COUNTRY FOCUS
Using a hardened
software based
credential allows
HID Global to
benefit from the
many built in
security features
of a mobile
phone operating
system
on the Seos secure messaging protocol
to secure over-the-air communication,
independent of the transport technology
whether NFC or Bluetooth Smart.
Every Seos transaction is unique and
cannot be cloned, recorded or replayed.
Seos is also resistant to man-in-themiddle attacks, reflection attacks, replay
attacks, message deletion, message
reordering, message modification,
message concatenation and message
insertion. Seos protocol supports strong
privacy, meaning that it is not possible
to track the identity of a device.
is no common hardware security
supported across all mobile platforms.
This means the digital keys in the
mobile phone are independent of any
partner system from MNOs and OEMs.
Using a hardened software based
credential allows HID Global to
benefit from the many built in security
features of a mobile phone operating
system. This allows applications
to store information and operate
securely. In addition to this, mobile
IDs are stored as Secure Identity
Objects, which are encrypted and
signed using NIST Suite B approved
cryptography, making it impossible
for a hacker to create or modify the
content of a mobile ID.
www.intelligentcio.com
Mobile IDs based on HID goID are tied
to the device through a diversifier and
device specific cryptographic keys and
there are no master keys. This means
a citizen’s mobile ID will not work on
another device. The application itself
includes binary protection including root
detection and anti-hacking techniques
for reverse engineering, tampering,
unauthorised access, code injection and
security by obscurity.
Seos technology does not depend on the
security of the transport technology. It
is standards based and includes secure
messaging, strong authentication
and data confidentiality. With HID
goID, transactions between citizens’
smartphones and verifying readers rely
The issuing infrastructure processes
incoming mobile ID payload securely
issuing and protecting the citizen
specific data using device independent
diversified keys that are managed and
generated within Hardware Security
Modules. Citizen specific payload is
securely wrapped and sent to the
citizen’s smartphone using different
transport channels. The issuing
infrastructure also manages all keys
including the issuance to verifying
devices, ultimately allowing them to
become trusted endpoints.
Widespread adoption of mobile IDs
requires interoperability between issuing
authorities across agencies, borders and
geographies, worldwide.
INTELLIGENTCIO
39