Tech Talk are designed to share information about new and emerging technologies in higher education and inspire conversations across the CSU System. Sponsored by the Division of IT, these forums are conducted in partnership with other units at CSU and across Higher Ed.
Past Tech Talks
Mobile ID Credentials for CSU (RamCard)
February 1, 2003
View the discussion around how mobile ID credentials are replacing traditional University ID cards. During the session, panelists discussed insights about their experience with implementing mobile ID credentials. Participants gained a broad-based understanding of how the technology is being utilized across higher education, including the infrastructure requirements necessary to successfully support this technology.
Panelists:
Moderators:
- Neal Luján, RamCard Office, Colorado State University
- Jaime McCue, Division of IT, Colorado State University
-
Recording Summary
Timestamp Topics and Themes 0.00 Welcome Remarks 2:35 CSU RamCard Background – History and Current State 4:53 Initial implementation of Mobile ID in Higher Ed – NACCU Benchmark and NACCU Technology Committee Information 6:34 Panel Introductions 7:42 Inspirations for Mobile ID Credential 14:18 Credential(s) Chosen 17:27 Issuance Model 30:49 Benefits from Mobile ID Credential 36:20 Credential Issuance on multiple devices 36:53 Identification Verification of Device Owner and Issued Credential 37:51 Security risks related to mobile credential — using phones for access, multi-factor authentication 41:00 Challenges to becoming “mobile ready” – Infrastructure Updates 45:55 Project Membership 52:10 Project Timeline 55:35 Support to individuals during instances of lost or broken phones 57:40 Closing Remarks -
Q&A
Question Response from Temple University Response from University of Alabama With bad actors exploiting cell based MFA, what are the risks of using phones for card access? [Asked by Nic Garrison]
ITS is managing the MFA on our campus but I have not heard any concerns. UA feels the phones are more secure than a physical card. DUO is the MFA used at UA and a student must go through DUO to add the mobile credential to their device. It is not required for transactions, but a cardholder must turn express mode on if they do not wish to use the PIN for each transaction. Request for clarification: Would a Mobile ID credential program include staff who have/use University ID cards, as well as students? [Asked by Chris Carsten]
Yes, we use our mobile for staff and students. We do NOT use it for Alumni, Guests or Non-Credit Students. UA allows faculty and staff to use mobile credentials. Currently faculty and staff are allowed to have both mobile credentials and a physical card, if they choose to have a physical card. We do not require them to use one credential or the other. Can you please share strategies you used for students who do not own mobile devices? I am thinking some of our students from low income backgrounds. It might be hard to believe but we do have students without phones. [Asked by Craig Chesson]
We still allow card issuance for this population. Students receive a physical card if they do not have an eligible mobile device. We require them to come to the office and allow us to see the phone they are using, which also helps us document the phone models that do not have NFC capability. This would include a student using a flip phone. If a student says they do not have a phone, we have to trust them. We have no way to prove a student does not have a phone. Faculty and staff are not required to have a mobile credential. Original Question By Chesson,Craig… Can you please share strategies you used for students who do not own mobile devices? I am thinking some of our students from low income backgrounds. It might be hard to believe but we do have students without phones. … And low-income staff.
[Asked by Nate Williams]
Faculty and staff are not required to have a mobile credential. Original Question By Chesson,Craig… Can you please share strategies you used for students who do not own mobile devices? I am thinking some of our students from low income backgrounds. It might be hard to believe but we do have students without phones. … And the security-conscious folks that lean toward simplicity and limited features with a flip phone.
[Asked by Brian Route]
Phones must have NFC technology. Original Question By Chesson,Craig… Can you please share strategies you used for students who do not own mobile devices? I am thinking some of our students from low income backgrounds. It might be hard to believe but we do have students without phones. Followed up with this question from Route,Brian… And the security-conscious folks that lean toward simplicity and limited features with a flip phone…
… In that vein, does this implementation preclude non smart devices, like flip phones?
[Asked by Laura KinCannon]
Students with flip phones are issued a physical card. There are many levels of staff who are given authority to demand students show ID. It is one thing to require someone present/hand over a RamCard, it is another to do the same with someone’s phone. A RamCard is CSU property provided to the student but always under CSU mandate to require it be presented. A student’s phone is their personal property, how have you addressed the standing to require a student present their phone for staff to view? Alternately, might this present an opportunity to allow appropriate staff access to virtual credentials so they can confirm someone’s identity independent of student cooperation? Perhaps you allow this via access to a specific program or sharing such via existing resources (StarRez, Banner, etc.)?
[Asked by John Malsam]
Our residence halls have a system at the entrance that will show the photo on a monitor when a mobile credential is provided. There is no reason to hold a student phone. Our security also has access to Transact which is the database of record for all photos.
Upper administration was in support of the mobile credential project from the start. Faculty and staff were made aware of the changes and that the mobile credential would be an official form of ID and must be accepted for identification purposes. They are not to take a student’s phone from them but may ask the student to display their credential so the ID can be verified. Photos are stored in Banner and can be seen by professors on class rosters. UAPD also has access to photos in emergency situations.
