Apple working on how to securely present electronic ID wirelessly

article thumbnail

Apple wants the iPhone to replace drivers' licenses and any other form of ID, so it is working on technology to keep details secure when authenticating the holder's identity wirelessly.

Even Apple has said that the end of paper ID won't happen quickly, but there's no question that it's coming. Before we can get used to holding our Apple Watch over an airport security desk's reader terminal, though, we have to know it's safe.

If you've even used contactless Apple Pay once, you know that it is supremely convenient. The existing ability to run through, say, London's Underground as you buy a ticket with just a flick of your wrist, is excellent.

When it's your money that's at stake, these transactions have to be secure. When it's your identity, that security has to be unbeatable. A newly-revealed Apple patent application named "Controlled Identity Credentials Release" is solely concerned with exactly this.

"Physical identity credentials, such as driver's licenses, passports, etc., may be migrating to digital form, such as digital identity credentials stored on electronic devices," says Apple. "As the credentials themselves change, so too will the manner in which a user provides his identity credential to a third party, such as a government official, a commercial entity, and the like."

"For example, the user may wirelessly transmit their digital identity credential from their device to a wireless terminal device of a third party," continues the patent application. So, for instance, it concerns how a law enforcement device might talk to your iPhone to properly request ID.

Detail from the patent showing a workflow for verifying ID
Detail from the patent showing a workflow for verifying ID

It's all about "controlled methods of releasing, or providing, the user's digital identity credential" when we want to do that. Whether it's to a TSA officer because we want to board a plane, or it's to verify our age when we apply for a credit card, the delivery of the data must be secure.

Apple suggests multiple ways of presenting our ID on request, including only showing it on our screen. "[For example,] the user's identity credential is displayed on the user's device while the user's device remains in the locked state," suggests Apple. "In this manner, the user can provide their device to a third party (e.g., a TSA personnel and/or security checkpoint personnel), without comprising the security/privacy of the user's data stored on the device."

That may do if you're pulled over by a traffic cop, but when you're entering an airport, for instance, you know that more is needed. "Alternatively or in addition to displaying the identity credential, the identity credential may be wireless transmitted to a terminal device of the governmental authority, such as via NFC, Bluetooth, Wi-Fi Aware etc," continues Apple.

This all presumes that we are able to present our ID. There are situations, such as when we're incapacitated, when we need to be identified yet we cannot personally do anything about that. In this case, Apple proposes that under the right circumstances, our devices could "automatically transmit the user's identity credential."

Apple gives the example of a first responder, "such as police officer, firefighter, etc," who could legitimately possess a device that would automatically request ID like this. "[Upon] verifying that the first responder is authorized to receive the identity credential, [the device] may automatically transmit the user's identity credential to the device of the first responder."

The patent application goes into detail about the use of secure enclaves, and how such identity request verification could be handled, it is also concerned with what information does or does not need to be provided.

["For instance,] the identity credential may be presented with only a portion of the information on the identity credential visible (such as the user's name and birth date for proof of age)," says Apple, "and/or by providing a processed response to a request for information (e.g., 'yes' or 'no') based on information contained in the user's identity credential."

That's similar to the thinking behind how our biometric data is held in a secure enclave on our iPhones. An app or service may need to verify who we are, say before we purchase something, but really its need is very limited and very specific. We have to be who we say we are, so an app or service can ask the secure enclave and be told that yes, we are, or no, we are not.

Detail from the patent showing one suggested position for an iPhone ID button
Detail from the patent showing one suggested position for an iPhone ID button

The app or service making the request doesn't need, or get, our names or any other portion of our ID information. Yet it can securely continue to process the purchase, for instance, because we have been verified.

This new patent application is credited to seven inventors. That includes Rupamay Saha, and Christopher Sharp, both of whom are previously named on a related application about providing verified user ID.

 

Latest News