IDs in Apple Wallet
On iPhone 8 or later running iOS 15.4 or later and Apple Watch Series 4 or later running watchOS 8.4 or later, users can add their state ID or driver’s license to Apple Wallet and tap their iPhone or Apple Watch to seamlessly and securely present it at participating locations.
Note: This feature is available only with participating U.S. states.
IDs in Apple Wallet use security features built into the hardware and software of the user’s device to help protect their identity and help keep their personal information secure.
Adding a driver’s license or state ID to Apple Wallet
On iPhone, users can simply tap the Add (+) button at the top of the screen in Apple Wallet to begin adding their license or ID. If users have an Apple Watch paired at the time of setup, they are prompted to also add their driver’s license or ID to their Apple Wallet on Apple Watch.
Users are first asked to use their iPhone to scan the front and back of their physical driver’s license or state ID card. The iPhone evaluates the quality and type of images to help ensure that the images provided are acceptable by the state issuing authority. These identity card images are encrypted to the state-issuing authority’s key on the device and then sent to the state-issuing authority.
Next, the user is asked to complete a series of facial and head movements. These movements are evaluated by the user’s device and by Apple to help reduce the risk of someone using a photograph, video or mask to try to add someone else’s ID to Apple Wallet. Results from the analysis of these movements are then sent to the state issuing authority, but not the video of the movements themselves.
To help ensure that the person adding the identity card to Apple Wallet is the same person the identity card belongs to, users are asked to take a selfie. Before the user’s photo is submitted to the state-issuing authority, Apple servers and the user’s device compare the photo with the likeness of the person who performed the series of facial and head movements and helps ensure that the photo being submitted is of a live person with the same likeness as that on the ID. Once the comparison is made, the photo is encrypted on device and then sent to the state-issuing authority to be compared against their image on file for their ID.
Last, users are asked to perform a Face ID or Touch ID authentication. The user’s device ties this single matched Face ID or Touch ID biometric to the state ID to help ensure that only the person who added the ID to this iPhone can present it; other enrolled biometric information cannot be used to authorize presentation of the ID. This occurs strictly on device and isn’t sent to the state-issuing authority.
The state-issuing authority will receive information necessary to set up the digital ID. This includes images of the front and back of the user’s ID, data read from the PDF417 barcode as well as the selfie the user took as part of the ID verification process. The issuing state also receives a single-digit value, used to help prevent fraud, that’s based on the user’s device use patterns, settings data, and information about their personal Apple ID. It’s then ultimately the issuing state’s decision to approve or deny the ID being added to Apple Wallet.
After the state issuing authority authorizes adding the state ID or Driver’s License to Apple Wallet, a key pair is generated in the Secure Element by iPhone that anchors the user’s ID to that specific device. If adding to Apple Watch, a key pair is generated in the Secure Element by Apple Watch.
After the ID is on iPhone, the information reflected on the user’s ID in Apple Wallet is stored in an encrypted format protected by the Secure Enclave.
Using a driver’s license or state ID in Apple Wallet
To use their ID in Apple Wallet, users need to authenticate with the Face ID or Touch ID device associated with the ID in Apple Wallet before iPhone presents the information to the identity reader.
To use their ID in Apple Wallet on Apple Watch, users need to unlock their iPhone using the associated Face ID appearance or Touch ID fingerprint each time they put on their Apple Watch. Then, they can use their ID in Apple Wallet without authenticating until they take their Apple Watch off again. This capability leverages foundational Auto Unlock capabilities detailed in System security for watchOS.
When users hold their iPhone or Apple Watch near the identity reader, users see a prompt on device displaying which specific information is being requested, by whom, and if they intend on storing it. After authorizing with the associated Face ID or Touch ID, the requested identity information is released from the device.
Important: Users don’t need to unlock, show, or hand over their device to present their ID.
If users have an accessibility feature like Voice Control, Switch Control, or Assistive Touch instead of having Face ID or Touch ID enabled, they can use their passcode to access and present their information.
Transmission of identity data to the identity reader follows the ISO/IEC 18013-5 standard, which provides for multiple security mechanisms available that are able to detect, deter and mitigate security risks. These consist of identity data integrity and antiforgery, device binding, informed consent, and user data confidentiality over radio links.
Identity data integrity and antiforgery
IDs in Apple Wallet use an issuer-provided signature to allow any ISO/IEC 18013-5 compliant reader to verify a user’s ID in Apple Wallet. In addition, all data elements on ID in Wallet are individually protected against forgery. This allows the identity reader to request a specific subset of the data elements present on the ID in Apple Wallet and for the ID in Apple Wallet to respond with that same subset, thus only sharing the requested data and maximizing the user’s privacy.
Device binding
IDs in Apple Wallet authentication uses a device signature to protect against cloning of an ID and replay of an identity transaction. By storing the private key for ID authentication in the iPhone device’s Secure Element, the ID is bound to the same device that the state-issuing authority created the ID for.
Informed consent
IDs in Apple Wallet reader authentication authenticates the identity reader using the protocol defined in the ISO/IEC 18013-5 standard. During presentment, an icon derived from the reader’s certificate is shown to them to give the user an assurance that they’re interacting with the intended party.
User data confidentiality over radio links
Session encryption helps ensure that all personally identifiable information (PII) exchanged between the ID in Apple Wallet and that the identity reader is encrypted. Encryption is performed by the application layer. The security of session encryption is therefore not reliant on the security provided by the transmission layer (for example, NFC, Bluetooth, and Wi-Fi).
IDs in Apple Wallet help keep users’ information private
IDs in Apple Wallet adhere to the “device retrieval” process outlined in ISO/IEC 18013-5. Device retrieval obviates the need to make server calls during presentment, thereby protecting users from being tracked by Apple and the issuer.