Apple working on how to securely present electronic ID wirelessly

Posted:
in General Discussion
Apple wants the iPhone to replace drivers' licenses and any other form of ID, so it is working on technology to keep details secure when authenticating the holder's identity wirelessly.

Printed passports may become a thing of the past
Printed passports may become a thing of the past


Even Apple has said that the end of paper ID won't happen quickly, but there's no question that it's coming. Before we can get used to holding our Apple Watch over an airport security desk's reader terminal, though, we have to know it's safe.

If you've even used contactless Apple Pay once, you know that it is supremely convenient. The existing ability to run through, say, London's Underground as you buy a ticket with just a flick of your wrist, is excellent.

When it's your money that's at stake, these transactions have to be secure. When it's your identity, that security has to be unbeatable. A newly-revealed Apple patent application named "Controlled Identity Credentials Release" is solely concerned with exactly this.

"Physical identity credentials, such as driver's licenses, passports, etc., may be migrating to digital form, such as digital identity credentials stored on electronic devices," says Apple. "As the credentials themselves change, so too will the manner in which a user provides his identity credential to a third party, such as a government official, a commercial entity, and the like."

"For example, the user may wirelessly transmit their digital identity credential from their device to a wireless terminal device of a third party," continues the patent application. So, for instance, it concerns how a law enforcement device might talk to your iPhone to properly request ID.

Detail from the patent showing a workflow for verifying ID
Detail from the patent showing a workflow for verifying ID


It's all about "controlled methods of releasing, or providing, the user's digital identity credential" when we want to do that. Whether it's to a TSA officer because we want to board a plane, or it's to verify our age when we apply for a credit card, the delivery of the data must be secure.

Apple suggests multiple ways of presenting our ID on request, including only showing it on our screen. "[For example,] the user's identity credential is displayed on the user's device while the user's device remains in the locked state," suggests Apple. "In this manner, the user can provide their device to a third party (e.g., a TSA personnel and/or security checkpoint personnel), without comprising the security/privacy of the user's data stored on the device."

That may do if you're pulled over by a traffic cop, but when you're entering an airport, for instance, you know that more is needed. "Alternatively or in addition to displaying the identity credential, the identity credential may be wireless transmitted to a terminal device of the governmental authority, such as via NFC, Bluetooth, Wi-Fi Aware etc," continues Apple.

This all presumes that we are able to present our ID. There are situations, such as when we're incapacitated, when we need to be identified yet we cannot personally do anything about that. In this case, Apple proposes that under the right circumstances, our devices could "automatically transmit the user's identity credential."

Apple gives the example of a first responder, "such as police officer, firefighter, etc," who could legitimately possess a device that would automatically request ID like this. "[Upon] verifying that the first responder is authorized to receive the identity credential, [the device] may automatically transmit the user's identity credential to the device of the first responder."

The patent application goes into detail about the use of secure enclaves, and how such identity request verification could be handled, it is also concerned with what information does or does not need to be provided.

["For instance,] the identity credential may be presented with only a portion of the information on the identity credential visible (such as the user's name and birth date for proof of age)," says Apple, "and/or by providing a processed response to a request for information (e.g., 'yes' or 'no') based on information contained in the user's identity credential."

That's similar to the thinking behind how our biometric data is held in a secure enclave on our iPhones. An app or service may need to verify who we are, say before we purchase something, but really its need is very limited and very specific. We have to be who we say we are, so an app or service can ask the secure enclave and be told that yes, we are, or no, we are not.

Detail from the patent showing one suggested position for an iPhone ID button
Detail from the patent showing one suggested position for an iPhone ID button


The app or service making the request doesn't need, or get, our names or any other portion of our ID information. Yet it can securely continue to process the purchase, for instance, because we have been verified.

This new patent application is credited to seven inventors. That includes Rupamay Saha, and Christopher Sharp, both of whom are previously named on a related application about providing verified user ID.

Comments

  • Reply 1 of 7
    davgregdavgreg Posts: 1,036member
    You do not want an electronic device connected to the internet to replace your Passport.

