Campus ID News
Card, mobile credential, payment and security

The Mobile ID Experiment

Policy, technology, and business cases remain hypothetical

Zack Martin   ||   Apr 16, 2012  ||   , , , ,

Be it Android, Apple, tablet or smart phone … mobile devices are everywhere, and users want to do everything on them that they do on their desktop. As the functionality increases so do the threats to the information stored on and accessed by the devices. The same dangers that plague the desktop world are exacerbated in the mobile world.

Mobile brings convenience, access and portability with a low cost of entry, but it creates a “perfect storm” of risk, explains Juan Duque, principal in the Federal Enterprise Technology Risk Services at Deloitte. “It can be the same risk you see in the non-mobile environment but it can go even deeper,” he says. “The risk universe is expanded.” some aspect of near field communication for identity. The U.S. government is looking at how the communications protocol can be used in connection with PIV and PIV-I credentials, and the enterprise sees it as a solution for converged physical and logical access control.

The challenges with mobile devices and identity are numerous, and after years of discussion, industry finds itself in the midst of a great experiment. Significant issues surround the policies that govern these devices and credentials. Existing policy needs to be changed or created from scratch to deal with challenges the mobile devices presents to an enterprise.

On the technology side many feel it is a foregone conclusion that the mobile will use some aspect of near field communication for identity. The U.S. government is looking at how the communications protocol can be used in connection with PIV and PIV-I credentials, and the enterprise sees it as a solution for converged physical and logical access control.

Solve the ‘where’ before the ‘why’

One of the core issues with credentials on the mobile is where to store it on the device and who controls that area. For followers of near field communication, these issues will sound very familiar.

“Who controls the secure element? Who owns the secure element? What form does it come in?” asks Terry Gold, vice president of U.S. sales at idonDemand.

These questions have plagued the NFC market and delayed adoption as ecosystem players have struggled for control. On the payment and marketing side, there has been some compromise with carriers, financial institutions and handset manufacturers partnering to rollout initial services.

But on the identity and credentialing side it’s not yet clear how this will work and who will control and profit from mobile identity. “You have this big battle shaping up,” Gold says. “If you have a secure element who is going to own and control it? It is not really owned by the end user. Even though he decides what apps and identity elements go on his handset, it’s someone else who provides the security.”

Eventually the secure element will have to be owned by the end user and access granted to any application he sees fit, Gold says.

Secure element options

There are three options for storing identity credentials on a mobile device’s secure element. One would place it on the SIM, a smart card in the handset that is used for identification to the mobile network. This choice is handset agnostic and the mobile operators–such as AT&T, Sprint, Verizon, T-Mobile–control the SIM.

Placing the credential on a microSD card that is inserted into the phone is another option. Many smart phones–Android, Blackberry but not the iPhone–have microSD slots and the credentials could be removed and placed in other handsets if an individual switched devices. In this case the issuer of the microSD card would be its likely owner.

The final option is embedding the secure element into the handset. The handset manufacturer would own this space, and many are already adding this capability to devices. Notably, RIM is going this route with its Blackberry handsets.

To further cloud the issue, it’s also possible that handsets could have more than one secure element, or even all three types, with different owners for each. “Everyone wants control of the secure element in NFC,” Gold says. “On the identity side it gets difficult. If someone else owns that secure element how are you going to put an identity credential on it?”

Will the secure element owner charge a fee to put a credential on the device? Will companies or organizations be willing to pay? Questions abound.
The handset as access control card

HID Global has seen these issues arise and is designing a solution that will work in any environment and can manage the credential wherever it is stored, says Karl Weintz, vice president of business development for the mobile access business at HID.

A pilot in the fall of 2011 at Arizona State University had HID Global showing how its solution can work with different handsets. The 32 participants were outfitted with one of three devices: RIM’s BlackBerry Bold 9650, Samsung’s Android (multiple models) or Apple’s iPhone 4G.

The pilot relied on microSD cards and sleeves for the NFC functionality because handsets that include NFC in the U.S. are not widely available. Three separate carriers–AT&T, Verizon and T-Mobile–were used for mobile services and the credentials were manually loaded on to the handsets.

HID’s solution will be handset and carrier agnostic. Because of the small size of the pilot and the control the school and vendors exerted over the pilot it was able to avoid some of the issues that may crop up during a full-scale rollout of placing the credential on the device.

That said the program was still successful. Approximately 80% of the ASU participants reported that using a smart phone to unlock a door is just as convenient as using their campus ID card. Nearly 90% said they would like to use their smart phone to open all doors on campus.

And, while the pilot was focused on physical access, nearly all participants also expressed an interest in using their smart phone for other campus applications including access to the student recreation center, as well as transit fare payment and meal, ticket and merchandise purchases.

HID also has a partnership with ISIS–the consortium of AT&T, Verizon and T-Mobile that will rollout NFC in 2012. This project will place the credential on the SIM, Weintz explains.

Expand focus

Having the choice to add applications and functionality to a device is important and may be critical in successful deployments of NFC. Neville Pattinson, vice president for Government Affairs, Standards and Business Development at Gemalto, says the mobile is going to impact three markets – payments, transit and identity – and it should be up to the device owner as to which applications they choose.

Subscribe to our weekly newsletter


Sheridan College onecard banner
Sep 21, 23 / ,

Interview: Sheridan College onecard manager details hugely successful mobile credential rollout

At the start of the fall term in 2022, the Sheridan College onecard office rolled out its new Mobile onecard. The Canadian institution serves 27,000 students across its three campuses in Ontario, so launching a project of this magnitude required careful planning and a well-orchestrated marketing effort to ensure success. CampusIDNews spoke with Aesha Brown, […]
University of Minnesota Twin Cities mascot
Sep 21, 23 /

Treasure hunt sends students in search of mascot’s lost campus card

At the University of Minnesota Twin Cities, the mission is to find Goldy’s U Card. On each of the institution’s three campuses, one of the mascot’s U Cards is hidden. Each undergraduate student that finds a card will receive a $100 reward. Finding the cards will not be easy. To help in the hunt, three […]
UX Tech event logo
Sep 19, 23 / ,

ColorID’s UX Tech event explores campus ID impact on user experience

We all want great user experiences for our cardholders and our system administrators, and advancements in technology are making this more possible than ever before. New credential and reader technologies are transforming the campus ID and with it the campus. The event is hosted and sponsored by UC Irvine, and will take place at the […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.