Knock, knock who’s there? – the relevance of secure identity


Anyone can be assigned an identity. But for an identity to hold real value it needs to be trusted to be secure.

In electronic access control, the identity of those who are authorized to enter a facility is established in a secure cardholder database as a unique identification code and often encrypted. Identity-specific access credentials, usually in the form of cards, are then assigned and securely issued to authorized users of the access control system. When presented to an access card reader, the identity of the cardholder is authenticated and access is granted.

At HID Global, our corporate strategy centers around solutions for the delivery of secure identity. The entire process of delivering secure identity, from initiation to issuance to usage must be trusted. This process requires networks of trusted devices over which secure identity data is communicated and managed,” says Denis Hébert, Executive Vice President and Head of Global Technologies business unit HID Global.

HID Global has developed the Trusted Identity Platform™ (TIP) that provides a scalable and global framework for secure identity-driven transactions. The TIP architecture consists of a secure vault, secure messaging methodology and key management policy and practices governance. All TIP-enabled devices that operate in this network are trusted, so that all transactions between them are deemed trustworthy.

A “member” of this network, be it a card credential, a reader, electronic lock, a mobile phone or a card printer, is enabled by implementing a TIP protocol, so that they can be registered and recognized by the secure vault, and trusted to communicate secure identity objects (SIOs). TIP-enabled devices can then be managed as nodes in a trusted network. Only registered and trusted devices are allowed to participate in this network, unlike the internet where any computer can access any website.

Denis says the approval of a new device within the network can be compared to a hand shake. “Once a new device has shaken hands with the secure vault, it is deemed trusted and no longer needs to communicate through the vault, but can operate independently and communicate with other trusted devices or end points within the network. For example, a TIP enabled NFC mobile phone programmed with a secure identity object can communicate directly with a TIP-enabled electronic access control reader.”