News in Brief
Veridos Launches MobileTravel Assist
Using an app developed by Veridos, travellers can now transfer personally identifiable data via NFC (near field communication) from their ePassport to their smartphones, making pre-travel administration easier.
The app works on a 2-step approach:
Step 1: Retrieve data. Firstly, a traveller is prompted to download and install the VeriGO® MobileTravel Assist app on their mobile phone in order to complete a transaction. The travellers then retrieves the data from their ePassport and stores it securely using VeriGO MobileTravel Assist on their mobile phone. The traveller can add additional data sets, such as those of family members.
Step 2: Transfer to website. If the traveller is accessing a service on a desktop browser, the website generates a QR code. The traveller opens the VeriGO Mobile Travel Assist app on the smartphone and captures the QR code to establish a secure connection. Once the VeriGO® MobileTravel Assist app has successfully connected to the website, the selected passport data sets can be securely transmitted.
Parties relying on MobileTravel Assist include any organisation which offers digital services and needs a reliable source of data to process the citizen’s request. For example, government authorities, border services or airlines can all benefit from the use of a passport data set. The app is available for both, Google Android and Apple iOS operating systems.
In the future, the app may also provide information for healthcare and financial applications.
Google Announces New Quantum Resilient Authentication Algorithm
The FIDO2 (fast identity online) industry standard adopted five years ago faces a real, if distant, threat from quantum computing.
Over the past decade, mathematicians and engineers have tried to head off this risk with the advent of post-quantum cryptography (PQC)—a class of encryption that uses algorithms resistant to quantum-computing attacks. This week, researchers from Google announced the release of the first implementation of quantum-resistant encryption for use in the type of security keys that are the basic building blocks of FIDO2.
The best-known implementation of FIDO2 is the password-less form of authentication: passkeys. So far, there are no known ways passkeys can be defeated in credential phishing attacks.
‘While quantum attacks are still in the distant future, deploying cryptography at Internet scale is a massive undertaking, which is why doing it as early as possible is vital,’ Elie Bursztein and Fabian Kaczmarczyck, Cybersecurity and AI Research Director, and Software Engineer, respectively, at Google wrote: ‘In particular, for security keys this process is expected to be gradual as users will have to acquire new ones once FIDO has standardized PQC resilient cryptography and this new standard is supported by major browser vendors.’
The PQC algorithm developed by Google in the implementation of FIDO2 security keys takes a cautious approach. It combines the elliptic curve digital signature algorithm (ECDSA)—believed to be unbreakable by classical computing but easily broken with quantum computing—with a PQC algorithm known as Crystals-Dilithium, which is one of three PQC algorithms selected by the US National Institute of Standards (NIST) for use with digital signatures.
To encourage collaboration, the researchers at Google have sent out the following invitation: ‘We are hoping to see this implementation (or a variant of it), being standardized as part of the FIDO2 key specification and supported by major web browsers so that users’ credentials can be protected against quantum attacks. If you are interested in testing this algorithm or contributing to security key research, head to our open-source implementation OpenSK.’
IDnow Receives Security Approval
Identity proofing platform, IDnow, has obtained the remote identity verification certification known as PVID (prestataire de verification d›identité à distance) on the level ‘substantial’ for its IDCheck.io Identity Proofing Service and VideoIdent Qualified Electronic Signature.
Introduced in March 2021, PVID certifies providers the ability to offer identity verification as defined by Europe’s Regulation on Electronic Identification and Trust Services, eIDAS Regulation.
Where eIDAS establishes European levels of security to meet the equivalence of a face-to-face verification for various use cases, PVID implements these levels of security to enable compliant digital onboarding for banking and other financial services in France. The certification, issued for two years, allows highly regulated banking or financial services providers to access a secure service offering, thus enabling remote identification while reducing the risk of identity fraud.
France is the first country in the European Union to have established an effective policy for remote identity verification.
‘Obtaining PVID certification is a source of great pride and validation for IDnow and a real recognition of our expertise in the digital identity market in France,’ commented Rayissa Armata, Senior Head of Regulatory Affairs at IDnow.
The Metaverse Offers Hope for People Without IDs
A new report from the World Economic Forum 1(WEF) claims that the metaverse has the potential to help billions of people across the globe access digital identities.
The metaverse is expected to spark a whole new economy with identity infrastructures, new financial assets and services. The adoption of the technology will hinge on the ability to combine identity, money and virtual assets seamlessly, the WEF report notes.
The report argues that while some applications such as media or entertainment may rely on anonymous or pseudonymous identities; banking, education or work-related experiences may require legal identification. Anonymous IDs may create risks but those can be mitigated by promoting a trust network allowing individuals to request trusted digital IDs and proof exchange protocols to exchange proof of identity in a privacy-preserving way.
While the metaverse may hold some promising solutions for digital IDs, experts are also warning that it may pose an additional risk of surveillance. Extended (XR) virtual (VR) and augmented (AR) reality often use biometric identifiers and measurements alongside real-time location and ‘always-on’ audio and video recording technologies.
This raises concerns about user privacy and security as the devices can capture information such as voice, iris, pupil movements and gaze, gait and other body movements, location information, device information and other personal identifiers.
1- www3.weforum.org/docs/WEF_Social_Implications_of_the_Metaverse%20_2023.pdf
Subscriber content
Read the full article
Full access to ID & Secure Document News articles, newsletters and archives.