Apple presses ahead with aim to replace paper passports and ID with iPhone
Apple is continuing to research how to ensure the identity of someone presenting an iPhone to a passport official, or using any other digital ID document.
Spot the difference - one of these is entirely digital, but the other two already include digital elements
This is coming -- your passport, drivers' licence, and probably all paper ID is going to go digital. The iPhone has already replaced everything from wallets to compact mirrors, and if it doesn't know when ID will make the move to digital, Apple is certain it's going to happen.
The company has already applied for multiple patents on related issues, including how an official can request what ID data from an iPhone. Now a newly-revealed patent application is concentrating on authenticating that the person holding an iPhone with digital ID is the real owner.
"User authentication framework," is about how to "securely perform a user authentication" when asked by "an issuing authority."
"[This patent application] describes embodiments in which a person may present identification information through a mobile device instead of presenting a traditional form of identification," says Apple. "[It] begins with a discussion about storing identification information (e.g., of a passport, driver license, government-issued ID, student ID, etc.) on a mobile device... [And] then describes an authentication framework for performing a user authentication at the mobile device."
The issues, detailed in around 13,000 words of patent application, range from the communications protocols, through secure storage, and on to making the process "tamper-resistant."
Apple does not want to limit its patent application too specifically, but for examples of communications protocols, it does refer to both NFC and RFID. It also describes the use of a biosensor -- such as Face ID -- to authenticate the user, plus a secure enclave to hold private data.
Detail from the patent showing a simplified process for authenticating ID
Nicely, it also discusses just how much information to give up when asked. Just as payment systems today can ask Apple's T2 chip to confirm identity and that processor will solely return a yes or no, so ID could sometimes work the same way.
"[For instance], the mobile device may perform an authentication," says Apple, "that includes the secure element confirming whether a holder of an identification document has an attribute satisfying some criterion without providing that attribute (or at least providing some information about that attribute without providing all information about that attribute)."
"For example, in one embodiment, a person may be attempting to purchase an item that requires the merchant to confirm whether an age of the person satisfies some threshold value," continues Apple. "[Rather] than having the user present the identification document (e.g., a driver license), the reader of the merchant may ask the secure element to confirm whether the user of the mobile device is old enough to purchase the item."
If the owner has been positively identified by, for instance, Face ID, and if their date of birth is stored in the secure enclave, the vender just needs a thumbs up or thumbs down. "In doing so, the mobile device is able to protect a user's identification information, yet still adequately answer the merchant's inquiry."
Most of the patent application's detail describes more complex scenarios, or where much more information is needed. At passport control, for instance, a user's full ID may be crucial -- but so is the need for that user to be certain they're talking to authorized officials.
So the patent describes different combinations of security keys and authentication, where both user and official have their ID authenticated.
If it sounds as if digital ID is at risk of being stolen, it is. But that's why Apple is sweating these specific details. And if it doesn't want to point out that your passport can be taken from your hands, it does want to note that we already have digital ID.
"For example, modern passports (called e-Passports) may include an electronic chip that stores a passport holder's name, date of birth, and other forms of information," says Apple. "When a person is passing through customs, the person may present the passport to a customs officer, who places the passport on a reader to extract information stored in the passport."
"Upon verifying the information printed on the passport against the internally stored information, the officer may confirm the identity of the holder and allow the holder passage through customs," it continues.
Having that confirmation instead take place between the customs system and the user's iPhone, unlocked with Face ID, is immediately going to be more secure.
This patent application is credited to three inventors, including Ahmer A. Khan, who previously worked on a related filing about securely presenting ID wirelessly.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Spot the difference - one of these is entirely digital, but the other two already include digital elements
This is coming -- your passport, drivers' licence, and probably all paper ID is going to go digital. The iPhone has already replaced everything from wallets to compact mirrors, and if it doesn't know when ID will make the move to digital, Apple is certain it's going to happen.
The company has already applied for multiple patents on related issues, including how an official can request what ID data from an iPhone. Now a newly-revealed patent application is concentrating on authenticating that the person holding an iPhone with digital ID is the real owner.
"User authentication framework," is about how to "securely perform a user authentication" when asked by "an issuing authority."
"[This patent application] describes embodiments in which a person may present identification information through a mobile device instead of presenting a traditional form of identification," says Apple. "[It] begins with a discussion about storing identification information (e.g., of a passport, driver license, government-issued ID, student ID, etc.) on a mobile device... [And] then describes an authentication framework for performing a user authentication at the mobile device."
The issues, detailed in around 13,000 words of patent application, range from the communications protocols, through secure storage, and on to making the process "tamper-resistant."
Apple does not want to limit its patent application too specifically, but for examples of communications protocols, it does refer to both NFC and RFID. It also describes the use of a biosensor -- such as Face ID -- to authenticate the user, plus a secure enclave to hold private data.