    Not a tin foil hat person, but we have no idea what the future would bring and the potential for nefarious actors or totalitarian governments with such technology is not a nice thing to contemplate.

    beowulfschmidtwatto_cobra
  • Reply 2 of 7
    "Even Apple has said that the end of paper ID won't happen quickly, but there's no question that it's coming."

    I don't see the end of paper identification this century.  I, for one, will never have my ID, health information, biometric data, financial information (including credit cards), automobile "key" or any other genuinely personal information stored on my phone.  Call me a Luddite, but anything stored electronically is one hack away from being in the hands of others.

    But I also prefer car keys and not fobs, standard transmissions, buttons / switches instead of a touchscreen display in my car.  At least I have progressed beyond ultrasonic clickers for a television remote.
    boxcatcherSpamSandwich
  • Reply 3 of 7
    StrangeDaysStrangeDays Posts: 12,834member
    "Even Apple has said that the end of paper ID won't happen quickly, but there's no question that it's coming."

    I don't see the end of paper identification this century.  I, for one, will never have my ID, health information, biometric data, financial information (including credit cards), automobile "key" or any other genuinely personal information stored on my phone.  Call me a Luddite, but anything stored electronically is one hack away from being in the hands of others.

    But I also prefer car keys and not fobs, standard transmissions, buttons / switches instead of a touchscreen display in my car.  At least I have progressed beyond ultrasonic clickers for a television remote.
    I already have a number of these -- credit cards, state ID, health records, etc. You should read up on how they are done. For instance, Apple Pay doesn't store your credit card number on-device, it stores part of token used to communicate with the issuing bank at the POS system in real-time at the transaction. Same with fingerprints & face biometrics -- hashed representations, only. Even if someone stole my iPhone, cracked it, got into the secure enclave, they'd still have useless numeric data, not the actual card numbers or fingerprints, etc.
    fastasleepwatto_cobra
  • Reply 4 of 7
    croprcropr Posts: 1,122member
    "Even Apple has said that the end of paper ID won't happen quickly, but there's no question that it's coming."

    I don't see the end of paper identification this century.  I, for one, will never have my ID, health information, biometric data, financial information (including credit cards), automobile "key" or any other genuinely personal information stored on my phone.  Call me a Luddite, but anything stored electronically is one hack away from being in the hands of others.

    But I also prefer car keys and not fobs, standard transmissions, buttons / switches instead of a touchscreen display in my car.  At least I have progressed beyond ultrasonic clickers for a television remote.
    I already have a number of these -- credit cards, state ID, health records, etc. You should read up on how they are done. For instance, Apple Pay doesn't store your credit card number on-device, it stores part of token used to communicate with the issuing bank at the POS system in real-time at the transaction. Same with fingerprints & face biometrics -- hashed representations, only. Even if someone stole my iPhone, cracked it, got into the secure enclave, they'd still have useless numeric data, not the actual card numbers or fingerprints, etc.
    Have you ever done international travel to a less developed countries, where you have to put a $20 bill in your passport in order to pass?   How would you do that with your iPhone?

    There is absolutely no guarantee that there is a liable 3G/4G connection at a border.  So a solution where a passport is not stored on the device, is not really useful. 

    Moreover, how does one put a entrance/exit stamp on a electronic device?   

    Governments will never accept a non paper international passport, that is controlled by a foreign company. 
  • Reply 5 of 7
    entropysentropys Posts: 4,152member
    Apple Cash of course, Cropr.  As it is readily available worldwide, and not just in the US...oh, wait.

    but you are right, national governments might not like it. A path to the future portrayed in Diamond Age, where people align with corporations and culture rather than nations. 
    edited October 2020 watto_cobra
  • Reply 6 of 7
    macguimacgui Posts: 2,350member
    Having my DL, reg, and insurance card in separate folder, viewable others so authorized, only in a kiosk mode would make me very happy.
    watto_cobra
  • Reply 7 of 7
    Yet individual States are actively building their own proprietary IDs as we speak (some already have them).

    So, just like with Apple Pay, the end consumer / citizen is going to have to put up with years of ridiculous protectionism before, ultimately, the Apple standard is offered.
    watto_cobra
Sign In or Register to comment.