From eID to Mobile ID
The delivery of successful and secure digital identity is fundamental to the modernisation of states and the dematerialisation of public services. It is also critical to support the digital transformation of their economies and the development of trusted public and private digital services.
Governments are ideally placed to deliver this foundation for our digital future.
Whether they are seeking to protect citizens online, boost economic growth, achieve greater efficiency or reduce the spiralling cost of public services, what is certain is that any national digital identity platform must be based on a backbone of Trust.
One of Thales' greatest assets is the ability to extend smartcard-based national eID and digital identity schemes to mobile.
Gemalto Mobile ID Smart App is a cutting-edge application that enables governments to offer strong authentication and identity validation services to their citizens by transforming the device in all our pockets into a mobile TRUSTED digital ID built on the highest level of Common Criteria certification for software security ever reached on the market.
The need for mobility and convenience
Accessibility is key to the success and adoption of digital services. Given the sheer volume of devices worldwide (6 billion devices to be in circulation by 2020, according to IHS market research), smartphones offer a compelling proposition for governments seeking to provide citizens with secure and convenient access to online public services.
The latest report from Juniper Research even forecasts over 3 billion citizens around the world will be equipped with a government-initiated mobile ID app by 2024
Users want a secure digital identity and frictionless mobile experience when transacting online.
They are ready for mobile identity and want to replace passwords with simple mobile-based PINs and/or biometric authentication to take full advantage of the wealth of fast and convenient digital services available.
If they knew the app was secure, 70% of online service users would want digital ID documents on their smartphone
Accelerating the shift towards mobile ID schemes
Governments around the world are capitalising on the mobile revolution. Many national mobile ID initiatives are underway, notably including Estonia, Norway, Belgium, Qatar, Oman, The Netherlands, Iceland, Finland, Moldova, etc...
Many of these initiatives are either government-driven or government-supported to serve the entire economy by providing a single trusted digital identity to protect both public and private online services.
Government-backed digital ID schemes can quickly achieve critical mass by focusing initially on public services and then expanding out to serve the broader economy. Once a scheme has a critical mass of active users, it becomes an extremely attractive proposition for the private sector, which can leverage the national digital ID scheme to secure their online channel or securely integrate new customers.
Thales' Mobile ID Smart App explained.
With Thales' Mobile ID Smart App, governments can now be confident of winning adoption by both citizens and public and private service providers via:
An inclusive solution, which works on all devices and in any situation,
that offers enhanced Common Criteria certified security and privacy features,
with a smooth end-user onboarding experience
that ensures ease of use throughout the entire authentication journey.
An inclusive solution
The app is inclusive. It works on any smartphone, anytime and anywhere to ensure governments can address all citizens and residents.
One mobile ID, many use cases
Mobile ID Smart App enables a rich, convenient and trusted online experience where citizens can prove who they are online, authenticate to websites, confirm transactions and digitally sign documents. All this can be done in a matter of seconds, while better engaging with public and private online service providers.
A single mobile ID for:
Citizens can prove who they are in an online environment, safely sign up for new online services and undertake real-time ID checks. It also helps online service providers comply with know-your-customer policies.
A mobile ID is a strong authentication tool enabling citizens to log in and validate transactions online securely.
Thanks to PKI technology, citizens can use their mobile ID to sign documents in a few clicks digitally.
This PKI-based mobile authentication solution covers all levels of security, right up to the highest (e-IDAS High, NIST Authentication Assurance Level 3, ISO LoA 4). The level of assurance is scalable and can be adapted to suit the risk and nature of the services being accessed. This enables government bodies and service providers to have a rich and adaptive security policy that can be adjusted to all situations and complies with relevant regulations. In addition to this, governments can rely on the only mobile ID on the market that reaches the highest level of Common Criteria certification in software security,
Modularity by Design
Leveraging smartphone features such as NFC, cameras and fingerprint readers, the mobile ID was designed with modularity in mind. Using the latest biometric authentication functionalities, it delivers the most enhanced and safest online self-registration and authentication experiences for citizens.
