Ubiqu will be working with the U.S. Department of Homeland Security on a two-year project to help identify, develop, and implement privacy-enhancing technologies, Homeland Security has announced here.
Collaborating with five other startups, Ubiqu will be integrating its Remote Secure Element (RSE) technology with digital wallets supporting W3C VCDM and W3C DID standards. This allows users to maintain sole control over their credentials, ensuring transparency and consent, while providing comprehensive recovery solutions – facilitating a highly secure and convenient user experience for digital credential services.
The Homeland Security project
While Europe has been making progress with the implementation of eIDAS 2.0, other countries have not been idle either. The United States is one of them: with the new project, the Department of Homeland Security aims to make progress with developing a system for American digital identity. Being picked as one of those companies, Ubiqu will be working on this project over the next two years. What does the project entail, and in what way is Ubiqu involved? Our CEO Boris Goranov explains the project.
“17 years after the introduction of the first iPhone, we still do not have passports on our phone. With our technology, we can change that.” – Boris Goranov, CEO Ubiqu
“17 years after the introduction of the first iPhone, we still do not have passports on our phone. With our technology, we can change that. At Ubiqu, we enable the development of scalable wallets. How does that work for digital passports? A physical passport contains a chip, that ensures that the passport is unique and inclonable. What we want to do is replicate that on a mobile phone. However, the secure chips in these passports are not available on mobile phones. So that’s what we’ve built. Ubiqu has enabled the linking of a Remote Secure Element on your mobile phone, to enable the same security guarantees for an application as for a physical passport. Now, you will be able to show your passport digitally, in use cases that actually matter.”
Ubiqu’s technology focuses on the use of a Remote Secure Element, Boris explains. “This is a hardware element that is stored in a secure data center. Through our technology, the chip can be linked to the app, remotely, ensuring the user remains in control. These chips exist already, for example in your Apple Wallet. However, these are not certified and local to the phone. And while you manage the usage, companies manage the wallet. You, as the user of your app, do not have exclusive control of the cryptography. This is different for digital identity wallets: you manage your wallet and decide yourself how to fill and use it. To ensure the highest level of security, users should have exclusive control of their cryptography.”
At the same time, Ubiqu enables the use of any type of cryptography, on any protocol, Boris adds. “And what’s really important as an issuer, is that you can ascertain that the cryptographic keys are actually stored in a certified, verified device, so that you have the confidence that you’re issuing your credentials in a trusted wallet, that will be using your credentials in assured ways.”
Homeland Security has many use cases for this technology. One of those use cases is the creation of an immigration credential, in the form of a mobile application. Boris explains. “Through a procurement process, six organizations were selected, each with their own task. Ubiqu’s task is developing the cryptographic storage. We do so by using our Remote Secure Element to control the wallet and its content.” As a cohort, the group will contribute to the W3c standardization process and contribute to open-source wallets, he adds.
Why Ubiqu?
“Our technology is unique in the field,” Boris notes. “In the procurement process, Homeland Security focused on a couple of main areas, such as exclusive user control, recovery, and independence from big tech such as Google and Apple.”
Culturally speaking, there’s a couple of difference between the U.S. and Europe, Boris says. “We can see that Europe has made more advances in digitalization. In the U.S., the concept of identity is viewed differently, with a strong demand for privacy and independence from the government. Often, Americans trust companies more than the government. Considering this, building a system of decentralized identity with self-control over these systems is crucial.”
Recovery is a big point in the security of digital identity. What happens when you lose your phone? “Without the Remote Secure Element, the data will be gone. You don’t want to put any copies or backups on a server, because the user will lose their exclusive control. However, when we encrypt the data and back it up somewhere, exclusive control can be retained. When activating your new wallet, you can access your old wallet by identifying yourself. Then, you can connect the two wallets, so the Remote Secure Element can be linked to the new wallet.”
A collaborative project
Ubiqu will be working with the following companies:
- Credence ID, an Oakland, California-based U.S. company, which specializes in standards-based identity verification and authentication solutions for in-person and online use.
- Hushmesh, a Falls Church, Virginia-based U.S. company, which will adapt their technology, the Mesh, incorporating built-in cryptographic security and universal zero trust.
- Netis d.o.o., a Ljubljana, Slovenia-based company, which will enhance its existing MIDVA platform to support W3C VCDM and W3C DID standards.
- Procivis, a Zurich, Switzerland-based company, which will enhance its existing Procivis One platform to better support W3C VCDM and W3C DID standards in digital wallets and verifiers.
- SpruceID, a New York, New York-based U.S. company, which will enhance its digital wallet and verifier capabilities to better support W3C VCDM and W3C DID standards for enterprise and public sector environments.
What’s next?
In the coming two years, Ubiqu will be working on the project together with the other five companies. “We start testing in phase three of the project with penetration tests. At that point, all that matters is whether it works.”
“Looking forward, I see opportunities to build bridges between the U.S. and Europe. How can we work together to increase efficiency? These are discussions we can now get started. With our experience, we could also contribute to building the digital American passport,” Boris imagines. “Digital security will always be at the core of what we do. Digital identity is the next step in digitalization, and we need to do it in a safe and secure manner. The more people will use our technology, the safer our digital world will become.”