Campus ID News
Card, mobile credential, payment and security

The Mobile ID Experiment

Policy, technology, and business cases remain hypothetical

Zack Martin   ||   Apr 16, 2012  ||   , , , ,

Be it Android, Apple, tablet or smart phone … mobile devices are everywhere, and users want to do everything on them that they do on their desktop. As the functionality increases so do the threats to the information stored on and accessed by the devices. The same dangers that plague the desktop world are exacerbated in the mobile world.

Mobile brings convenience, access and portability with a low cost of entry, but it creates a “perfect storm” of risk, explains Juan Duque, principal in the Federal Enterprise Technology Risk Services at Deloitte. “It can be the same risk you see in the non-mobile environment but it can go even deeper,” he says. “The risk universe is expanded.” some aspect of near field communication for identity. The U.S. government is looking at how the communications protocol can be used in connection with PIV and PIV-I credentials, and the enterprise sees it as a solution for converged physical and logical access control.

The challenges with mobile devices and identity are numerous, and after years of discussion, industry finds itself in the midst of a great experiment. Significant issues surround the policies that govern these devices and credentials. Existing policy needs to be changed or created from scratch to deal with challenges the mobile devices presents to an enterprise.

On the technology side many feel it is a foregone conclusion that the mobile will use some aspect of near field communication for identity. The U.S. government is looking at how the communications protocol can be used in connection with PIV and PIV-I credentials, and the enterprise sees it as a solution for converged physical and logical access control.

Solve the ‘where’ before the ‘why’

One of the core issues with credentials on the mobile is where to store it on the device and who controls that area. For followers of near field communication, these issues will sound very familiar.

“Who controls the secure element? Who owns the secure element? What form does it come in?” asks Terry Gold, vice president of U.S. sales at idonDemand.

These questions have plagued the NFC market and delayed adoption as ecosystem players have struggled for control. On the payment and marketing side, there has been some compromise with carriers, financial institutions and handset manufacturers partnering to rollout initial services.

But on the identity and credentialing side it’s not yet clear how this will work and who will control and profit from mobile identity. “You have this big battle shaping up,” Gold says. “If you have a secure element who is going to own and control it? It is not really owned by the end user. Even though he decides what apps and identity elements go on his handset, it’s someone else who provides the security.”

Eventually the secure element will have to be owned by the end user and access granted to any application he sees fit, Gold says.

Secure element options

There are three options for storing identity credentials on a mobile device’s secure element. One would place it on the SIM, a smart card in the handset that is used for identification to the mobile network. This choice is handset agnostic and the mobile operators–such as AT&T, Sprint, Verizon, T-Mobile–control the SIM.

Placing the credential on a microSD card that is inserted into the phone is another option. Many smart phones–Android, Blackberry but not the iPhone–have microSD slots and the credentials could be removed and placed in other handsets if an individual switched devices. In this case the issuer of the microSD card would be its likely owner.

The final option is embedding the secure element into the handset. The handset manufacturer would own this space, and many are already adding this capability to devices. Notably, RIM is going this route with its Blackberry handsets.

To further cloud the issue, it’s also possible that handsets could have more than one secure element, or even all three types, with different owners for each. “Everyone wants control of the secure element in NFC,” Gold says. “On the identity side it gets difficult. If someone else owns that secure element how are you going to put an identity credential on it?”

Will the secure element owner charge a fee to put a credential on the device? Will companies or organizations be willing to pay? Questions abound.
The handset as access control card

HID Global has seen these issues arise and is designing a solution that will work in any environment and can manage the credential wherever it is stored, says Karl Weintz, vice president of business development for the mobile access business at HID.

A pilot in the fall of 2011 at Arizona State University had HID Global showing how its solution can work with different handsets. The 32 participants were outfitted with one of three devices: RIM’s BlackBerry Bold 9650, Samsung’s Android (multiple models) or Apple’s iPhone 4G.

The pilot relied on microSD cards and sleeves for the NFC functionality because handsets that include NFC in the U.S. are not widely available. Three separate carriers–AT&T, Verizon and T-Mobile–were used for mobile services and the credentials were manually loaded on to the handsets.

HID’s solution will be handset and carrier agnostic. Because of the small size of the pilot and the control the school and vendors exerted over the pilot it was able to avoid some of the issues that may crop up during a full-scale rollout of placing the credential on the device.

That said the program was still successful. Approximately 80% of the ASU participants reported that using a smart phone to unlock a door is just as convenient as using their campus ID card. Nearly 90% said they would like to use their smart phone to open all doors on campus.

And, while the pilot was focused on physical access, nearly all participants also expressed an interest in using their smart phone for other campus applications including access to the student recreation center, as well as transit fare payment and meal, ticket and merchandise purchases.

HID also has a partnership with ISIS–the consortium of AT&T, Verizon and T-Mobile that will rollout NFC in 2012. This project will place the credential on the SIM, Weintz explains.

Expand focus

Having the choice to add applications and functionality to a device is important and may be critical in successful deployments of NFC. Neville Pattinson, vice president for Government Affairs, Standards and Business Development at Gemalto, says the mobile is going to impact three markets – payments, transit and identity – and it should be up to the device owner as to which applications they choose.

Subscribe to our weekly newsletter


Feb 07, 23 / ,

Drake University maximizing off-campus program with Grubhub

Drake University’s fledgling off-campus program started in October of 2020, and it quickly became evident that mobile ordering would be a valuable addition. Grubhub joined the Drake CampusCash program just one short year later in October of 2021, and the partnership has provided Drake students with a wider variety of off-campus dining options than ever before.
Feb 03, 23 /

Brown campus mailroom adds visual queue

Brown University has added a new visual queue in its campus mailroom that displays the order in which students will be called to pick up their packages. The system is underpinned by the student ID card and a kiosk system in the mailroom.
Feb 02, 23 / ,

East Carolina adds robot delivery with Grubhub, Starship

East Carolina University has joined the growing list of institutions to deploy robot delivery, partnering with Grubhub and Starship Technologies to provide the service. All students, faculty and staff at East Carolina University are able to leverage robot delivery from main campus dining locations.
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

As supply chain issues in 2021 persist, identity solutions provider @ColorID discusses ways campuses can to overcome potentially troublesome delays until the situation eases.

A dining services push at the @UBuffalo is reinforcing the utility of self-service checkout. @CBORD is improving the food service experience using the GET app, as well as Nextep kiosks and Oracle’s Micros Simphony POS.

Did you miss our recent webinar? No worries - watch it on-demand. Leaders from @NAU and the @UAlberta joined Ryan Audus, Touchnet, and Andrew Hudson, @CR80News, to discuss innovative mobile services and the future of mobile tech in higher ed. Watch now:

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.