Page Summary
-
Digital Credentials (DCs) allow users to securely store and manage their identity documents on Android devices through Google Wallet.
-
Issuers can verify the user's physical identity document and automatically update or renew the DC as needed through the Google Wallet integration.
-
Google Wallet prioritizes user privacy by encrypting sensitive data, not storing user identity information, and requiring user authentication for each DC presentation.
-
The Digital Credentials Provisioning API facilitates the management of the entire lifecycle of DCs, which is compliant with the ISO/IEC 18013-5 standard.
-
Users can present their DC data to a relying party via QR code or NFC tap after authenticating.
An identity document is needed for many different use cases, such as the following:
- Age verification for purchases and event entry
- Legal operation of motor vehicles
- Identity verification for air travel
- Address verification at government offices
By integrating with Google Wallet, Issuers are able to securely provision and manage Verifiable Digital Credentials (VDC) to Android-powered devices. The provisioning process includes verification that users have their physical identity document in their possession and the photo matches the person submitting the request.
Users also benefit from creating their VDC. Once approved, their VDC is instantly loaded on their Android-powered device. If information about a user changes, such as their address, Issuers can automatically update the VDC for the user. Using the same provisioning flow, automatic renewal is also possible.
Security and configurability
Google Wallet is designed with user privacy and control in mind. Issuers have additional control over security configuration and criteria to protect their systems and the user information they manage. The following list describes VDC features that give users more control over what information is made visible to relying parties.
- Sensitive data is encrypted between the user's device and the Issuer. Google doesn't access any identifying information about the user's real-world identity during VDC provisioning or transmission, and will only ever see that data if the user explicitly consents to share it with Google after provisioning
- All identifying VDC data is stored on the user’s device, it is not stored or used by Google
- Each time the VDC is presented, users must authenticate prior to transmission
- Users can remove their VDC from their device both locally and remotely
Google Wallet's Digital Credentials Provisioning API
The ISO/IEC 18013-5 standard defines the guidelines for the format and transfer of an VDC between a user's mobile wallet, VDC readers, and issuing authorities. Google Wallet's Digital Credentials Provisioning API exposes a set of ISO-compliant methods that can be used to manage the full lifecycle of credentials such as VDC.
For more information, see the API reference
Lifecycle
For each stage of the VDC lifecycle, see the linked pages for examples of the user experience.
| Stage | Description |
|---|---|
| Provisioning | A user adds their identity document as a new VDC on their Android-powered device. This includes the physical card, liveness capture, and any additional verification steps. |
| Viewing | A user authenticates in their Google Wallet app to view their VDC details. |
| Presentment | A relying party requests VDC data, which is transferred by the user via QR code or NFC tap. |
| Management | A user manages their VDC on Google Wallet. |
Terminology
| Term | Definition |
|---|---|
| Presentment | The process of a relying party requesting information from a user, a user reviewing the request, and the data being sent to the relying party by scanning a QR code or NFC tap. |
| Verifiable Digital Credential (VDC) | A signed, ISO-compliant data bundle representing a identity document provisioned by an issuing authority. A VDC includes all the data fields of a physical identity document and a signature to verify the data has not been tampered with. |
| Identity assurance level (IAL) | A category that describes the degree of confidence that a user's claimed identity is their real identity. See the NIST Special Publication 1800-17 for more information. |
| Identity attestation | A declaration that something exists or is the case made by Google. Attestations may have varying levels of confidence. The data provided in an attestation can also be a simplification of the raw data, such as “over 21 years old” instead of the user's actual age. |
| Identity evidence | Information or documentation provided by a user to support the claimed identity. Evidence may be physical (e.g. an identity document) or digital (e.g. an assertion generated and issued by a common services provider). See the NIST CSRC glossary for more information. |
| Identity metadata | Data fields that make up a user's identity (age, date of birth, name, etc.). |
| Issuing authority (Issuer) | The entity responsible for issuing credentials to users. For identity document in the United States, the Issuer is the Department of Motor Vehicles (DMV) for the user's state of residence. |
| Relying party | A third party that requests specific fields from a user's VDC to validate their identity. |