Last Monday, July 1st, The Minister for Digital Transformation and Public Service, Jose Luis Escriváannounced the details of the mechanism with which the authorities want to ensure that those who access adult content online in Spain are of legal ageIt will be an age verification system that will eventually be included among the different functions of the Cartera Digital wallet, whose test phase was also presented by Escrivá and which will also be used for other procedures.
For now, however, only the design phase of the tool has been completed, which has been concluded with the publication of its technical specifications. The development work will take approximately two months, which means that it will be ready by the end of this summer. With the presentation of the test version of the Digital Wallet Beta, the parties involved in blocking access to adult content for minors can begin the necessary preparatory work so that adult users of these services can use it as soon as it is available.
How the system works, in broad terms
Digital Wallet Beta will be a mobile application in which, according to the Minister, the information will be stored securely and issued by the Government of Spain. Broadly speaking, the system for blocking access to adult content for minors will work as follows: when a person tries to access a website with such content, the credential stored in the wallet will be presented to the page or content platform when logging in to it.
According to the ministry, this will allow adults to be identified in order to facilitate access, using a double authentication system that prevents minors from accessing adult content through their own terminals to which they gain access.
In parallel to this system, a governance architecture has been developed based on whitelists of trusted pages, which allows pages with adult content to be identified as such. The body in charge of controlling it will be the State Secretariat for Digitalization and Artificial Intelligence. As for the issuance of credentials, it will be managed by the General Secretariat for Digital Administration.
Incibe, for its part, will be responsible for managing, together with other entities, a list of adult content pages that are not subject to Spanish jurisdiction, so that browsers can verify the age of majority before presenting their content. This means that although the system will initially only be tested and used with adult content pages located in Spain, it is possible that it will be expanded to those in other countries in the future.
At the same time, if they wish, other platforms, such as instant messaging platforms (Telegram, for example), will be able to use this system. Thus, for example, if a user of this tool uses it to exchange adult content, Telegram can contact the user’s Digital Wallet to verify their age before allowing them access to it or not. However, in order to use the system, they will have to implement the necessary controls.
The adult content access control system, in detail
According to the technical specifications of the system of access to adult content that Jose Luis Escrivá has presented, it can be verified that follows the standards set by eIDAS2the European Regulation on Electronic Identification and Trust Services for Electronic Transactions.
The control system, which as we have mentioned has a double authentication system, is responsible for preventing minors from accessing content not suitable for minors from their smartphones or tablets, and also to prevent them from using the smartphones or tablets of their adult relatives or friends to do so.
One of the main concerns of this system is the privacy of its users, and according to its specifications it guarantees their anonymity, which prevents the monitoring of the operations carried out by each user. In addition, the credential that controls access to the content does not contain data that can be linked to the users, except for a public key that is generated on the terminal on which the Digital Wallet is installed.
The system will check the age of the person who wants to access the content through the electronic DNI or the Cl@ve system (requires prior registration). This can also be done through a valid certificate issued by qualified trusted service providers. As a prior step to presenting the credential on a website with adult content, the system checks that the page or platform that you want to access is a trusted entity. This will be done by consulting the white lists that the government will create, and in which the platforms can register to be considered trustworthy.
The system will then choose a credential (each user will have a package of 30 credentials that will last for 30 days). This will be done randomly, and the system will assign a maximum of three to each platform or adult content provider.
These credentials can be used with the same provider up to 10 times, and can never be used in a shared manner between several services. When the maximum usage for each credential is reached, the system will choose three more with the same number of uses as the first ones, and so on. Each credential is made up of a public and private key pair, which is generated by the smartphone or tablet on which the system is used.
The user is then responsible for presenting the credential chosen by the system invisibly, as proof of his or her age. To do this, the OpenID4VP protocol is used. It verifies that the user is indeed of legal age and will be able to access the content.
What users will see and have to do to access adult content pages
The user, already with his credential in the Digital Wallet wallet, You will see a QR code when you access the platform, which will serve to prove that you are of legal age.To continue the process you will need to scan it with your smartphone or tablet. At that point the verification process will take place.
The verification will take a few seconds, and if the system recognises that you are indeed over 18 years old, access to the content will be unblocked. Otherwise, they will remain blocked and you will not be able to access the platform.
What happens if the user runs out of credentials at his disposal? Very simple: These are renewable credential packages. To start with, you don’t have to wait for them to run out, since they can be renewed if they expire in less than three days or if you have less than 10% available before that deadline. Then, the user can request their renewal. However, the new credentials will not be added to the previous ones if you have any left. These will be deleted and you will once again have 30 in the Digital Wallet wallet.