The Virtual ID is the Dutch initiative for a non-physical identity credential. The goal of the Virtual ID is to become a mobile representation of the Passport and ID-card that incorporates the standards for Digital Travel Credentials (DTC), in development by ICAO’s New Technologies Working Group (NTWG), and combines it with national identity data services. The Virtual ID focuses on the citizen to make sure it complies with the General Data Protection Regulation (GDPR) and is a convenient and secure credential to be used for physical identity verifications.

Collaboration

The policy of the government in the Netherlands is that citizens and companies should be able to do their business digitally. The National Office for Identity Data (NOID) is responsible for the delivery of reliable personal data, for citizens, traditionally in the form of identity documents (passports and ID-cards). In the course of the increasing digitisation of society and in line with government’s policy, the NOID has initiated the development of the next generation form factor of these documents, best to be described as a ‘Virtual Identity Document’. This development is being carried out in a collaboration between the NOID and its supplier IDEMIA to move towards a mobile credential that in the end will open the gates for a Digital Travel Credential besides the physical Passport and ID-card.Fig1Figure 1: Use case selection by the holder.

We are just at the beginning of the process and the technical part is merely a small piece of the solution. For the citizen the Virtual ID means a digital represen­tation of the Physical Identity Document displayed in a modern way. Take for example the first assembly line produced car, the Ford Model T. The vehicle was in fact a carriage with a motor. Regulations and technical improvements made the car what it is nowadays, a modern vehicle to transport people from A to B. The same evolution may be foreseeable for the Virtual ID, while everything is technically possible we need to focus on regulations, privacy and security to make it a secure and convenient alternative to the Physical Identity document. Citizens need to develop the same trust in it as in the Passport or ID Card. A process that, comparable to the Ford Model T, will take time to culti­vate and although smartphones are part of our lives for well over ten years now we’re just at the beginning.

Virtual ID – The future of identity documents

In June 2018 there was an article in this magazine about Digital Travel Credentials, an initiative of the NTWG working towards a digital way for travelling. One of the key elements of such a credential is being a virtual component of the physical passport. In this approach the virtual component always has a link to the physical component, both are linked as a hybrid solution.

More than travelling.,,

Such a virtual component can be an app on your smartphone representing the passport information. Besides the use for travelling and the evolution of such a Virtual ID into a DTC it also has ground to be used by citizens in other situations than travelling. You can think of booking a hotel, renting a car or buying alcohol. Sharing only the information that the relying party is allowed to see is no easy task for the citizen. Convenience always wins when you are waiting for your hotel room. A simple handover of your passport and your room awaits you feels much better than waiting and arguing about what your rights are. A Virtual ID is a perfect digital wallet to protect the citizen in these situations. The Virtual ID itself can be linked with multiple identity related services. Each service pops-up as a use case that only reveals the information the relying party is allowed to see.

Deriving a virtual ID

The Virtual ID is a Digital Identity Document derived from the National passport or ID-card and will be issued at the municipalities at the Highest Assurance Level. During this process the document will be electronically read using the passport’s chip following the ICAO Standard Inspection Procedure to validate the Identity Document. This standard ensures that the document is not copied or altered and that it has been issued by the state. To make sure the citizen belongs to the Identity Document a face-to-face check is executed as well as a biometric comparison with a camera. The camera is installed on the workstation of the civil servant and takes a picture of the citizen. This actual picture is then used to compare with the full color portrait photo stored on the passport’s chip. When all lights are set to green, the verification process is finalised. To complete the process the citizen down­loads an app on his smartphone and the identity credential is issued on the smartphone and can be used in physical use cases.