A powerful and modular backend solution
In the back end, Gemalto Mobile ID Smart App is managed by Gemalto Digital Identity Services platform, This software orchestrates and powers the entire life-cycle management of the trusted mobile identity, from user registration to verification of mobile authentication, digital signatures and connection to the certification authority and online service providers.
Enhanced User Experience
Complex enrollment and authentication processes are the last things citizens need when looking for safe and fast access to online public and private services. That's why Thales has placed both security and user convenience at the heart of its proposal, from enrollment right through to everyday usage.
A unique end-user journey
It all starts with an easy first-time registration:
A seamless onboarding experience for mobile ID is critical. People have no time for cumbersome processes, and an excellent first impression is key to widespread adoption.
Thales leverages its identification and biometric expertise to provide a more agile registration process through a wide range of identification and enrollment scenarios. This enables governments to be inclusive and offer solutions that address all user profiles as well as their pre-requisites.
Easy first-time registration
Supports multi-channel registration, including face-to-face as well as remote self-onboarding, with various scenarios to fit with each user's profile (multi-channel)
Supports remote ID proofing from both electronic and non-electronic ID documents to suit the ecosystem
Employs the latest biometric authentication features to deliver frictionless, optimised User eXperience
Enables step-up identification
Followed by a smooth everyday authentication experience
Empowered with Gemalto Mobile ID Smart App, citizens can securely authenticate and confirm any online transaction using their smartphone as their secure online national identity.
The app supports one of the widest range of authentication methods citizens can choose from, depending on their preferences and profile (PIN code, geometric patterns, fingerprint, facial biometrics, etc.).
Whenever Qualified electronic Signatures (QeS) is required, the Mobile ID Smart App can turn into an NFC document reader to communicate with contactless eID documents such as eID cards, ePassports, eDriver's licenses, etc...
A mobile ID with built-in software security and privacy principles
A unique and disruptive approach to security
We take a unique and disruptive approach to security to combat ever more sophisticated hacking techniques.
The Mobile ID solution is built on:
- Gemalto Advanced White box Crypto, our in-house and patented latest security mechanisms, which turns the keyed cryptographic algorithm into an unintelligible program and protect the keys at all time, even in an untrusted environment without fear of exposing any secret.
- Gemalto Mobile Security Core, our comprehensive in-house Mobile Application Shielding offering, for which our expertise was recognised in the latest Gartner report. It integrates all the best practices that Thales has built and implemented over the years to secure mobile applications and guarantee.
Thales' Mobile Security Core encompasses the full range of anti-tampering and hardening capabilities, such as anti-debugging, anti-hook, white-box cryptography, obfuscation, and jailbreak or root detection.
As a result, our Mobile ID Smart App can withstand the dynamic nature of malware and can defend itself in the field, detect unsecured environments and react accordingly.
To ensure it is always a step ahead of hackers in terms of security, the app benefits from regular updates with the latest security patches available on the market.
Self-protected Mobile ID Smart App enabled to:
- DEFEND through coding and cryptography
- DETECT threats through secure environment detection
- REACT to threats by halting the execution and alerting the risk-management server
Privacy in an era of digital identity
As our society becomes increasingly digital and data-dependent, digital security and privacy protection have become public policy priorities. People want to be in control of how their personal information is used and shared.
With this in mind, Thales has opted for a privacy-by-design approach. Our Mobile ID Smart App is fully compliant with the EU General Data Protection Regulation (GDPR
) and offers built-in principles that ensure:
- Data minimisation
- Data protection
- User's privacy rights management
A strong value proposition for all stakeholders
Governments using Thales' Mobile ID Smart App benefit from a field-proven mobile identity solution designed to guarantee wide adoption from both service providers and end-users.
The solution is future-proofed through Thales' commitment to delivering an app and related security that is always up to date and compatible with all handsets, the latest OS, and the most recent security patches.
End-users can enjoy a unique and simplified login experience to securely access an array of online services, eliminating password fatigue.
Multiple and remote enrollment scenarios are available to suit every user profile.
Accurate biometric recognition means fast enrollment for everyday use.
Moreover, citizens can benefit from a robust digital identity for all their online interactions, with enhanced user privacy features and protection against the risk of identity theft.
