‘Milipass’ is Korea's first military data collection & management platform for the Army headquarters and active-duty soldiers. This platform started as a part of ‘MyData Service Project for Public Experience’ supported by the Army HQ, the Ministry of Science and ICT, and the Korea Data Agency. Soldiers who are on active duty or have been discharged from the military service and their family members can download this pass to their mobile wallet and use it for identification, authentication, and payment purposes. The goal of the project is to utilise the high-quality military data obtained from more than 250,000 new soldiers every year and help them with self-development, employment, finance as well as quarantine management during the COVID-pandemic.
Milipass was launched to resolve the inconvenience of using personal data, separately generated from different sources throughout the military service, such as military service record, finance, access, and quarantine data of the active-duty soldiers, addressing the importance of managing the data of both active-duty soldiers and professional soldiers altogether through one MyData platform for efficient business process. However, an easy access of data increased the risk of leakage of personal information and the confidential military information, and a stronger security authentication technology was in need accordingly. In addition, most of the military units were based in rural areas with limited communication signals. Therefore, a technology that could identify and authenticate an individual even in off-the-network environment but at the same time generate a variety of personal information in the form of a dynamic authentication code with zero redundancy was also required.
The authentication of Milipass was designed with Fast Identity Online (FIDO) and One-Time Authentication Code (OTAC). In addition, three layers of security systems including data encryption, access control, and smartphone security were added to protect personal information used in military service, finance, access, and quarantine management.
OTAC technology has been embedded in the access management system of Milipass. As all soldiers have been officially allowed to use their mobile phones since 2019 to control Covid-19 more efficiently, they can easily generate their personal access code in the form of an OTAC by simply using the Near Field Communication (NFC) function on the smartphone. Once the OTAC has been generated, the access control system can immediately verify the code. Further, the OTAC QR code displayed on the Milipass app on each user’s smartphones is used for access control for military facilities as well as recording data on the entry and exit to the facilities.
OTAC technology has also been applied to ID cards and passes in the form of a QR code for identification and access verification. Users can simply scan a QR code with camera or barcode scanner but may also use a SMS-delivered code if there is no device to read a QR code. Or, in the case that the access control device includes an NFC reader, the NFC function on the mobile phone can easily verify OTAC code.
OTAC can help establish a non-face-to-face access control system to improve safety in the prevention of COVID-19 pandemic. To use OTAC-embedded-QR code entry logs, users simply answer a questionnaire on their mobiles and scan the generated OTAC QR code for each entrance gate. With enhanced user experience, this system is suitable for military units with a large number of soldiers.
Also, given that many military facilities often experience failure to send a code from the server to a mobile phone due to an unstable network connection, OTAC can provide a safer yet more efficient authentication without requiring any network connection for communication between the systems. Whilst preventing the llegal use of Milipass, users can easily register and manage multiple facilities to which they have access through the OTAC-embedded Milipass. OTAC, the award-winning technology that generates a unique code with no chance of duplication at any given time, not only it can provide a high level of security and user convenience, but it can also save costs compared to existing authentication methods.
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
sufficient to IDENTIFY user