An example of dematerialised ID being used to verify identity
Section 8 of the Asylum and Immigration Act 1996 requires employers to check before hiring them that new recruits have the right to work in the UK.
New procedures were introduced on 1 May 2004 which specify the material certificates a selection of which must be checked. These include passports, other travel documents with specified endorsements, residence permits, ARCs, P45s, P60s, birth certificates, naturalisation certificates, work permits and specified Home Office letters.
Suppose that these certificates were all available in digital rather than material form, that RecruitingCo would like to employ ProspectiveEmployee and that PersonnelOfficer has been given the job of checking ProspectiveEmployee's right to work in the UK. The scenario envisaged is as follows:
Step 1 PersonnelOfficer goes into his office with ProspectiveEmployee, who has his mobile phone with him. PersonnelOfficer logs on to RecruitingCo's computerised, PC-based HR system. He identifies himself by specifying his user ID and password. The HR system checks and establishes that PersonnelOfficer is authorised to perform IsEntitledToWork checks.
Step 2 PersonnelOfficer uses the IsEntitledToWork transaction to log on to DWP's website. The data he types in to the transaction dialogue is encrypted using the private key of RecruitingCo's digital certificate of incorporation. DWP decrypts the data using RecruitingCo's public key, available via the Internet from Companies House, having first checked that the Companies House certificate has not been revoked. DWP has thus established that this is a person (RecruitingCo) currently authorised to make IsEntitledToWork checks.
Step 3 The IsEntitledToWork transaction displays a list of acceptable certificates, PersonnelOfficer chooses passports and asks ProspectiveEmployee to answer the Yes/No questions which will appear on his mobile phone display as long as he is within range of the Bluetooth adapter on the PC.
Step 4 The effect is to send data to DWP, encrypted with the private key of ProspectiveEmployee's digital passport, a certificate issued to him by UKPS and stored on his mobile phone. DWP decrypts the data using ProspectiveEmployee's public key, available via the Internet from UKPS, having first checked that the passport has not been revoked.
Step 5 A picture of ProspectiveEmployee obtained from UKPS is transmitted from DWP to RecruitingCo and displayed on the PC. PersonnelOfficer performs a human visual check, nothing biometric, and confirms that this is, as near as he can tell, what the man in front of him looks like.
Step 6 Having established that ProspectiveEmployee is allowed to work in the UK and that this is ProspectiveEmployee in the room, DWP displays a message to that effect on the PC and sends a confirmation to RecruitingCo by email. It is now legal for RecruitingCo to make ProspectiveEmployee a job offer.
The use of the mobile phone at Step 3 above is akin to using the zapper to change channels on your TV or to using the key-fob to lock your car from across the street. It is also like the process of entering your PIN at the supermarket check-out, except that there are no material cards or documents or certificates or vouchers involved, they are all dematerialised.
Any number of amendments to this scenario may be needed in practice. For example, perhaps a receipt should be sent to ProspectiveEmployee at Step 6 above as well as to RecruitingCo. This sort of elaboration aside, it should be clear that dematerialised ID could theoretically be used for verification of the right to work in the UK and, similarly, for other verification transactions.
Remember that dematerialised ID incorporates PKI. The passport in the example above is authenticated, it cannot be a forgery. The dialogue between RecruitingCo, ProspectiveEmployee and DWP is all encrypted, there is no possibility of eavesdropping. (To be more precise, an eavesdropper could listen to the dialogue but he could not understand what he is hearing.)
Compare this scenario with the current situation when we hire a car in the UK.
The photocard driving licence does not include details of any endorsements. These are recorded on a separate counterpart driving licence.
Instead of one certificate, therefore, we end up with two.
If you forget to take the counterpart with you to the hire company, they have to telephone the Driver and Vehicle Licensing Agency to check your endorsements, if any, which takes time, annoys the people in the queue behind you, increases the cost of the transaction and may make your endorsements embarrassingly public.
The photocard includes a tiny photograph of the bearer, only a quarter the area of a passport photograph, which is of severely limited value for verification, whereas the photograph used at Step 5 above can be as big as the PC screen.
The government's ID card scheme could well repeat this clumsiness. Dematerialised ID would avoid it.