Identity Services for myColorado™ Mobile App Powered by Ping Identity

Back
November 12, 2019

Many people who live in Colorado are already familiar with the myColorado™ application, the State of Colorado’s official mobile app™.

The mobile app provides Coloradans with secure and convenient access to state services anytime, anywhere, and it allows you to do some great things like renew your driver license online, receive notifications about important state news, and now show proof of identity with the Colorado Digital ID™. If you’d like to learn more about the myColorado application, visit https://mycolorado.state.co.us/, or download the app in the Apple App Store or Google Play. 

At Ping Identity, we’re especially proud of this mobile app because it uses the Ping Intelligent Identity™ platform to provide seamless registration, login and multi-factor authentication, and driver license image verification for the state. 

 

What Is Colorado Digital ID?

Although it is beyond Ping Identity's purview, a particularly interesting part of myColorado is the Colorado Digital ID. Presently, Colorado Digital ID is an electronic visual representation of a Colorado driver license or state ID stored within the app wallet. It provides proof of identity, age and address for interacting with government agencies and businesses within Colorado. The Colorado Digital ID is a secure, unique visual representation of what has traditionally been the legally accepted official physical format of a person’s identification. In the future, it will include the ability for app users to securely and selectively share identity information with merchants, law enforcement, and government agencies without the need to carry a physical card. 

 

Recently, the Colorado Digital ID took a big step forward. On October 30, 2019, Governor Jared Polis issued an Executive Order stating that the Colorado Digital ID may be accepted as a legal form of personal identification for use in Colorado. Colorado merchants are encouraged to begin accepting the Digital ID, and beginning December 1, 2019, all executive branch agencies may accept the Digital ID as a method to prove a person's identity.

 

Promises and Concerns of Digital IDs

Digital IDs like the one in Colorado are great early examples of how you can securely control the use of credentials such as your driver license that are verified by a third party (in this case, the state), both in person and online.

 

A Digital ID is more secure than a typical polycarbonate ID which may be stolen or used after being revoked by the DMV. Also, an app containing a Digital ID requires you to authenticate before use, but your physical driver license does not and can be used by anyone who looks a bit like you do if stolen.

 

People are often skeptical that putting their ID on a digital platform will actually make it more susceptible to thieves. The truth is every form of identification is already on a digital platform, and not just the government’s. Every time IDs get swiped at a store to verify age or are scanned by a care provider for records, copies are created. In fact, dozens of copies exist, and they all contain your personal information even if it wasn't required.

 

Right now, Digital IDs can help you control what personal information is shared to complete a particular transaction. A user can provide only what's needed and nothing more, unless explicitly consenting to share that additional information. As an example, here’s a screen in the myColorado app that allows you to control the information you provide:



In the future, we’ll be able to integrate encryption and security technology that will allow us to monitor and revoke access after the fact. The information can be easily updated—a change in your address doesn't need to result in another trip to the DMV, waiting for the mail or a lower-tech mechanism like a sticker to keep the license valid.

 

With Digital IDs, we can do a better job of protecting a user’s privacy, which is an important goal. With the Colorado Digital ID, users can control exactly what information is available for each situation. For example, you can choose to only show your age (or a simple “over 21”) from the app when buying an age-restricted product.

 

As digital identities and wallets evolve, this same control will apply to online purchases and business dealings such as applying for car insurance. Currently, when you’re online and need to share validated information such as a driver's license or a passport, you have to email or fax the information to the other party, which is neither convenient nor particularly secure. I certainly don’t want a scan of my passport sitting in someone’s email server forever, and Digital IDs promise to eliminate that.

 

Another concern we at Ping hear is that since the Digital ID is stored on your phone, you’ll be giving unrestricted access to the contents of your phone if asked to present your ID to a merchant. This concern is handled in multiple ways by the digital wallet. The Digital ID in the myColorado app allows you to swipe right to show the barcode image that’s already on the back of your license. This can then be scanned without you ever having to hand your phone over. The Apple wallet allows you to control what information is visible on your lock screen, so you can provide the needed information without ever having to unlock your phone.

 

The Future Direction of Digital ID

With the great combination of convenience and security, Digital IDs are starting to take off. Oklahoma just announced their digital driver license, and Idaho, Maryland, Wyoming and Washington, D.C. have all announced pilot programs. Similarly, there’s a mobile passport application that‘s accepted for U.S. citizens at 27 major airports in the U.S.

 

My colleague, Chief Customer Officer Richard Bird has put together a great video blog talking about the role of the US Government focusing on its digital transformation with digital identities at the core as it adapts to enable and protect our digital identities as they have been doing with our analogue identities for so long.



Worldwide, the Netherlands, New South Wales in Australia, Singapore and Hong Kong all have Digital IDs initiatives helping their citizens more easily conduct business and identify themselves in this new digital reality that we all live in.

 

All these efforts are a promising start, but, we’re still in the early days of digital adoption. For example, Colorado law enforcement doesn’t currently accept the Digital ID, so you’ll still need to keep your physical driver license on your person (the State of Colorado is working toward a solution that will electronically share identity credentials and be accepted by law enforcement at the end of 2020). Whether all aspects of society and business, such as law enforcement, bars, dispensaries and other outlets adopt and accept the use of the digital form of ID remains to be seen. But this is because of the realities of process change and human behavior, not technology.

 

Another aspect of gaining widespread adoption is standardization. There’s currently no agreed-on standard for the collection, verification and sharing of the Digital ID data. Luckily, there are efforts underway to create open accessible standards. The American Association of Motor Vehicle Administrators (AAMVA) has been working with the International Organization for Standardization (ISO) on a mobile driver license (mDL) standard. We believe that accepted standards will be key to widespread adoption and acceptance of Digital IDs, and we’ll be following these efforts with great interest.

 

The Digital ID effort will help us become the true owners of our own information instead of merely being the subjects. Ultimately, we think people will store a lot more verified information on their phones or digitally versus just carrying physical IDs. This is a larger topic than the Colorado Digital ID, but we see the same basic mechanisms being used to give users control over the release of information such as financial records, employment history, and more in a dynamic fashion. Users are gaining more control over what information to give out, who to give it to, and how long the receiving entity can see that information.