Evolution and localisation of HK’s public key infrastructure and digital identity

Article, CIO Tech Team , CIO Tech Asia


REUTERS/Bobby Yip/File Photo

Victor Lam, CIO of Government Hong Kong gives an insight on HK’s technology

Digital identity is one of the hottest topics in today’s digital world and an important infrastructure for smart city development. Traditionally, many of our public services use certain identity documents such as passport or identity card as proof of identity.

For registration of services which require identity verification, members of the public are often required to visit corresponding government offices to present their identity documents in person. Even for electronic services, the public frequently face the inconvenience of managing different groups of usernames and passwords or carrying multiple security tokens, in order to access various online services.

iAM Smart” basics, registration and functions

The Government of the Hong Kong Special Administrative Region is committed to developing Hong Kong into a smart city and we fully understand the importance of PKI and Digital Identity in achieving this goal. In the Chief Executive’s 2017 Policy Address, a number of smart city key infrastructure projects were announced, one of which is the provision of an electronic identity for all Hong Kong residents to serve as their single digital identity for conducting government and commercial transactions online. The initiative has since then been rebranded as “iAM Smart”, meaning “internet Access by Mobile in a Smart way”.

I am pleased to let you know that the “iAM Smart” Platform, which provides a one-stop personalised portal for government and commercial digital services, was launched two weeks ago on 30 December 2020. We can now log in various online services using a single identity in a convenient and secure manner, with the use of the PKI-based Fast Identity Online standard (FIDO) and two-factor authentication on our own mobile phone.

“iAM Smart” provides a simple and robust registration and authentication process. You can register an “iAM Smart” account remotely using the “iAM Smart” mobile app by simply taking photos of your Hong Kong Identity Card (HKID Card) and a selfie photo. The system will check the anti-fraud features on the HKID Card to ensure it is a genuine card, and that the selfie photo is taken by a live person, before verifying your identity by matching the card face data and selfie photo against the records of the Immigration Department. Upon successful verification, an “iAM Smart” account will be created and bound to your mobile phone immediately. You can then make use of the biometric function come with your mobile phone, either face ID or fingerprint identification, to authenticate your own identity and log in a wide range of online services.

There are two versions of “iAM Smart” account, namely “iAM Smart” and “iAM Smart+”. The basic “iAM Smart” account provides login authentication, “e-ME” form filling and personalised notifications. The ”iAM Smart+” account, which can be registered in person in any of the 121 post offices across the territory, provides an additional digital signing function. The digital signature generated by “iAM Smart+” has the legal backing under the Electronic Transactions Ordinance for handling statutory documents and procedures.

Services adopting “iAM Smart”

Currently, over 20 commonly used government online services covering renewal of vehicle licence and driving licence, taxation, employment services, etc. can be accessed through the “iAM Smart” Platform. The online services of public utilities such as electricity and gas companies can also be so accessed. The number of government online services accessible will be progressively increased to more than 110 by the middle of this year. Public organisations like Hospital Authority and Mandatory Provident Fund Schemes Authority will also adopt “iAM Smart”. Indeed, we expect more and more online services will adopt “iAM Smart” in the year to come.

We also foresee the potential of “iAM Smart” in enhancing digital financial services. We are working closely with financial regulators, including the Hong Kong Monetary Authority (HKMA), the Securities and Futures Commission, the Insurance Authority and the Mandatory Provident Fund Schemes Authority, to facilitate financial institutions’ adoption of “iAM Smart” to enable their customers to use digital financial services more conveniently, securely and efficiently. Use cases include remote on-boarding of customers, authenticating their customers for logging in their online accounts and allowing them to sign documents digitally.

Corporate identity

The launch of “iAM Smart” is just a start. Unique digital identities to facilitate identification and verification of companies is another challenge that we wish to address. It would involve more complex and dynamic processes than handling personal identities. Hence, a new initiative in the Smart City Blueprint 2.0 is to explore the use of new technologies and emerging standards to facilitate identification and verification of companies. We are now working with the HKMA on a Proof-of-Concept (PoC) project on corporate identity. It is indeed opportune time for HKPKIF to introduce relevant technologies in this conference. Upon completion of the PoC project, we will explore further development of corporate identity in collaboration with our public and private partners.

Mutual recognition

We have been working closely with the Ministry of Industry and Information Technology, Guangdong provincial government and Macao SAR government since 2019, aiming to, among others, extend the existing mutual recognition arrangement between Guangdong and Hong Kong to include Macao as well. The relevant work is progressing well and the three places will publish the details once ready. I believe the arrangement will facilitate more innovative applications in cross-boundary e-commerce.