The inexorable growth in passenger numbers has driven the travel industry to an overwhelming conclusion: the only way forward is decentralized identity, digital wallets, and Verifiable Credentials. In the first trial of its kind, with Delta Airlines and the Government of Aruba, SITA and Indicio showed how well they work and how easy they are to implement.
By Trevor Butterworth
With yearly passenger numbers expected to grow from a little over four billion this year to eight billion by 2040 — or sooner — “the travel industry has decided that the future of identity is digital wallets and verifiable credentials,” said Michael Zureik, Head of Digital Travel Strategy and Innovation at SITA, at a recent Indicio Meetup.
To handle this demand and make travel less stressful and more streamlined, SITA — a global supplier of IT to airlines and airports — has worked with Indicio to develop trusted, authenticated, digital travel documents that can be seamlessly authenticated.
First implemented in Aruba, these digital credentials take the data embedded in a passport, combine it with liveness check, authenticate both, and then return the data to the passenger in the form of a Digital Travel Credential or DTC, a specification for deriving a digital passport from a physical passport’s embedded chip, established by the International Civil Aviation Organization (ICAO), a global body that regulates travel documents.
The Government of Aruba is the first sovereign government to accept a DTC, which means a passenger can present their DTC from home, get preauthorization for travel, and then cross the border simply by looking at a camera.
The focus of the Meetup was on the next steps in this digital journey, which were successfully completed with a recent trial combining an ICAO-compatible DTC with One ID, a digital credential standard created by the International Air Transport Association (IATA) for seamless airport and travel services (but which doesn’t include border crossing).
Working with Delta Airlines and the Government of Aruba, SITA and Indicio built a system to first create and issue the DTC and One ID then combined both credentials to add check-in, bag drop, lounge access, and boarding to booking, travel authorization, security, and immigration.
One of the key goals of the trial, said Zureik, was to show how different credentials can easily work together and complement each other to streamline the traveler experience on an international flight.
The trial showed just how easy it is to enroll in both at the same time with a passport and mobile phone, and then use them for instant, seamless authentication through each step of the passenger journey from home to destination.
What we learned, said Zureik, is that these technologies are ready. IATA’s One ID fits easily into the DTC ecosystem, and both were able to be implemented into airport, airline, and border gate processes quickly — six weeks — and without requiring any party to adopt new hardware or systems.
It was, said Zureik, “paramount” that Verifiable Credentials can be easily integrated and interoperate with existing airport infrastructure.
Mike Ebert, Indicio’s Director of Software Engineering, described how this was made possible by combining two types of Verifiable Credential formats — AnonCreds and SD-JWTs — and two types of communication protocols — DIDComm and OpenID4VC. This meant that the credentials were compatible with emerging European eIDAS identity standards but that they also provide strong privacy-preservation.
One key aspect of the Indicio-SITA implementation is that it is fully decentralized. Relying parties do not need to subscribe to or access a centralized database to verify traveler information. This unique architecture is not shared by other travel technology providers, but it is critical for the safe and secure management of people’s biometric data.
With a Verifiable Credential, biometric data doesn’t need to be centrally stored so that there’s something to check when a passenger looks into a camera. Instead, the passenger stores their biometric data securely on their phone and they can elect to share it in a way that can be verified without pinging stored data in a central repository.
As Ebert noted, this reduces the risk of a single point of failure (the database of biometric data goes offline), identity theft (if you don’t have to store people’s biometric data, it can’t be stolen), and it also eliminates the possibility of centralized tracking and provides the privacy protection that people and regulators now demand.
Acuity Market Intelligence described Indicio’s implementation of biometrics in Verifiable Credentials as “masterful” in its 2024 Prism Project Report.
To watch a demonstration of the DTC and One ID and learn more about the benefits of managing biometric data with Verifiable Credentials, and the wider use cases for “government-grade” digital identities in tourism, watch this fascinating episode of the Indicio Meetup.
####
