Making identity federated, portable and trusted
- By Stephanie Kanowitz
- Nov 01, 2016
A recent grant award has moved digital identities that will let citizens conduct business with the government and other entities a step closer to reality.
The $3.75 million National Strategy for Trusted Identities in Cyberspace grant that the National Institutes of Standards and Technology awarded to digital identity firm ID.me will go toward developing the online IDs, which will be the “digital equivalent of your driver’s license to prove who you are,” ID.me’s founder and CEO Blake Hall said. The grant will fund test deployments in Austin, Texas, and the state of Maine.
In Austin, the company is working on infrastructure for Thumbs Up, a public/private partnership that got the green light to move ahead with a voluntary, cross-platform digital identity initiative that verifies identities, letting users feel confident when conducting transactions as part of the sharing economy (think craigslist, Airbnb and ride-sharing services).
The plan is for Thumbs Up users to eventually be able to use those same credentials to access city services, volunteer at women’s shelters and vote online, said Josh Jones-Dilworth, CEO of Jones-Dilworth Inc., a consultancy for emerging technologies, and a member of the task force behind the program. Government and commercial use of the Thumbs Up app will be voluntary, but incentivized to encourage participation.
“Thumbs Up is not launched yet, but the city envisions it as a protocol that is available on a mobile app, that individuals, whether they are a passenger or a driver, whether they’re a host or a renter, they can use it in a peer-to-peer way,” Jones-Dilworth said. It will allow users "to say, ‘Hey, I’m about to come to your house to buy something from you and I want to see your identity. I want to know that you’re you. I want to see a photo, and I want the app to pair us to record the transaction so that we’re safe.’”
Here’s how Thumbs Up will work: Users will download the app and submit basic sign-up information. Thumbs Up will send a text message to validate the phone number and then start background checks, which are available in three tiers. The organization requiring the ID sets the tier.
At the most basic level, Thumbs Up will use Apple ID or Facebook to verify an identity. The second level is a name-based background check in which the applicant’s name is run against criminal databases. At the top, applicants undergo a fingerprint check that is compared against prints at the local police department and in FBI and Interpol databases. If everything checks out, the digital ID is issued.
It should take about 48 to 72 hours to get a digital ID, Jones-Dilworth said. And unlike driver’s licenses, Thumbs Up requires no renewals. If a user commits a crime after getting a digital ID, Thumbs Up will be notified through the FBI’s Rap Back program, which gives authorized organizations ongoing status notifications of criminal history reported to the bureau after the initial processing.
Currently, when the government or a company verifies an identity, it holds onto that data and the person who earned the credential can’t use it elsewhere. But Thumbs Up will put users in control of their data, letting them choose whom they share it with, Jones-Dilworth said. “The best thing to happen is for the individual to have the master copy of their data and to be able to control the send-out and the recall of that information,” he said.
The app and background checks will be free to all users -- ID holders and the agencies that require them.
Digital ID in Maine
In Maine, ID.me will provide a federated identity platform that will let the state “take advantage of the network effects that are inherent to that platform,” ID.me’s Hall said. “For instance, if I’ve been an ID.me member for two years and I’ve done over 100 transactions, we’ve vetted that person’s identity [and] there’s been no reports of fraud… [so] when that person goes to log in to a Maine app, that transaction is really secure,” he said.
To bring ID.me online, the state has to integrate with the company’s Identity Gateway, which is designed to make logins portable and trusted in the same way that, say, Visa makes credit and debit cards issued by banks portable and trusted, Hall said. ID.me will connect to identity and attribute providers such as Checkr, military service records and colleges and universities to verify claims such as veteran and student statuses.
ID.me is working on two applications for the state: one for education and one for professional licensing. It created a dashboard through which the agencies can choose various levels of background checks, including facial biometrics, text ID and Google Authenticator.
ID.me is also working with the Veterans Affairs Department on a single digital front door for veterans to access information, benefits and services and with the Defense Department on federating its single sign-on using ID.me’s credentials and that of any accredited identity provider.
Stephanie Kanowitz is a freelance writer based in northern Virginia.