Google is testing a new feature called "Digital Credential API" for Chrome on Android that will allow websites to request identity information from mobile wallets using Android's IdentityCredential system.
www.bleepingcomputer.com
Chrome for Android tests feature that securely verifies your ID with sites
By
Google is testing a new feature called "Digital Credential API" for Chrome on Android that allows websites to securely request identity information, such as driver's licenses and passports, stored in mobile wallets.
According to
Google's official documentation, the Identity Credential APIs provide an interface to a secure store that holds identity documents. These documents can be passports, drivers licenses, or any other identification document uploaded by the user.
Digital Credential API integration in Chrome uses Android's IdentityCredential system, which supports various types of credentials and data.
Google
says integrating "Digital Credential API" would allow sites to request real-world identity information from wallets via Android's IdentityCredential CredMan system, allowing websites to securely verify your identity without requiring you to upload documents manually.
"Government-recognized documents play a big and constructive role in society (e.g., drivers licenses, passports, etc.)," explains
Google's explainer on the new feature.
"Increasingly, with the movement of government and financial services online, and regulation (e.g.
eIDAS and various
age verification regulations), these paper-based documents are gaining digital counterparts."
This new feature allows websites to request identity information directly from your mobile wallet using a secure system called IdentityCredential.
When a website needs your ID, like a digital driver's license, it sends a request through Chrome. The user will see the request and choose whether to approve it.
If approved, Android will securely send the necessary information from the wallet to the requesting site, only sharing what is necessary. This way, your data is protected, and you control what information is shared.
"Websites can and do get credentials from mobile wallet apps through a variety of mechanisms today (custom URL handlers, QR code scanning, etc.)," Google noted in a support document.
"It is extensible to support multiple credential formats (eg. ISO mDoc and W3C verifiable credential) and allows multiple wallet apps to be used. Mechanisms will be added to help reduce the risk of ecosystem-scale abuse of real-world identity," the