Assurance levels

Assurance Levels are derived from the eIDAS Regulation. eIDAS stands for electronic Identification and Trust Services (eIDAS) and is a set of standards for electronic identification and trust services for electronic trans­actions in the European single market. According to the eIDAS regulation in the European Union (EU) there are three assurance levels defined: High, Substantial and Low. To reach an Assurance Level you must meet the technical specifications and procedures defined by the regulation. Each level has its own set of rules for different parts:

  • Enrolment; Application and registration and Identity Proofing
  • Electronic identification means management; Issuance, Life-Cycle Management
  • Authentication; Authentication mechanism
  • Management and organisation; Information Security Management

In terms of the Virtual ID we aim for an enrolment at the highest assurance level. Meaning that we meet the requirements in the Enrolment part of the regulation: face-to-face process, in possession of a government issued identity document (evidence), the evidence is valid according to an authoritative source, and the applicant is identified using biometrics.

Citizen focused

The main purpose of the Virtual ID is to focus on the citizen and benefit from the digital representation of the ID. Selecting the purpose of the verification helps the citizen to automatically select which information is shared with an inspector. This dynamic feature helps the citizen to protect his/her privacy. Depending on the use case, it will only share the information that the inspector is allowed to see based on local regulations (e.g. 18+ instead of the DOB).

Utilizing a smartphone also enables the possibility to update the ID on a regular basis with new security features or in case of updated regulations. Visually you can compare the Virtual ID with an Identity Document in a modern way. It can be used in physical situations like grocery stores or in situations where you need to identify yourself.Fig2Figure 2: Suitable for machine verification

Machine verification

The validity of the virtual ID is checked using machine verification. The virtual ID contains different security features, which can be verified by an inspection device. Depending on the environment this can be a smart­phone app on the inspectors device or it can be inte­grated in a shop terminal. With machine verification the inspector needs less knowledge on how the security features work. The inspector’s device just gives a check mark or red cross to indicate whether the document is valid.

The Security Features in the virtual ID prevent it from being copied or altered. One of these features proves that the displayed portrait photo is genuine and issued by the government. To ensure that the portrait photo is linked with the passport used during issuance a so called ‘doc seal’ is calculated during the issuance and calculated again and compared each time during inspection. The virtual ID always has a link with the physical document. i.e. when the physical document expires the Virtual ID will expire as well. Machine verification helps the inspector to check the validity without the need of experts or training.

Doc seal

Doc seal is a technique that creates a seal from the ID citizen data that could be subject to forgery. In this case the portrait photo of the virtual ID is used to create a descriptor or footprint of the photo, called the PhotoBrief. The PhotoBrief is stored in the central Inspection Service. The PhotoBrief itself does not con­tain biometric data it only characterises the photo by using several points for comparison. The seal is calcu­lated over the photo each verification and compared with the PhotoBrief stored in the inspection service.

Roadmap, pilots in 2019

Being able to walk comes in different phases. Therefore, the virtual ID is in development validating the principles by testing the virtual ID in real world ‘physical’ situa­tions. The citizen can identify himself with the virtual ID app by showing the virtual ID to a relying party. Pilots are ready to launch in 2019 with real citizens and virtual IDs issued at pilot enabled municipalities.

Virtual identity

Besides this, the virtual ID is also ready to incorporate new identity principles, integrate the virtual identity with other systems and connect with the private sector. The main problem we face nowadays is that your identity is derived on a regular basis. To be compliant with the GDPR there should be one source that manages the life cycle of your identity without being derived or copied without prior consent of the holder. All with a purpose to launch a government issued virtual identity that is managed by the citizen himself instead of the government. Such an identity can be used for travelling, identification but also be the basis for online identifi­cations. Because in the end Identity, written with a capital ‘I,’ is about you in both the physical and the digital world.

Further reading

  • Standards: ICAO NTWG, 2018, ICAO TAG/TRIP NTWG DTC Sub Group Policy Paper Version 1.0
  • Regulations: European Commission, COMMISION IMPLEMENTING REGULATION (EU) 2015/02, 8-9-2015, celex_32015r1502
  • White Papers: E.van Dijk/I. Poulard IDEMIA, 2018-03-29, White Paper – DocSealPhotoBrief
Jouri de Vos
+ posts
Previous articleDriving mobile services
Next articleRecent impact in Optical Machine Authentication