Detail from the patent showing a simplified process for authenticating ID
Nicely, it also discusses just how much information to give up when asked. Just as payment systems today can ask Apple's T2 chip to confirm identity and that processor will solely return a yes or no, so ID could sometimes work the same way.
"[For instance], the mobile device may perform an authentication," says Apple, "that includes the secure element confirming whether a holder of an identification document has an attribute satisfying some criterion without providing that attribute (or at least providing some information about that attribute without providing all information about that attribute)."
"For example, in one embodiment, a person may be attempting to purchase an item that requires the merchant to confirm whether an age of the person satisfies some threshold value," continues Apple. "[Rather] than having the user present the identification document (e.g., a driver license), the reader of the merchant may ask the secure element to confirm whether the user of the mobile device is old enough to purchase the item."
If the owner has been positively identified by, for instance, Face ID, and if their date of birth is stored in the secure enclave, the vender just needs a thumbs up or thumbs down. "In doing so, the mobile device is able to protect a user's identification information, yet still adequately answer the merchant's inquiry."
Most of the patent application's detail describes more complex scenarios, or where much more information is needed. At passport control, for instance, a user's full ID may be crucial -- but so is the need for that user to be certain they're talking to authorized officials.
So the patent describes different combinations of security keys and authentication, where both user and official have their ID authenticated.
If it sounds as if digital ID is at risk of being stolen, it is. But that's why Apple is sweating these specific details. And if it doesn't want to point out that your passport can be taken from your hands, it does want to note that we already have digital ID.
"For example, modern passports (called e-Passports) may include an electronic chip that stores a passport holder's name, date of birth, and other forms of information," says Apple. "When a person is passing through customs, the person may present the passport to a customs officer, who places the passport on a reader to extract information stored in the passport."
"Upon verifying the information printed on the passport against the internally stored information, the officer may confirm the identity of the holder and allow the holder passage through customs," it continues.
Having that confirmation instead take place between the customs system and the user's iPhone, unlocked with Face ID, is immediately going to be more secure.
This patent application is credited to three inventors, including Ahmer A. Khan, who previously worked on a related filing about securely presenting ID wirelessly.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
Tech companies like Apple must be prepared for the time when government agencies start pulling, or demanding, a solution. It won't be Apple or any tech company pushing their technology on government agencies. But as we all know, there's always a bit of subtlety to persuasion ... so allowing the government agencies to "take credit" and declare victory for a solution that was handed to them by someone else helps move things along. Apple knows this and will be ready for the handoff and transfer of credit.
My last 2 passports have been e-Passports, which are great for streamlining the customs processing significantly. The US and Canada NEXUS program uses biometric authentication to greatly speed customs processing. Programs like TSA-Pre greatly improve check-in times by establishing trust relationships. Some states, Georgia included, require a fingerprint to issue a drivers license, which is obviously digitized and stored for recall. There is already momentum to move things forward with the aid of technology, trust based relationships, and biometrics. It's just a matter of technology providers like Apple learning all the dance steps, protocols, and formalities of working with the agencies involved, which still have a few luddites hanging around, but their dinosaur days are numbered.
Identity theft is my major concern here, as a passport itself is hard to duplicate.
I reckon this would also be much more practical if the iPhone can go in “ultra low power mode” and serve basic functionality such as identification, in that mode.
Not being able to identify with close to 0% battery at the end of the day is not a viable solution.
IMO, it is the issuing bodies who should be (and in fact, already are) working on this. It should be a standards based and preferably with wide consultation within the industry.
US citizens cannot board a plane unless they show REAL ID-compliant identification, and the current statues say nothing about digital identification.
Second, once DHS does its thing, each State will need to wire up their DMVs (et al) to do adopt the standard. This, too, will not be a fast process.
Nationwide, interoperable digital ID is at least a half decade away. Welcome to bureaucracy.
Currently I have to have with me
Passport
Country ID card
Health card
Driving license.
Plus obviously credit cards.
Or imagine Samsung crapping out a version just to continue their trend of brainwashing their iKnockoff fan base?
With Apple doing things RIGHT, I imagine Tim Cook is looking to the future and they have even tighter security planned for the next few iPhones. Maybe better FaceID? FaceID plus TouchID?
off topic: the report is Tim claimed we should be voting in the US on an iPhone. That will not ever happen, and is perhaps the most naive thing I've heard attributed to him.
Not paranoid ... I explained this to GEICO on their digital Insurance cards ...
I'm all in for cryptographically improving Id cards, etc. Carrying passport when travelling isn't too much of a hassle. Id or drivers licence a bit more annoying. Hence it needs some sort of layered approach. Supermarket doesn't need to know more than my DOB, while border worker probably needs more info...
Obviously such data can't be stored on device itself but on a secure cloud storage. Which begs the question of who or where it will be stored (especially when you've got dual citizenship, etc). Who can access it (I'd say argue ANYONE as iDevice provides the temporary cryptographic key to access certain access - basically same how OAuth works)?
I think Apple could spend its time better