North Carolina moves toward using electronic IDs
A secure way for citizens to access government services online — without identifying yourself in person — could be on its way to North Carolina.
North Carolina officials want to get away from requiring the public to meet with state employees in person in order to access programs in the state Department of Health and Human Services by developing a reliable and secure electronic identification system.
The state’s electronic identification, or eID, initiative has been gaining momentum since Massachusetts-based MorphoTrust received a two-year, $1.47 million grant from the National Institute of Standards and Technology last year. The NIST grant will help MorphoTrust investigate and develop secure technology that adheres to the White House’s National Strategy for Trusted Identities in Cyberspace, and put them in place in North Carolina.
Mark DiFraia, the senior director of solutions strategy at MorphoTrust, told StateScoop that the development of secure and reliable electronic identification would address security and business problems facing the state.
“There’s a problem that Health and Human Services has: In order to apply for food and nutritional benefits, somebody must appear in person to verify their identity as part of the process,” DiFraia said. “That puts a burden on the brick-and-mortar operations of that agency. Our pilot is aimed at eliminating the need for someone to go through that in-person meeting to apply for benefits by replacing it with an equally, or greater, trustworthy online experience that proves the identity of the individual.”
To make that happen, DiFraia said MorphoTrust has partnered with the North Carolina Department of Transportation to tap into its identity proofing process. With access to that database, the company can match identities established in an eID mobile platform to the DOT database and verify the user’s identity.
“We believe motor vehicle [departments] in the United States do the best job at vetting the largest population of Americans because that’s their standard process for issuing driver’s licenses and state IDs,” DiFraia said. The state would build on that process by “linking the actual individual through a mobile app back to the in-person proofing that they went through at the motor vehicle [department] to create a highly trustworthy online experience that proves the identity of the individual,” he said.
To secure the actual app, DiFraia said MorphoTrust will employ a variety of security techniques — such as not using an actual username and password. Instead, users will have to take a picture of themselves from their smartphones to initiate use of an eID for the first time — and every time they use the app afterward. That selfie will then be matched back with the DOT database to verify the user’s identity.
According to DiFraia, the application will be able to detect the difference between a photograph of a live human being and a two-dimensional copy of a photo of the users, in case someone tries to use someone else’s eID.
“You would not be able to [hold a printed out photo in front of the camera] in this solution,” DiFraia said. “The solution has a variety of methods that will be baked in to it to ensure that it needs to be looking at a real person in order to allow things to take place.”
DiFraia sees a larger opportunity if the project succeeds. The app could one day help provide large numbers of Americans with a trustworthy online credential.
“Right now, we see things like knowledge-based authentication questions, user-attested username and password … but we’re really trying to bridge the gap between midlevel trust and high-level trust so that all kinds of new, secure transactions can be executed online,” DiFraia said.
The North Carolina eID initiative is not the first digital identity initiative that MorphoTrust has undertaken. The company is also behind the digital driver’s license pilot in Iowa that was announced in December.
The difference between the two pilots, however, comes in how the technology is deployed. In Iowa, the digital driver’s license would be used in a variety of situations where an individual might need to show a physical form of identification — from in a federal building to at a traffic stop.
MorphoTrust is also working with the Iowa Department of Transportation to ensure the digital driver’s license meets the requirements established under the REAL ID Act, which the Congress passed in 2005.
Under the law, the federal government established minimum security standards for license issuance. Now in 2015, for the first time, federal officials may have the ability to reject the use of identification that does not meet REAL ID standards.
“As we work with states on digital driver’s license initiatives, we’re going to have to work with them to make sure that elements of the REAL ID law that are applicable are cared for,” DiFraia said. “We’re also going to need to work with them if they think there are things that we need to work tighter on updating or changing so we can work together in a digital world.”
Currently, American Samoa, Arizona, Louisiana, Maine, Minnesota, New York and Oklahoma licenses don’t comply with REAL ID standards, according to the Department of Homeland Security’s website.
In North Carolina, however, MorphoTrust’s pilot is not working on a physical form of identification that would require REAL ID compliance. Instead, the eID pilot is solely dedicated to online interactions.