During the last weeks, there has been a lot of hype regarding the new miDGT, the Spanish application for having your driving license in the form of a smartphone application.
In this article, in addition to telling you how and what you can use miDGT app for, I will explain how using Blockchain we can solve privacy problems and reach what is called Self-Sovereign Identity. Here is an index if you want to get to the point:
- miDGT, the beginning of Digital Identity
- Install and activate miDGT app
- 3 big questions: Credentials Validation, Security & Recovery and Privacy
- Blockchain to solve privacy problems: Use Case
The idea behind the application is to have digital documents related to the driver and his/her registered vehicles. The first benefit I’ve seen was knowing exactly which my driving point’s balance was. That used to require a query to a DGT service that didn’t work that well in the past.
It is also useful for knowing which vehicles are registered to you, which helped me to double-check that my old Jag is no longer attached to me. Even I can see the relevant documents (technical sheet and registration certificate) of my vehicles! And those seem to be certified in case the police requires them from me at a control.
Finally, it is also a channel for DGT to communicate with me (hopefully not very often, I still think of myself as a good driver 😉
Is this a beginning of the new era for Digital Identity?
Digital Identity is a set of attributes related to an entity, like your ID number, birthdate and home address. Academic titles also included. But some other attributes may be not so obvious like the reference number of your electrical installation. At the end, any relevant information about anything that it is “yours” even if it is temporary. This is obviously it is a digital asset, and in order to be useful, it requires some method of verification.
So miDGT is a first step into Digital Identity. Initially, DGT warns the user that nowadays the application is not a replacement of the physical driving license. But it will become. Why? Because only you can install and activate it in your phone. And it is DGT who emits the driving license and documents, with its validation on them.
How to install and activate miDGT using Cl@ve?
Installing the application was as easy as any other, you phone-related application market. Unfortunately, beta program is closed right now -I guess I was lucky- and you’ll need to wait for another batch of beta slots. But activating the application requires some form of formal identification. In my case I choose Cl@ve.
Cl@ve is literally a system to identify yourself electronically to use in your relationship with public administration. There are several ways to obtain your Cl@ve:
- The faster: to go to your Hacienda or Seguridad Social office, there you identify yourself with a valid photo Id and then you can use the Cl@ve application.
- The slower but easier: going to the website and send the online request to your IRPF tax’s registered address a certificate. This process will take a few days.
Having Cl@ve allows you to enter any government website as if you had an eDNI or FNMT’s digital certificate. The main difference with that eDNI requires a reader and the digital certificate has to be installed in a single PC. This is an early step towards digital identity.
Using Cl@ve and miDGT now I have a set of digital documents that eventually will have the same value as the physical ones.
So, is miDGT an app for Digital Identity?
It is. It holds a lot of information that is known as credentials: valid driving licences (car, motorcycle, bus…), points balance, registered vehicles, and those vehicles related documents. A lot of information.
And the journey will start the day when you will be able to use that information with third parties: insurance companies, car hire, ITV. The use cases are endless. But…
What a about something like miDGT for my national ID, passport, my degrees, or…
That’s the idea! Should have all your relevant information digitally issue it would be a huge step towards real digitalization.
In that case, any of your personal data can be a different credential, you ID number, address, phone number, college degree, age, etc. etc.
But the ideal user experience would avoid using with a different application for each one. miDGT is great because it is the first one, and it is a huge step forward. In the future, there will be a general purpose wallet where all the credentials are stored.
This raises big questions: Credentials Validation, Security & Recovery and Privacy
🤔 First: Credentials Validation
If I want to use one of my credentials, for example “I’m a student” how do I give that to someone to earn a student discount and how can the recipient confirm its validity.
“Giving a credential” will be like sharing a contact, the wallet application will create a tiny file that will be sent (or scanned in the form of a QR code) to the recipient.
Confirming the validity will be based on public-key validation. Let’s go a bit deeper on that following the example of the student credential.
Let’s see it with an example:
The university where I study issues a digital credential to me that says “Juan Tavira is a student of ACME University”, along with it will also say, “And I certify with my digital signature”. This is done using a large chunk of numbers and letters that are the digital signature of the document. The digital signature is a process where someone takes some bytes (the document) and applies a complex mathematical process with a secret number, something only ACME University knows and nobody can fake.
When I present the credential to the museum, they scan it and see “signed by ACME University” Using an application they can use another public number from ACME University -different to the secret one but related- to confirm that the signer is valid. Then they can give me my student discount. This cannot be faked either: the public and private numbers are related but knowing just the public is impossible to guess the private, it will take a super computer millions of years.
🤔 Second: Security & Recovery
What If I even lose my phone? How do I know that the information is secure? Can I recover it?
We have used the phone example because it is the easiest way to show the portability of the digital identity but it is not restricted to it. You can have a backup at home, in a pen drive where it is secure. And recover it later in your new phone.
And obviously the wallets (phone, PC application, etc.) will need an access a pin or password. In the case of phones those credentials will be stored in a secure area, inaccessible without the pin or password.
🤔 Third (and big) question: Privacy
Privacy is one of the big things of these days. And Digital Identity won’t solve it alone. Once you give information to a company they have it and you have to trust they will use it only for the original purpose. But digital identity can work towards privacy. The great benefit of digital platforms is that you can track which information you gave to whom, when, even the purpose, and that can be done automatically!
Juan, you are a Blockchain guy, is this not another of your techy Blockchain articles?
I’m glad you asked, because it can be. At least partially 😜
There’s a concept even more advanced than Digital Identity, it is Self-Sovereign Identity. It means simply that you have to be in control of your personal information. And we will solve it adding Blockchain to the equation.
We said previously that privacy was a problem, but you can use digital platforms to track everything. What if instead of being me who tracks thing it is a distributed Blockchain platform who does it?
It is important to note that the Blockchain will never store your personal information; that would be against GDPR. But you can store digital signatures of the credentials, the state, the issuer of a credential and the recipient of a credential you give and the purpose of giving a credential.
For example: DGT issues me my Driving Licence. When the DGT does this it writes in the Blockchain:
- Hash of the document (driving license in this case) with DGT signature.
- Status of the document: valid.
Then I can use my digital Driving license credential to rent a car. In that case, I would send it to ACME cars and write in the Blockchain.
- Hash of the document with DGT signature, and ACME as the recipient.
- Status of the document: valid until 8th February 2020 (when the hire contract ends).
After this ACME cars will have my Driving License credential, can check that DGT issued it and it is valid. And they can see that I only give then permission to use it until the 8th, where the car hire ends.
Unfortunately before I can even pick the car I lose all my driving license points, and the DGT can update the Blockchain:
- Hash of the document with DGT signature.
- Status of the document:
Should I try to pick the car, ACME can check the status of my license. As the DGT has revoked it they deny giving me the car.
This method grants both privacy and tracking.
An example of Self Sovereign Identity is Alastria ID imitative I strongly suggest you to read more about it here.
Digital identity is slowing coming to us, what we (users, companies and government) have to do is properly embracing it, we will all benefit.