HID weighs in the glacial move towards digital ID

Most office workers would be familiar with HID, the company that supplies facility access cards and systems to organisations around the world. But these days, it has gone beyond its traditional stronghold, extending its reach into biometric systems and digital ID management.

“HID is traditionally a door lock and physical access control business,” said Allan Malcolm, regional director for citizen identity solutions at HID in East Asia and Australasia. “We’ve been trying to shed that reputation.”

Going by HID’s track record in nabbing well-known names such as Marriott as customers, it appears to be headed in the right direction. At Marriott, guests can check in remotely and use their HID-powered mobile key cards in the Marriott mobile app to enter their rooms without the need to pick up physical access cards at the front desk.

Describing the adoption of Marriott’s mobile app as remarkable, more than what HID had imagined at first, Malcolm said the hotel’s guests use the app when it is convenient – to request for services and amenities, for example.

HID’s engagement with Marriott, Malcolm said, has been to provide a secure deployment model for mobile key cards, where user credentials are digitally signed by the hotel or other issuing authorities.

“The credentials are passed to us encrypted by them and we make sure that they are securely deployed to the smartphone that it is targeted for, so it passes transparently through our system,” he added.

HID is now pitching similar offerings to governments undertaking digital ID initiatives, but Malcolm stressed that it will only provide tools to build and deploy digital ID applications on a gamut of mobile devices, while governments remain as custodians of their data.

“It doesn’t matter where they are – we have no ability to look at, control or manage that data,” he said.

Asked about the safeguards that are in place to prevent identity theft, Malcolm said HID does not leave databases on the edge of network, so the data is never exposed. It also uses encryption to keep the data safe from prying eyes.

“We do not use a secure access module on the device because that’s too limiting in terms of handset compatibility,” Malcolm added. “We want to be able to ensure that the technology works with the majority of mainstream smartphones.”

Although there is a “desire to move towards digital credentials held in cyber space or physically on a device such as a smartphone”, Malcolm said that evolution has not moved as quickly as one might perceive.

“There are still concerns over data integrity, security and privacy, but the convenience of the technology normally outweighs the risks, which are often overstated,” he added.

Noting that the EMV chips on credit and ATM cards are not known to have not been compromised, Malcolm said people are far more worried about phishing attacks and identity theft rather than the integrity of EMV chips.

“In general, most people are quite comfortable with digital credentials,” he said. “If we look at the e-payments space – Google Pay, Apple Pay, they’re still babies. They’re in their infancy, but it’s the first pass in an attempt to do this kind of thing.”