Will there be costs to replace photos or change names on mobile IDs as there are with physical IDs? [Asked by Maggie Hendrickson]
No charge for name or photo changes. UA does not charge for photo changes. Students may update their photo once per academic year. Name can be updated at any time through an online self-service. Can preferred name/photo be updated by the user directly on their phone or would the process be similar to it is now? [Asked by Maggie Hendrickson]
Yes, through our Self Service application on the university portal, students can update their preferred name and pronoun choice. Within Transact, they can update their photo. We have a process allowing cardholders to change between legal and chosen/preferred name used for their credential. Mobile credentials are automatically updated when a cardholder changes the name they’d like to use. Question: Are there any opportunities or possibilities being considered to use a mobile ID outside of our CSU campus infrastructure?
(e.g. student discount on a movie ticket in place of showing a traditional, physical CSU RamCard)[Asked by Brian Route]
We have no control over outside resources accepting or denying the mobile credential. We would hope that those businesses would accept them, but our first priority is for identification ON campus. The mobile credential is the official ID of UA and if a location wishes to offer a discount for showing a credential, they should accept the mobile credential. If a location has a partnership with the University, such as participating in our off-campus merchant program, they must accept the mobile credential. Any planned compatibility with the “My Colorado” app? [Asked by Nic Garrison]
Compatibility with the “My Colorado” app and other state apps would need to be evaluated during an implementation project. Utilizing cards for access to secure facilities where one might not typically encourage having phones/cameras would be convenient. As an improvement over regular cards, is there an additional requirement to verify the phone owner is with the phone when using it for access such as a pin?
Can an ID be loaded on to multiple devices (work & personal)?
[Asked by Stephen Oglesby]
Same situation for slipping someone your phone to use as with a card. One phone and one watch limit.
Students must validate their LDAP account when adding their mobile credential. Use of a mobile credential also requires a PIN to be set on the phone or watch. If express mode is turned on the user does not have to enter their PIN at the time of a transaction. The mobile credential can be added to one phone and one watch only.
Curious if anyone built funding into the project to provide a mobile device (phone or watch) for those students who didn’t already have these resources and met some threshold of financial need. Sounds as if the card is often the next best approach for these students. [Asked by Peggy McCready]
No UA does not provide mobile devices to students. If the student does not have an eligible mobile device a physical card is issued. Any insights into the level of support (HelpDesk, etc.) that went into helping students work through technical challenges with the transition? [Asked by Peggy McCready]
Our biggest issue was MFA enabling. Once that hurdle was crossed, help desk tickets are now manageable. Assistance was/is provided by card office staff. The majority of questions came from faculty and staff during implementation. The students were able to easily follow the directions provided. Any thoughts on mobile IDs vs physical IDs in environments where phones may be at risk of damage or destruction? (e.g. a chemical/mechanical laboratory) [Asked by Chris Stubbs]
Whether a card or a phone, the recommendation would be that they be in a locker or backpack once authenticated into the lab. We do not receive special requests for physical cards due to the environment. What backups are available for immediate restoration of access in the event of a lost, broken device? Do you have information on the amount of these requests vs lost cards? Is there any exceptions to the increased fee for physical cards if that is a necessity for a lost phone for access to student or work tasks? [Asked by Ron Charkowski]
We never quibble over providing a card in replacement for a lost or damaged phone. We do mark the mobile credential as retired in the system but provide a free card. During business hours Action Card staff are available to help with issues. UAPD has the ability to issue temporary Action Cards after hours. Temporary cards are valid for one week and may be extended if a student is having a phone repaired. At any given time, there are approximately 30-40 temporary cards being used. There are far fewer lost phones than physical cards. With our current duo client we get a number of support request from people with lost or replacement phones. What is the procedure in those cases. [Asked by Thomas Schipper]
The client can remove the card through the Transact app, but generally call us to let us know they have a new phone and it is faster and easier for us to do it on the back end. Lost mobile credentials are frozen in the Transact application. If there is a new phone the old credential is retired so the person may add their credential to their new device. If a credential is needed after hours students may obtain a temporary physical card from the police department until business hours when we can retire the old credential. Question: Any concerns with supporting / validating / verifying a mobile ID versus a physical ID for law enforcement and emergency management personnel, particularly in emergency situations or verifying legitimate after-hours business on campus? [Asked by Brian Route]
We have not seen any issue with this from our Public Safety Office. No incidents have occurred that caused any concerns with students only having a mobile credential. Is it better to start with providing the service first to students and then transition to employees? It sounds as if students are finding this service more helpful, and they may have been the priority for this new service at your institution. [Asked by Peggy McCready]
I can see the benefit to students first and then staff. Some schools have even begun by class. UA began offering the service to faculty, staff, and students at the same time. We did not see any benefit to offering it to students only. Is this being used for exterior door access, or all the way to the individual res hall room? [Asked by Steven Lovaas]
We are currently using exterior doors, but this summer will be updating our first residence hall all the way to the bedroom. Students use mobile credentials for both external doors and individual res hall rooms where available. Some res halls still use keys. How does mobile credentialing impact your summer conference operations? How do you handle credentials or meal cards for summer guests or short term campus guests who need access or credentials? [Asked by Cal Boren]
They still use printed Desfire cards. Visitors are not issued a mobile credential. Housing offers wearables to those who need access short term. Physical cards are issued to vendors.
Questions and comments about mobile ID at CSU? Email neal.lujan@colostate.edu