William Gallagher
Apple is continuing to research how to ensure the identity of someone presenting an iPhone to a passport official, or using any other digital ID document.
This is coming — your passport, drivers' licence, and probably all paper ID is going to go digital. The iPhone has already replaced everything from wallets to compact mirrors, and if it doesn't know when ID will make the move to digital, Apple is certain it's going to happen.
The company has already applied for multiple patents on related issues, including how an official can request what ID data from an iPhone. Now a newly-revealed patent application is concentrating on authenticating that the person holding an iPhone with digital ID is the real owner.
"User authentication framework," is about how to "securely perform a user authentication" when asked by "an issuing authority."
"[This patent application] describes embodiments in which a person may present identification information through a mobile device instead of presenting a traditional form of identification," says Apple. "[It] begins with a discussion about storing identification information (e.g., of a passport, driver license, government-issued ID, student ID, etc.) on a mobile device... [And] then describes an authentication framework for performing a user authentication at the mobile device."
The issues, detailed in around 13,000 words of patent application, range from the communications protocols, through secure storage, and on to making the process "tamper-resistant."
Apple does not want to limit its patent application too specifically, but for examples of communications protocols, it does refer to both NFC and RFID. It also describes the use of a biosensor — such as Face ID — to authenticate the user, plus a secure enclave to hold private data.
Nicely, it also discusses just how much information to give up when asked. Just as payment systems today can ask Apple's T2 chip to confirm identity and that processor will solely return a yes or no, so ID could sometimes work the same way.
"[For instance], the mobile device may perform an authentication," says Apple, "that includes the secure element confirming whether a holder of an identification document has an attribute satisfying some criterion without providing that attribute (or at least providing some information about that attribute without providing all information about that attribute)."
"For example, in one embodiment, a person may be attempting to purchase an item that requires the merchant to confirm whether an age of the person satisfies some threshold value," continues Apple. "[Rather] than having the user present the identification document (e.g., a driver license), the reader of the merchant may ask the secure element to confirm whether the user of the mobile device is old enough to purchase the item."
If the owner has been positively identified by, for instance, Face ID, and if their date of birth is stored in the secure enclave, the vender just needs a thumbs up or thumbs down. "In doing so, the mobile device is able to protect a user's identification information, yet still adequately answer the merchant's inquiry."
Most of the patent application's detail describes more complex scenarios, or where much more information is needed. At passport control, for instance, a user's full ID may be crucial — but so is the need for that user to be certain they're talking to authorized officials.
So the patent describes different combinations of security keys and authentication, where both user and official have their ID authenticated.
If it sounds as if digital ID is at risk of being stolen, it is. But that's why Apple is sweating these specific details. And if it doesn't want to point out that your passport can be taken from your hands, it does want to note that we already have digital ID.
"For example, modern passports (called e-Passports) may include an electronic chip that stores a passport holder's name, date of birth, and other forms of information," says Apple. "When a person is passing through customs, the person may present the passport to a customs officer, who places the passport on a reader to extract information stored in the passport."
"Upon verifying the information printed on the passport against the internally stored information, the officer may confirm the identity of the holder and allow the holder passage through customs," it continues.
Having that confirmation instead take place between the customs system and the user's iPhone, unlocked with Face ID, is immediately going to be more secure.
This patent application is credited to three inventors, including Ahmer A. Khan, who previously worked on a related filing about securely presenting ID wirelessly.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Charles Martin
Christine McKee
Oliver Haslam
41 Comments
Sign me up.
Just wait. You know the Luddites are going to scream and cry "Hack! Fraud!", as is their want, to prevent this from moving forward. And we will all be stuck back in the 20th Century for the next 200 years.
This will have as much chance of being passed into law in the USA as there is for the move to allow voting by phone. Meanwhile... There are places that are (or already have) moved to allow Voting by phone (Estonia) and will be looking at replacing paper passports with electronic ones very soon.
I agree with Apple. It's going to happen, but it'll require some education, more-eyes-on-it scrutiny, and pull demand. By "pull" I mean that continuing along the current path with outdated methods creates an untenable impediment and gross inefficiencies that can no longer be tolerated. Those who need to move forward and break the logjam will seek out, or pull, solutions to solve their problem.
Tech companies like Apple must be prepared for the time when government agencies start pulling, or demanding, a solution. It won't be Apple or any tech company pushing their technology on government agencies. But as we all know, there's always a bit of subtlety to persuasion ... so allowing the government agencies to "take credit" and declare victory for a solution that was handed to them by someone else helps move things along. Apple knows this and will be ready for the handoff and transfer of credit.
My last 2 passports have been e-Passports, which are great for streamlining the customs processing significantly. The US and Canada NEXUS program uses biometric authentication to greatly speed customs processing. Programs like TSA-Pre greatly improve check-in times by establishing trust relationships. Some states, Georgia included, require a fingerprint to issue a drivers license, which is obviously digitized and stored for recall. There is already momentum to move things forward with the aid of technology, trust based relationships, and biometrics. It's just a matter of technology providers like Apple learning all the dance steps, protocols, and formalities of working with the agencies involved, which still have a few luddites hanging around, but their dinosaur days are numbered.
If the passport data is locally stored on the iPhone that is fine, but it should never touch Apple’s servers, or anyone else’s.
Identity theft is my major concern here, as a passport itself is hard to duplicate.
I reckon this would also be much more practical if the iPhone can go in “ultra low power mode” and serve basic functionality such as identification, in that mode.
Not being able to identify with close to 0% battery at the end of the day is not a viable solution.