Digital IDs offer security, simplicity in a post-Equifax world
26 January, 2018
category: Biometrics, Digital ID
By Tiffany Conway, Field Marketing Manager for State Government Programs, Gemalto
Today, it’s more likely than not for American citizens’ personal information to be somewhere it shouldn’t be on the internet. Whether that’s because hackers nicked it out of a retailer’s servers or because a waiter copied credit card numbers to sell to online fraudsters, it’s clear that Americans need new ways to store, secure and use identity documents.
Digital IDs offer a promising solution for re-securing American identities: They can be verified offline using tamper-proof digital signatures, which provide certainty credentials are authentic; and securing access to digital credentials with PIN or biometrics enables far greater protection from would-be fraudsters trying to steal identity information.
The app then creates an on-screen QR code to facilitate communication between the ID and the device being used to verify it. The ID sends the information the user would like to share, along with a digital certificate of authenticity.
A digital ID would also be more convenient for citizens to carry than physical credentials. According to Pew Research, more than three-quarters of Americans own a smartphone, including 92% of younger adults between the ages of 18 and 29. Even as backups to physical credentials, digital IDs would be a convenient option for mobile device owners.
Gemalto’s digital driver’s license pilot provides a real-world example of the ways people might use digital IDs and how they could act as backups to physical credentials. 89% of pilot participants reported that they found the digital driver’s license more convenient than their physical ID, and many appreciated having more control over the information they share with government officials or employees at private businesses.
To be most useful for citizens, digital IDs should allow users to store information from multiple credentials on their devices. As part of their pilot program in Wyoming, Gemalto is planning to add hunting and fishing licenses to the digital driver’s license app, and it’s easy to think of other credentials that would be convenient to store in a secure digital format, like health insurance, Medicare or Medicaid or social security cards.
While the simple ability to securely store IDs on a mobile device is a convenient option for Americans, the real power of digital IDs lies within the electronic verification process needed to authenticate them. When users need to share information with a business or government official, they use a PIN or fingerprint to open their ID app and then select the information they’d like to share. The app then creates an on-screen QR code to facilitate communication between the ID and the device being used to verify it. The ID sends the information the user would like to share, along with a digital certificate of authenticity. That digital certificate, or signature, includes a cryptographic key that can be checked against the ID issuer’s key. If the keys don’t match, then the ID is a fake or has somehow been tampered with.
This signature verification process is done offline, keeping things private and fast. A great example of the process at work is on display in every airport. When travelers use mobile boarding passes, the Transportation Security Administration scans a QR code to verify their flight information and a digital signature issued by the airline, which the TSA’s scanners can verify offline, against a public key in their records.
Because so much information can be proven accurate with this digital signature verification process, digital IDs could be used to simultaneously verify user identities alongside a host of other documents.
