5 September 2022

From three crosses on a piece of paper to confirmation by smartphone: what have been the most radical innovations in personal identification?

Contemporary identification tools don’t even need a chip anymore, let alone a pen. All you need is a smart device.

Once upon a time, poorly educated farmers used to put three crosses next to their names on contracts to buy or sell land. Today, we’ve moved into the age of quantum computing, where highly sophisticated mathematical systems need to be developed to ensure identification. What has this journey been like?

There are more and more situations in our lives where we need to check that the person we are engaging with is who they say they are. In the old days, this was not much of a problem: people lived all their lives in the same place with the same people, practically never leaving. There was no need for identification, everyone knew who was who anyway.

However, as people became less dependent on the community, society became more anonymous and the harder it was to know whether a person actually was who they claimed to be.

Signature first

The introduction of symbols written by hand, including the signature, is probably the first method of identification that became widely used. One of the principles of a signature is its individuality: it is written in a way that makes it difficult for other people to achieve exactly the same result. And whilst not quite 100 per cent foolproof, it has been quite effective in the pre-digital age.

The widespread use of an identity document – the identity card – started in the last century. However, digital solutions are the keywords of the 21st century.

The first electronic solutions were actually introduced at the end of the 20th century: they were the code cards of banks, which were withdrawn from use a few years ago. PIN calculators still remained. People entered the number sequences and passwords at their disposal to prove that the person carrying out the operations was who they claimed to be. In addition to banking transactions, a whole range of public transactions could be carried out without people having to go to an agency and showing their face to an official.

Respective laws were created

A legal framework was created before the technical solutions were developed: the Identity Documents Act, adopted in 1998. It stated that the basis for the identification of a person is an ID card, on which the person’s private IT keys can be stored.

In essence, this means a sequence of numbers belonging to a single person. It’s like a signature written in pen, and it has to be so difficult to guess that no one else can copy it or figure it out. This law equalised handwritten signatures with signatures made by electronic means. The Information System Authority (RIA) had to ensure the functioning of the system.

Although the law itself was passed, there were no such technological possibilities at the time. The electronic ID card with a chip was introduced in 2002. Its principle is very clear: your key is on the chip of your ID card and when you insert the card into the reader, it can be read and authenticated or signed.

Over time, it became clear that keeping a personal code on the ID card was not the most convenient option. A SIM card in the mobile phone, where the same private information was stored by the mobile operator’s service provider, was then introduced. This solution is called Mobile ID.

No chip solution

In the case of these two solutions, the data must be physically stored somewhere. However, it has its drawbacks. If such a system were to be introduced in India, for example, it would be much more expensive to issue a card with a separate chip, which would also have to have all kinds of security features, from holograms to various codes.

The next step was Smart ID, which does not require a separate chip for the code key that identifies a person. Data is stored in a secure location on the phone, so there’s no need to go anywhere to set it up. If the phone can do it on its own, the solution is much cheaper and easier to produce.

But we now need to take a step beyond this solution too. If we want identification to really work, the identity keys must be encrypted in a very secure manner, so that no hacker or scammer can decipher them. However, all of the above systems rely on an encryption system called RSA, developed in the 1970s.

Quantum computers are mixing things up

Quantum computers will soon be available for use and they can compute significantly faster than the current ones. This in turn means that the encryption options that work on the basis of the current principles will become too simple.

As a response to this, LeverID has been developed and is already in use, and it’s already at a completely new level of security because its encryption principles are simply much more complicated.

The system was developed by a company called Levercode in collaboration with cryptography experts from TalTech. The new system is mathematically much more sophisticated than the existing solutions and very difficult to guess, even for quantum computers. This adds to reliability.

You can read more about the biggest security risks to identity verification and the best ways to mitigate them in our blog soon.

Share this article: