Alliance invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America.