Many of us already use our mobile phones for most of our daily tasks and authentication needs such as making purchases opening our office doors and parking gates, and using the internet for a whole range of services. However, one of the few things we regularly need but still carry separately is our government-issued ID. If only we could prove our identity with our phone, so that we could truly leave our wallets or bags at home…
This concept may soon be a reality. Many countries are now exploring how to offer driver’s licenses on phones to become more efficient and simplify how they are issued and used. Even though driver’s licenses are statements of an individual’s right to drive and, therefore, not ID documents, they are often considered a test case for the wider adoption of digital government IDs. In fact, several government agencies worldwide are evaluating how to put a variety of different identity credentials on phones, from National Identity credentials to vehicle registration documents.
To ensure security, these citizen IDs won’t simply be JPEG images with a barcode on a screen. Instead, government agencies will use the smartphone as an all-in-one device for remotely receiving, presenting and authenticating mobile IDs with the same levels of trust and privacy protection as we have come to expect for existing physical ID transactions. This requires that all transactions related to issuing, managing and presenting mobile IDs using smartphones are secure and trustworthy, and that all identity transactions are conducted in a closed-circuit environment protected by end-to-end encryption.
In many ways, mobile IDs provide better privacy protection than physical IDs. If a driver’s license is stolen, anyone can read its identity information, but a mobile ID is unavailable when a phone is “asleep” or locked by the user. Additionally a mobile ID can be revoked remotely to prevent its further use if lost or stolen. When receiving a verification request for their mobile ID, citizens can see whether the verifying entity is authorized, who they are, and what information they are requesting. The citizen can then decide whether or not to share this information. For example, they no longer must divulge name, address or any other identifying information when all that may be required is their picture and date of birth, to verify their age.
Additionally, mobile IDs will be easy to renew without having to visit a government office, and to update instantly when, for instance, there is a home address change. Because mobile IDs are provisioned directly onto citizens’ phones, they can be issued, updated and revoked anytime, anywhere, there is an internet or telecommunications networks. However, this is not to say that mobile IDs cannot be used in remote locations without Internet or network connection, as the mobile ID can be securely stored on the phone for verification directly between two devices, for example over Bluetooth®. Bluetooth brings the added benefit of allowing verification over a distance, elevating the level of trust between the citizen and the verifier before they get close to one another.
Mobile IDs will transform how we do many things. For instance, citizen’s currently use a driver’s license or other identity document at the airport when checking in for domestic travel, but they also carry a boarding pass separately on a phone or a piece of paper. With a single government-issued mobile ID, the two could converge to provide greater security, convenience and flexibility for citizens, airline staff and security personnel.
Mobile IDs will also enable governments to deliver more – and more secure — citizen-centric digital services. They will make it easier for citizen to interact with government entities and access a growing variety of cloud-based government information services. Meanwhile, physical ID cards won’t disappear anytime soon and are likely to be used alongside mobile IDs in these and other on-line applications, with each helping to authenticate the other for even greater security. The physical card or document could be used as the “trust anchor” for enrolling to a mobile scheme. Either or both the physical and mobile credential could then be used to access a secure government website, health records or others services and information.
Using our smartphones as IDs will be an increasingly attractive option as we continue to depend more and more on our mobile devices. Government-issued mobile IDs will make proving our identity much more convenient while giving us more — and often better – ways to protect our privacy.