With such a user-centric approach, citizens are in total control of their digital identity and can manage it, along with their data through an intuitive self-care portal.
Public & Private eService Providers
Online service providers benefit from the robust security provided by the mobile ID national scheme without having to bear the cost of it.
They can adjust the level of authentication required (e-IDAS Substantial or e-IDAS High) to suit the nature of their services and can offer an improved online experience to their customers. This, in turn, will positively impact the volume of transactions.
We enable digital transformation through Trusted mobile ID solutions
Thales has unrivalled experience in identity and document verification, authentication, digital signatures, biometrics, mobile device, and software security. We integrate all the technologies needed to capture and verify user identities and digitalise them securely seamlessly.
As a result, governments can rely on us to provide trusted mobile identity schemes that will accelerate their digitalisation strategies, enable them to launch new online public services, fight fraud and meet regulations.
A trusted partner for your Trusted Digital Identity projects:
- Mastering the full chain of Trust throughout the entire mobile ID credential life cycle (from identification and enrollment through to revocation)
- Reaching new software security landmarks: Gemalto Mobile ID just passed the highest Common Criteria Software Security certification Level in history. Governments selecting Thales for their schemes have the assurance to provide their citizens with market first and best-in-class certified mobile ID software security to protect them against ID thief.
- Field-proven technology trusted around the world in more than 20 mobile identity and online federated identity platform references.
- A mobile identity designed to win adoption: Our solutions are tailored to accelerate the digital transformation of a country by meeting your individual needs, your local needs, and those of your citizens and online service providers.
- Richest multi-channel registration scenarios: When onboarding to the Mobile ID Smart App, Thales has a truly differentiated offering in identity verification. It sets us apart from the competition in terms of security, flexibility, resilience and service availability.
- Expertise in biometrics: We have the technology to verify that a person is who they claim to be! Building on the acquisition of Cogent 3M, Thales benefits from 27 years of biometric technology expertise. We offer world-class biometric algorithm accuracy, ranking amongst the top biometric experts according to the latest NIST benchmarks (US National Institute of Standards and Technologies).
- Future-proof solution: By choosing Thales for your mobile ID scheme, you are choosing a provider that is already working on tomorrow’s technologies. The mobile environment is ever-changing, with new smartphones entering the market every year and regular OS updates. Governments deploying a national mobile ID scheme need to be able to trust their mobile ID app to work at all times, on all devices throughout the years ahead. Thales, with deep expertise in telecommunication and software security, commit to delivering a continuously updated app and security scheme through an active policy to maintain mobile ID compatibility with your market’s needs.
- Consulting services: With a track record of deployed mobile identity schemes in various environments and eco-systems, no company is better placed to share the expertise and best practices that your project could benefit from. Ultimately, there is no 'one size fits all' solution; identity is very much tied to a country's cultural characteristics and regulatory framework. Through consulting services, Thales can help define a successful digital ID scheme that will best reflect these local factors too.
- Industry Recognition:
Phil Sealy, Senior Analyst at ABI Research: “Thales continues to innovate at the forefront of the digital identity market, in line with future market trends. The company is placing emphasis on eGovernment enablement regardless of the device used by citizens – computers, smartphones, tablets and more.”
Frost & Sullivan recognised Thales with a 2018 Global Company of the Year Awards for its comprehensive mobile security suite to support the secure transition to digital-first interactions, delivering identity verification, user authentication, transaction verification, and fraud prevention to create a seamless user experience, regardless of device.
Danielle VanZandt, Security Industry Analyst at Frost & Sullivan: “The company houses digital identity solutions, which include enhanced driving license (eDL), ePassport, and electronic vehicle registration card (eVRC), on an application on the user's smartphone—protected by a PIN or fingerprint scan. Importantly, if an end user's smartphone is lost or stolen, eIDs and eDLs can be remotely removed and installed on a new device."
Thales recognised by Gartner as a critical provider of application security shielding through its Software Mobile Security Core, which secures Gemalto Mobile ID solutions.
Frost & Sullivan recognised Thales with a 2019 Global Company of the Year Awards
for its innovative Mobile ID and Digital ID Wallet solutions which offer advanced features, certified security and strong overall performance