Using smartphones for ID authentication
People are more likely to leave their ID badge in the jacket they wore yesterday than they are to forget their cell phone. So why not use the phone itself as an authenticating device?
Many companies and some government entities are beginning to do just that.
The Iowa Department of Transportation, for example, announced in December 2014 that it was about to release a driver's license app for smartphones. Initially, the digital license would only be an alternative to the paper temporary licenses issued by the department. But according to Mark Lowe, director of the state's Motor Vehicle Division, “The ultimate goal is that we get to the point where we see customers elect to use this in addition to or in lieu of the driver’s license.”
Apart making for one less document to lose, Lowe said that unlike with physical licenses, which are generally only examined visually, the owner of a digital license can also be confirmed by biometric devices on smartphones. And while a lost physical license can be used for nefarious purposes by others, digital licenses on lost smartphones can be remotely wiped clean.
In the private sector, United Airlines is using smartphone cameras to determine the authenticity of passports and the identification of travelers during the process of issuing boarding passes for international flights. The airline has deployed Jumio's Netverify Mobile, which launched last year, to offer travelers a way to avoid standing in long lines.
According to Marc Barach, chief marketing officer at the credentials management company, the user is prompted to click on a button that is marked, "Show your passport." The customer is then guided to hold up his passport open to the photo page to the camera.
"We're not taking a picture and nothing is stored on the device," explained Barach. Instead, the document is scanned and analyzed by Jumio's software. The process takes about 90 seconds. "We are able to detect with a very high degree of certainly when we see a fraudulent document," said Barach. "Also, we extract information from it – name, passport number – and put it right into the form. About 90 seconds later you're issued your international boarding pass."
A critical second step in the process, of course, is determining that the person with the document is who he claims to be. "Step two of the process is the face match," said Barach. "That is where the individual then holds up their camera to their face and in real time we scan their face and match their face with the image on the document. Then we render a score as to what extent we think it's one and the same. Clearly it can never be 100 percent. Maybe someone is a twin, or maybe someone has grown a beard."
Ultimately, of course, a human may have to judge whether a partial match is accurate or not. And at present the 90 seconds required for processing can make the technology inappropriate for some purposes, such as accessing buildings or rooms. But Barach said the company is working on improvements. "We're working to bring that time down, hopefully ultimately down to just a few seconds," he said.
Smartphones are also beginning to be used in lieu of smartcards and tokens for access to physical spaces or devices.
For example, Symantec recently introduced VIP Access for Mobile, software that turns a smartphone into a security token. (The VIP stands for "validation and ID protection.) The hosted service eliminates the need for IT staff to configure and distribute hardware tokens to users.
Smartphones serving as authentication devices can, in short, offer convenience to both system administrators and end users. But the technology promises some unexpected benefits for the latter group. Just as consumers are already receiving boarding passes on their smartphones, soon they can be receiving digital keys to their hotel rooms, eliminating the need to wait in a line at the front desk.
Best of all for many of us who are short-term-memory challenged, once smartphone authentication is supported by the other devices we use, including our computers, we will be relieved of the need to remember and to change complex passwords.
Posted by Patrick Marshall on Feb 24, 2015 at 12:12 PM