When iOS 13 arrives, iPhones will be able to read a wider range of Near Field Communication (NFC) tags, including the NFC tags often used in official documentation. Last week, The Verge reported that Japan had confirmed its national identity cards would support iPhone through a government-developed app, and now we're hearing that German authorities are also gearing up to make several forms of ID compatible with iPhone NFC interfaces.
/article-new/2019/06/iphone-ticker-german-id-card-nfc.jpg?lossy)
First spotted by tech blog iphone-ticker.de, Germany's interior ministry has announced that iOS 13 will soon allow Apple users to load national ID cards, residence permits, and biometric passports onto their iPhones. At the same time, the federal government's AusweisApp2 will be updated for iOS 13 to support the digital ID function.
In current and earlier versions of iOS, Apple has restricted the NFC reader in iPhones to Apple Pay. iOS 13 removes that technical limitation so that iPhones can scan more NFC chips, but developers must gain approval from Apple before their apps can implement the feature.
In another example of Apple opening up NFC access, the U.K. government recently confirmed that it had reached a deal with Apple to make its Brexit app for EU citizens' residency rights work on iPhones via the NFC chip. According to the German ministry, it and many other states have been in contact with Apple for a long time to negotiate NFC access, so users can expect other countries to announce official documentation support in the run-up to iOS 13's release in the fall.
(Thanks, Chris!)
Top Rated Comments
Or is a digital passport already available in other countries.
When you get controlled by some authority (e.g. police doing road check), you would have to present your ID Card anyway. I can't see the difference to presenting a digital representation.
If you're afraid of being tracked: Having a digital representation of your ID card (or driver's license etc.) on your smartphone is the least of your problems - it'd be more about switching that wiretap device off that you carry around all of the time.
This all assumes, of course, that there is no secret backdoor allowing whatever agency to spy unnoticed by installing "special software" in secret. But if Apple would allow this and it would ever come to light, Apple would have its reputation destroyed, which may be a devastating (if not lethal) blow to the business model of the whole company - even more so, as they seem to be busier than ever explaining to people how much they value privacy and to which lengths they go to ensure it.
btw.: "Gattaca" is less about 24/7 monitoring, but instead much more about the ethical problems of being able to analyse (and manipulate) genetic prerequisites and deduct predictions for the whole life development of an individual person. Can't really see the relation to having a digital representation (i.e. different "physical" form) of a simple ID card, which is mandatory in many countries anyway. Or do you question the requirement for an ID card in the first place?
It doesn't work like that. A SmartCard is called SmartCard because it's actually smart. Much like an EMV transaction (pay using chip+pin, also most NFC transactions), the SmartCard doesn't just stupidly pass along the data that's stored on it, e.g. your name and birthdate and so on. This is the major difference to using a magstripe. The SmartCard is a small cryptographic processor (much like the SecureElement in an iPhone). It gets a request which it answers with a digitally signed reply.
Example (in a nutshell) based on an EMV transaction:
Terminal: "Please approve payment to Walmart with accountID12345678 in the amount of XXX. Date: xxx"
SmartCard: "I approve payment to Walmart with accountID12345678 in the amount of XXX. Date: xxx + digital signature"
In a secure environment the card will require the PIN to unlock the signing process.
As such it's impossible to copy a SmartCard, which essentially prevents identity theft.
In comparison: a credit card swiped (or even when used per NFC in some cases) just sends out "My number is 1234 5678 9012 3456, Expiry 02/20, owner: John Doe". Stealing this information is of course very easy...
(If the terminal expects this plaintext reply but the NFC card is set to only reply with a SmartCard-style digitally signed reply, it will reject the transaction. This is one of a few reasons why some European credit cards don't work with old NFC terminals, which are quite common in the US.)
NFC is just the technology to transmit data (like ethernet or WiFi). If your NFC card is just a dumb tag, that sends out a userID (or credit card number), it's insecure as that data can just be copied to another card that sends exactly the same reply.
If the card instead sends one-time passwords, that's more secure, but if OTP is intercepted & re-used in real time, it's not acceptable for high security.
If the card performs a cryptographic process (actual SmartCard) it can be programmed to require a PIN or other kind of approval mechanism. The digital signature as explained above will secure the transaction/login/...
If you don't even trust the reading terminals PIN pad (if PIN would be entered on a non-secure keyboard like on a laptop), best choice would be a card that has an embedded authentication mechanism, like this one: https://directrm.com/da-pin-pad-smart-card/
Yes, you do. These IDcards can proof your identity and age without human intervention and allow to sign documents electronically (properly, not some shady signing on the touchscreen).
Use case:
Signing of any kind document
Age verification (online)
ID provider (can be used to securely log on to websites without passwords)
In fact, an NFC+PIN SmartCard is the most secure way to log into anything. It would be the ultimate solution to get rid of stupid passwords while maintaining maximum possible security.
I recommend checking out YubiKey website as their device is practically a SmartCard in a different shape.
It's eerie to realize that movies like "1984" or "Gattaca" are not sci-fi anymore.
BTW: Will you also cheer up if the FBI can use this, or is it cool for every government agency but the FBI?