FB pixel

EU regulators aim for frictionless age verification, interoperability

EU regulators aim for frictionless age verification, interoperability
 

Changes in age verification are on the minds of many legislators, regulators and providers. A recently released on-demand webinar presented by Biometric Update and Goode Intelligence explores age verification and estimation in the context of lessons from deployments and regulatory moves in the UK, but the flurry of age verification debate extends to Europe and beyond.

The European Commission-funded euConsent project has released a feasibility study investigating the viability of potential modifications to its architecture that would enable interoperability between age verification providers (AVPs).

Presently, euConsent provides a “distributed interoperable model,” based on eIDAS architecture for secure information exchange between nodes, which allows AVPs to reuse previous age checks performed by other providers as long as both are part of the euConsent network.

The “Feasibility Study for AVP Interoperability between Native Mobile Applications” is concerned with enhancements that would extend this capability to mobile apps. “This goal is not trivial,” reads the report, “since data sharing between different apps has many restrictions, and the two major mobile operating systems (Android – iOS) have different limitations.”

Functionally, the proposed system must be able to recognize when a user has not previously signed in to an age-restricted app that is part of the euConsent network, and therefore requires an age verification prompt. Once a user has signed into an app that is part of the network, other apps that require age verification will recognize that sign-in and apply it. User authentication on a device via PIN, password, or biometric authentication can provide conditional limits to access, or the transfer of permission can be seamless.

Newly downloaded apps using other euConsent AVPs for verification must be able to recognize that an age check has already been performed by the user on another euConsent AVP. For all of this to work, the different AVPs must be able to communicate.

Conflicting restrictions could be solved by deep linking

Challenges to implementation are significant, given the specific restrictions on different mobile apps and operating systems. The report points out that “iOS imposes strict sandboxing and prevent unauthorized access to data. Apps can only share data if both apps are explicitly designed to work together using one of the supported mechanisms.” This means the euConsent’s cookie-based token system – “a string token including information of a previous age check,” which “includes a unique ID of the AVP that performed the age verification” and an assurance score on the method – cannot facilitate the direct sharing of verification data between mobile apps.

The system is better for Android, but still imperfect. For euConsent, this all generates far too much friction.

The full study includes technical breakdowns and sequence diagrams for each relevant business scenario, and a more detailed explanation of technical workarounds leveraging web views – “a container within the app that displays web pages or web-based content without launching a separate web browser” and deep links, hyperlinks that take users “directly to a specific location or content within a mobile app, potentially bypassing the app’s home screen or landing page.”

It concludes with two key observations on these potential solutions. One, “the age verification should be initiated by a call to the mobile web browser and not within the native mobile app or in a web view hosted by the app. This is of key importance, so that age verification information (cookies) can be shared between different apps and different AVP nodes.” Two, it is important that “callback URLs are not http URLs, but deep links defined and handled by the app itself.”

In short, there are hurdles to AVP interoperability for mobile apps – but it is feasible, given certain conditions, and the continued work of euConsent.

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Cameroon ends 2024 biometric voter registration drive with 755k new enrollments

The Director General in charge of Elections at Cameroon’s elections management agency (ELECAM), Dr Erik Essousse, says 755,085 new potential…

 

Malaysia completes biometric border clearance pilot at Singapore border

Authorities in the Malaysian state of Johor say plans are being finalized for the implementation of a biometric border clearance…

 

New Burkina Faso biometric passport further cements ECOWAS departure

The government of Burkina Faso has unveiled a new generation biometric passport in a move that highlights the countries unwillingness…

 

India to digitize the agricultural sector through unique digital farmer ID

India’s Finance Minister Nirmala Sitharaman announced the implementation of DPI for agriculture in the Union Budget 2024-25. The approved Digital…

 

Protean acknowledged for leadership in digital public infrastructure

Protean Tech has been recognized for its contributions to the digital public infrastructure (DPI) sector at the 2024 Global Fintech…

 

Federal law enforcement must now conduct transparent, standardized AI field testing

A White House advisory panel voted to approve a 24-page report that sets forth specific actions that all federal law…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events