With the release of any new technology comes a slew of new jargon to get to grips with. The use of this technobabble can often alienate, rather than engage, its target audience. Rather than using buzzwords to describe what are often quite simple concepts, we at Thirdfort think the best way to understand the benefit of legaltech is to hear it in plain English.
Words like ‘cryptographic’ and ‘signing-key’ have been thrown around in recent weeks, along with ‘NFC’, which we discussed last week. What exactly do all the terms in HM Land Registry’s Digital ID Standard mean, and how can this technology help the conveyancing sector? In this post, I’ll be cutting through the jargon and simplifying the benefits of the tech featured in the Digital ID Standard.
The definition of cryptography in a dictionary is ‘the art of writing or solving codes’. In computer science, the use of cryptographic technology essentially translates to the art of secure communication. This means that information and communication is hidden (hence crypt-) through computer coding.
In a digital ID sense, cryptographic technology will be used to safely and securely transfer the data being given by the consumer to their lawyer, via their law firm's trusted provider. This process is often referred to as encryption and means that only the intended recipient of the data, the law firm, will be able to view it.
A signing key in this instance is a unique identifier, or a ‘Private Key’ within an NFC-enabled passport. This unique identifier contains all of the information that is held within the passport, but in an encrypted format. The contactless chip in passports is protected against unauthorised access via a security mechanism that can be unlocked using the document number, date of expiry and date of birth as a password. This information is part of the so-called Machine Readable Zone (MRZ), which consists of the two lines at the bottom of the passport.
The computer readable ‘private key’ is unique and cannot be replicated. The technology enables the data from the passport to be translated into a legible format, as well as a format that can then allow facial recognition checks to see if the user is the same person as the passport holder.
For a more detailed look at ‘signing-key’ technology, you can take a look at an article from ReadID, one of Thirdfort’s technology partners, that can be found here.
In the context of the Digital ID Standard, facial recognition is the act of cross-referencing features such as specific measurements between facial features with a digital image of an individual which has been sourced from their identity document. The technology is not looking for features that can change, such as hair colour or facial hair, but instead it is looking at the biometrics of their face (the term ‘biometrics’ means the measurement and analysis of unique physical or behavioural characteristics - such as fingerprint or voice patterns - especially as a means of verifying personal identity). It will analyse a multitude of identifying features such as the width of an individual's nose and the depth of their eyes to ensure the image sourced from an ID document matches a live photo/video of the individual.
Machine Readable Zone
A Machine Readable Zone (MRZ), is the sequence of letters and numbers that appear at the bottom of the ID page of some passports. This MRZ is designed to be read by automated systems, and provide all relevant information about the identity document. Furthermore the exact layout of the MRZ is used as another indicator to prevent forgery. In the photo below, the MRZ can be seen as the two lines at the bottom of the page.
In essence, a liveness test ensures that the person whose ID is verified as being authentic is present and controlling the device that is being used to compare the individual and the passport to one another.
Facial recognition technology will match the person to their digital ID. Further proprietary technology will be used to verify the individual is present and is the same individual as the one in the identity document. In Thirdfort’s Standard ID check, this will be done through measuring a number of factors when the user is exposed to certain conditions. This includes, but is not limited to, the reflection of light from the person's skin and their movement patterns during the screen. This is all used to assess whether they are a genuine person, and reduces the risk of scenarios such as someone impersonating another individual or a machine controlled simulation, including those referred to as ‘deep fakes’.
As lawyers, you shouldn’t be expected to be tech experts. At Thirdfort, we want to make compliance simple. Want to know more? Get in touch at firstname.lastname@example.org.