top of page

COVID-19: Importance of secure identity solutions

Man with mask showing Scytáles mID

The new coronavirus has raised several concerns about safety and health issues throughout the entire world. We need to adopt new mechanisms to prevent viruses from spreading, not only COVID-19, and to ensure our families' well-being.

COVID-19 has changed how we interact and how we move. Governments are discussing the implementation of Immunity Passports or Risk-Free Certificates for immune-tested individuals, enabling them to travel or to return to work (although there are still some questions from the World Health Organization).

We at Scytáles strongly believe that the technology we create will help protect all of us, most essentially our Healthcare and Frontline workers, from contracting and spreading infection at the same time as interactions and authentications are efficient and secure. The truth is, COVID-19 made us look into how we handle our ID differently. We still have to travel. We still have to show if we have a valid driving licence. We still have to prove who we are to retrieve our parcels from the post offices. We still have to confirm if we are of legal age to purchase a drink.

If only last year Mobile Identification was seen as a perk, today it is a necessity

With a Mobile Identity, you don't have to pass your ID card to anyone. Everything is done safely and securely on your phone by yourself and confirmed on a Validator device via Bluetooth, NFC or Wifi Aware. No-fuss, no muss.

Can I use my mobile identity at home? Or is it only usable in person?

You can use your mDL/mID whenever and however you want, as long as it is ISO 18013-5 compliant. This ISO defines both ways to identify yourself, attended or unattended. This means that you can be safely and comfortably at home and use your mDL/mID to, for instance, open a bank account.

What devices and platforms accept an mDL and can be a Validator? Can I verify it on Windows or integrate it into my POS device?

The ISO 18013-5 is device agnostic provided the Validator device has either an Internet connection (online retrieval) or available hardware to communicate with the mDL device (a camera for scanning QR codes, Bluetooth, NFC to tap, or WiFi Aware for offline transmission. Scytáles has an ISO-compliant Validator Toolkit for building validators on iOS, Windows, and Android platforms. Since some of these are in Java, additional platforms or custom purpose devices are easily supported.

Does the mDL solution employ data encryption?

All communications to central systems are performed securely over TLS and user data stored in the mobile device is encrypted, protected by a PIN code or biometric unlock, and stored in secure encrypted database mechanisms using device keys. Local communications during verification are also strongly encrypted, based on the key agreement mechanisms of ISO 18013-5 that uses session-generated keys. To further protect the data integrity, the mDL solution uses strong digital signatures based on the Trust List models of the ISO 18013-5. Validators also select trustworthy public key certificates to validate the integrity and genuine origin of mDL data, which deters and prevents tampering with mDL data.

Does the mDL application require a secure login on the mobile device?

To be able to access the Scytáles mDL/mID app, the user can either enter a PIN code or use biometric features to unlock, like fingerprints or facial recognition. A secure login helps protect data and the mDL itself from unauthorized usage. Even with a borrowed PIN, the ISO 18013-5 determines identity verification by the Validator at the time of usage through validation of the portrait image and comparison to the Holder.

Additionally, when a user first downloads the Scytáles mDL/mID app, they are asked to provide additional personally identifiable information and biometric matching to confirm their identity before populating the app with the user data. Operator supervised provisioning is also supported for in-office registration. By ensuring the mDL is provisioned to the correct person, and that only that same person can unlock the mDL for further usage, privacy and security can be preserved.


For other questions about Mobile Identity, please make sure you check our latest post and Q&A or contact us.

Subscribe to our newsletter so you don’t miss out on any new updates and news, and keep track of the new ISO 18013-5 developments by following our profile on LinkedIn.


Commenting has been turned off.
bottom of page