Google has started testing a “Digital Credential API” on Chrome for Android, designed to enable sites to request and verify identity documents stored in mobile wallets securely.
Through the API, users can share different forms of identification, including passports and driver’s licenses, securely from their phones.
Facilitating Secure Identity Requests
Google’s official Android documentation states that the Identity Credential APIs offer an interface to a secure repository for various identity documents. Such documents may encompass passports, driver’s licenses, or any other form of identification that the user has uploaded. A GitHub page for the Digital Credentials API offers more details about its planned properties:
“By separating the act of requesting from the specific protocol, we can enable flexibility and adaptability in both the protocol and credential formats. This way, the pace of changes in browsers won’t hinder progress or block new developments.
Require request transparency, enabling user-agent inspection for risk analysis
Assume response opacity (encrypted responses), enabling verifiers and holders to control where potentially sensitive PII is exposed
Prevent website from silently querying for the availability of digital credentials and communicating with wallet providers without explicit user consent”
The new feature integrates with Android’s IdentityCredential system, which accommodates various credential types and formats. This interaction streamlines the process by allowing direct sharing of identity information, bypassing the need for manual input. Applications can use the IdentityCredential APIs to implement credential-specific presentation and verification protocols. The system is designed to be extensible, allowing applications to supply their own secure storage implementations like external dongles or cloud Hardware Security Modules (HSMs).
Chrome Functionality
Website requests for identification trigger a prompt in Chrome, where users can approve or deny the request. This step ensures that users control what information is shared and when. Google highlights the significance of using authenticated documents in the digital realm, especially as online services and regulatory requirements grow.
Existing methods for websites to obtain credentials from wallet apps involve techniques like URL handlers and QR codes. The new API supports credential formats, such as ISO mDoc and W3C verifiable credentials, and allows for multiple wallet apps. Google aims to implement safeguards against misuse and large-scale identity fraud within this system.
Last Updated on November 7, 2024 3:46 pm CET