Infineon held a rent-a-car demo at the recent MWC and told us that evolving the Asian use of smart token for e-Gov services towards mobile ID would be particularly appealing.
Infineon Technologies AG demonstrated a mobile ID solution use-case scenario at the recently concluded Mobile World Congress, Barcelona. The company showed an app that could be used by car rental companies to quickly and easily confirm a hiring user's identity using a driver's license, assign a car and open it using a smartphone. The concept, said the company, can be used for a variety of services that require authentication, including voting.
During the demo, Infineon showed an app concept that allows a user to select a service among several; in this case, car rental. A two-factor authentication process was triggered. First, you needed a driver's license—the kind with an embedded security chip—that could communicate via NFC with the smartphone. The second step was to trigger and pass an appropriate biometric authentication. There was an option to input a pin number but a face-based authentication was clearly more interesting. Using an Android device, the company captured the user's face and showed how it would be compared against the data on record.
Figure 1: The mobile ID demo at the Infineon booth. A two-factor authentication is used to reserve a car for rent.
The process continued using an embedded secure element to communicate with a remote ID server to check if the driver's license used was valid for driving in the country. With that hurdle cleared, a car rental service could then offer a choice of cars and re-check with the e-ID server if you indeed had the right to drive before letting you electronically unlock a car.
In a press release, Ioannis Kabitoglou, Head of Smart Card Solutions at Infineon, stated that "the mobile ID protects the identity of citizens and consumers in the connected world and increases security as well as reliability of online services."
Figure 2: Mobile ID will appeal to the time-starved Asian, according to Ng Meng Hui, the Marketing Head APAC, Chip Card & Security at Infineon. Ng is responsible for payment, government identification, transport and ticketing application areas.
“The car rental service example demonstrates the extent of security covering mobile identification, authentication and authorisation," Ng Meng Hui, Marketing Head APAC, Chip Card & Security, told EE Times Asia. "In Asia, implementations using smart token, for example in Singapore and Hong Kong for e-Gov services, already exist. Due to wide coverage and high penetration of smartphones, our view is mobile ID will appeal to the time-starved Asian, offering no compromise to security for convenience in transactions where a person’s physical presence and ID card are required, for example, in e-banking and e-prescription,” he added.
The company claimed that almost every fourth eID document in the world has an embedded chip from Infineon. The same security functions can now be transferred to mobile devices. The chip provides a foundation for other security programs to build on. It enables secure storage — isolated from the system software — of the user's personal information, such as banking or biometric data and other sensitive information, including cryptographic keys and security certificates. Infineon added that chip-based solutions prevent reading of large amounts of customer data unlike software-based solutions like host card emulation and cloud-based processes.
Last month, Infineon was selected by HID Global, a company offering identity products, to supply the chips for their polycarbonate inlay for e-ID cards. At the Mobile World Congress, Infineon also announced their partnership with Eluminocity to develop smart streetlights, another application that would need protection against unauthorised access from the cloud down to the device level.