SECURE BY DESIGN

We use physical identity cards every day in a myriad of situations/ways. A card represents our association with an organisation or permission to do something (like drive a car, enter a building, board an aircraft, etc.). It can also confirm our legal age, name, contact information, or even income.

So, let’s put our identity cards on a mobile phone. Simple, right? No, this is not trustworthy. It takes seconds to photograph an identity card using a phone. A simple image of an identity card on a phone or in a wallet app is not trustworthy on its own. Since each phone is not fully trusted on its own, a trusted approach to digital identity cards is needed, so that a Verifier (i.e. a relying party) can obtain and trust the data.

The Verifier needs to know that the data is unchanged and matches the official record of the issuer of the identity card. When a card issuer securely places a digital identity card onto an authenticated website, a trustworthy digital identity card is possible. The card issuer platform (ORGiD) electronically signs the data (“DID”) and ensures it is provisioned to the website accessible only by an authenticated user (“Bearer”). Everything from the name to the portrait image to the date of birth is signed and can be verified by any capable device via a Registered Reader (reader.orgid.app/verify).