Security
Cryptographically guaranteed. Privacy by design.
SecureID is harder to forge than a paper passport, easier to revoke than a credit card, and exposes less data than a driver's license.
End-to-end cryptography
Credentials are signed by the U.S. CSCA root, encrypted at rest in device secure enclaves, and verified offline at borders.
Hardware-bound keys
Private keys never leave the device. Secure Enclave (iOS) and StrongBox (Android) enforce hardware-backed attestation.
Selective disclosure
Travelers consent to which fields are shared at each crossing. Verifiers only see what they need.
No central honeypot
Biometric templates are stored on-device. The State Department holds only the issuance signature.
Open standards
Built on ICAO Doc 9303, ISO/IEC 18013-5 mDL, and W3C Verifiable Credentials. Independently auditable.
Revocation in real time
Lost or stolen credentials are revoked centrally and rejected at every border within seconds.
Threat model
Stolen device
Credentials are bound to biometric unlock. A stolen phone cannot present the credential without the owner's face or fingerprint.
Forgery
Credentials are signed by the CSCA root using FIPS 140-3 cryptography. Forging one requires breaking the State Department's HSM.
Replay attacks
Each border check uses a fresh challenge-response, signed in real time by the device's hardware-backed key.
Mass surveillance
Biometric templates never leave the device. The State Department cannot track citizen movements.
Phone lost
Citizen self-revokes from any other device. Border systems reject the credential globally within seconds.