Apple is continuing to research how to ensure the identity of someone presenting an iPhone to a passport official, or using any other digital ID document.
This is coming — your passport, drivers' licence, and probably all paper ID is going to go digital. The iPhone has already replaced everything from wallets to compact mirrors, and if it doesn't know when ID will make the move to digital, Apple is certain it's going to happen.
The company has already applied for multiple patents on related issues, including how an official can request what ID data from an iPhone. Now a newly-revealed patent application is concentrating on authenticating that the person holding an iPhone with digital ID is the real owner.
"User authentication framework," is about how to "securely perform a user authentication" when asked by "an issuing authority."
"[This patent application] describes embodiments in which a person may present identification information through a mobile device instead of presenting a traditional form of identification," says Apple. "[It] begins with a discussion about storing identification information (e.g., of a passport, driver license, government-issued ID, student ID, etc.) on a mobile device... [And] then describes an authentication framework for performing a user authentication at the mobile device."
The issues, detailed in around 13,000 words of patent application, range from the communications protocols, through secure storage, and on to making the process "tamper-resistant."
Apple does not want to limit its patent application too specifically, but for examples of communications protocols, it does refer to both NFC and RFID. It also describes the use of a biosensor — such as Face ID — to authenticate the user, plus a secure enclave to hold private data.
Nicely, it also discusses just how much information to give up when asked. Just as payment systems today can ask Apple's T2 chip to confirm identity and that processor will solely return a yes or no, so ID could sometimes work the same way.
"[For instance], the mobile device may perform an authentication," says Apple, "that includes the secure element confirming whether a holder of an identification document has an attribute satisfying some criterion without providing that attribute (or at least providing some information about that attribute without providing all information about that attribute)."
"For example, in one embodiment, a person may be attempting to purchase an item that requires the merchant to confirm whether an age of the person satisfies some threshold value," continues Apple. "[Rather] than having the user present the identification document (e.g., a driver license), the reader of the merchant may ask the secure element to confirm whether the user of the mobile device is old enough to purchase the item."
If the owner has been positively identified by, for instance, Face ID, and if their date of birth is stored in the secure enclave, the vender just needs a thumbs up or thumbs down. "In doing so, the mobile device is able to protect a user's identification information, yet still adequately answer the merchant's inquiry."
Most of the patent application's detail describes more complex scenarios, or where much more information is needed. At passport control, for instance, a user's full ID may be crucial — but so is the need for that user to be certain they're talking to authorized officials.
So the patent describes different combinations of security keys and authentication, where both user and official have their ID authenticated.
If it sounds as if digital ID is at risk of being stolen, it is. But that's why Apple is sweating these specific details. And if it doesn't want to point out that your passport can be taken from your hands, it does want to note that we already have digital ID.
"For example, modern passports (called e-Passports) may include an electronic chip that stores a passport holder's name, date of birth, and other forms of information," says Apple. "When a person is passing through customs, the person may present the passport to a customs officer, who places the passport on a reader to extract information stored in the passport."
"Upon verifying the information printed on the passport against the internally stored information, the officer may confirm the identity of the holder and allow the holder passage through customs," it continues.
Having that confirmation instead take place between the customs system and the user's iPhone, unlocked with Face ID, is immediately going to be more secure.
This patent application is credited to three inventors, including Ahmer A. Khan, who previously worked on a related filing about securely presenting ID wirelessly.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.