Many European countries have e-ID programs in place, are there any pilots in place to move away from smart cards and put these credentials on mobile devices?
What are some of the obstacles around placing credentials on the mobile and being able to use them for secure online identity?
This is an interesting query as it raises the issue of trust for mobile as a platform. As we move towards a future of increasing reliance on our mobile devices (with NFC payments replacing our credit cards, to give just one example), are we prepared to entrust our entire identities to a phone?
In fact, there are not just pilots, but already a number of commercial deployments and government programs using mobile ID (m-ID). Countries such as Finland, Moldova and Oman are have already deployed, or are in the process of deploying, an m-ID infrastructure.
Securing m-ID is all about ensuring that the mobile device is connected wirelessly to the same Public-Key Infrastructure (PKI) as an e-ID card. To maintain the same security level as a smart card you must ensure that the information is placed on a PKI SIM card. Thankfully, all NFC-enabled SIMs are also PKI SIMs, meaning anyone with an NFC-enabled handset can safely carry their ID on their phone with the same level of security as if it were on a smart card.
So, Zack, in answer to your question, there are some obstacles involved in m-ID adoption, but the advancement and adoption of NFC technology is breaking down these barriers. For this reason, we expect to see many more deployments of m-ID over the coming years as our mobile devices continue to play an ever greater role in our everyday lives.