SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

Asia Pacific can start deploying mobile ID effortlessly if we learn from Europe

By Sara Barker
Mon 30 Oct 2017
FYI, this story is more than a year old

With Asia Pacific (APAC) having the highest smartphone penetration levels and multiple Smart Nation initiatives underway in the region, APAC governments are looking for innovative ways to tap onto the mobile movement for their digital identity platforms. Amongst all, Australia and Singapore have developed their own versions of a digital identity program - Govpass and SingPass. But neither has yet to truly leverage mobile technology.

Some European countries, on the other hand, have found success implementing their mobile ID systems a long time ago.

By taking a leaf out of the European mobile ID book, APAC countries can stand to benefit by incorporating some learnings for our own mobile ID developments.

Hard token or soft token?

Before any plan for a mobile ID scheme is conceived, it is crucial for the governments and all parties involved to decide if they will deploy hardware or software tokens, also known as hard or soft tokens.

Hardware tokens – typically in the form of a SIM or an eSIM card, deliver superior security. There are several reasons. The Finnish mobile ID program is an example that used SIM-based hardware tokens.

Firstly, the security-related operations are done in the SIM cards – a tamper-resistant environment, making it virtually impossible for hackers to break into with either brute force or software. Secondly, the hard tokens are encrypted and protected before any data leaves the token, rendering information theft extremely difficult.

In a scenario where a software token, such as a one-time password (OTP), is used, the digital certificate or OTP application will be stored in the device itself. This makes it less difficult for hackers to access the device and extract that piece of information.

Software tokens can be implemented more easily than hard tokens on a larger scale, as users only need to download an application that allows them to receive the OTPs. Hard tokens, on the other hand, require that the users purchase or upgrade the SIM cards to those that are compatible with the mobile ID scheme.

The challenge remains for APAC governments to weigh the merits of both options and make an informed and deliberate decision.

In all mobile ID schemes, authentication of the digital identities is an imperative step towards better security. Therefore, all mobile and electronic ID implementations are encouraged to be compliant with the Digital Identity Guidelines released by the National Institute of Standards and Technology (NIST). The guidelines set parameters for electronic authentication and crystalized four levels of identity assurance.  

Industry collaboration benefits everyone

So, what is there to learn from our European counterparts? Let us look at Finland as an example.

Launched in 2011, the Finnish mobile ID replaced the electronic identity (eID) card program and reaped immense success, as the key players - government, mobile operators, technology vendors, and citizens - understood the importance of digital identity comparatively early and worked collaboratively to drive the implementation.  

By the time the mobile ID was launched, Finland had been an advanced mobile market and its three main mobile operators had all launched 4G/LTE networks and corresponding services, priming the market for the next mobile leap.

The three leading mobile operators in Finland also had a communal platform that allowed users to be authenticated irrespective of the network operator they subscribed to. This way, the Finnish operators formed a “circle of trust” – an agreement that allowed digital identities to effectively “roam” on each other’s network. From there, the MNOs were incentivized to create value-added services on top of the mobile ID, enabling new business models and revenue streams.

Based on Finland’s experience, APAC governments and mobile network operators can look to receive significant ROI through implementing mobile ID schemes. However, the project needs to be initiated and spearheaded by the APAC governments, who should provide clear directions, reinforce collaboration, and dispense legal clarifications for the implementation.

Make it easy to sign up and use (even for the elderly)

The European governments adopted a customer-centric approach when designing the mobile ID system, and started with simplifying the registration process. In Finland, citizens could walk into any mobile operator store, sign up for a new SIM and mobile ID service contract, and register their digital identity on the spot. Authentication is then done using the citizen’s phone number and an issued PIN.

In many developing APAC countries, some citizens – especially the youngsters and elderly - might not have a bank account or a passport, but they are more likely to have a smartphone, preparing the ground for a full-fledged mobile ID scheme. To encourage the number of citizen sign-ups, governments can tap onto the extensive networks of small local retailers in the region to effectively reach out to the citizens staying in both urban and rural areas.

In addition, mobile IDs have great potential to serve the elderly, addressing the growing needs from APAC’s aging population. Once the system is in place, the elderly can benefit from a high level of connectedness to essential government services at their fingertips, such as booking an urgent doctor appointment, updating personal, and checking their taxes if they are still working.

That said, given that this group is usually not tech-savvy, governments need to do two things - simplify the sign-up process, and provide a straight-forward, intuitive interface for the mobile applications. This will allow the elderly to join the mobile movement easily.

2027 and beyond

To ensure widespread success, mobile ID services will depend on collaboration between the governments, the telecom operators, and the technology vendors who can secure the mobile identities.

The key success factor is the role of the governments, which is to build and provide infrastructure on which new technological applications can be conceived and thrive. The governments should also proactively adopt a farsighted approach so as to create inroads for new applications like mobile ID. In APAC, it is time for the technologically countries to start strengthening their infrastructure and building a trusted framework for a full-fledged mobile ID scheme.

As all parties begin to work together towards a mobile ID system, it is also crucial to keep in mind that security should remain a primary consideration throughout the project.  

Article by Jimmy Ang, marketing director for Government Programs APAC, Gemalto.

Related stories
Top stories
Story image
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Trojan cyber attacks hitting SMBs harder than ever - Kaspersky
In 2022 the number of Trojan-PSW detections increased by almost a quarter compared to the same period in 2021 to reach 4,003,323.
Story image
New Relic
New Relic launches vulnerability management platform
New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.
Story image
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
Remote Working
Successful digital transformation in the hybrid work era is about embracing shifting goalposts
As organisations embraced remote working, many discovered they lacked the infrastructure needed to support history’s first global load test of remote work capabilities.
Story image
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
CyberArk launches $30M investment fund to advance security
CyberArk has announced the launch of CyberArk Ventures, a $30 million global investment fund dedicated to advancing the next generation of security disruptors.
Story image
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Data backup plans inadequate, data still at risk - study
The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
Story image
Artificial Intelligence
ForgeRock releases Autonomous Access solution powered by AI
ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.
Story image
Digital Transformation
Physical security systems guide the hybrid workplace to new heights
Organisations are reviewing how data gathered from their physical security systems can optimise, protect and enhance their business operations in unique ways.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Video: 10 Minute IT Jams - An update from IronNet
Michael Ehrlich joins us today to discuss the history of IronNet and the crucial role the company plays in the cyber defence space.
Story image
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Story image
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Find out how you and your business can prevent being caught out by everything from ransomware to cryptojacking.
Link image
Story image
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Ivanti and Lookout bring zero trust security to hybrid work
Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Story image
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Ransomware hits 65% of organisations in Singapore
Next-generation cybersecurity firm Sophos has released its annual survey and review of real-world ransomware experiences in the State of Ransomware 2022.
Story image
ThoughtLab reveals 10 best practices for cybersecurity in 2022
The benchmarking study reveals best practices that can reduce the probability of a material breach and the time it takes to find and respond to those that happen.
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
NT selects Radware to improve telecom cyber defenses
National Telecom Public Company (NT) has chosen Radware to strengthen the cyber defences of its international telecommunications infrastructure.