Non-Smartphone Identity: SMS, USSD, and the Last Mile
The digital identity industry has a smartphone addiction. Wallets are apps. Credentials are stored on phones. Presentations happen via NFC or QR from a touchscreen device.
This architecture serves the 5.5 billion smartphone users. It excludes the 3 billion who don’t have smartphones — and the additional hundreds of millions whose smartphones are too old, too limited, or too intermittently connected to run a wallet application.
If digital identity is going to meet the SDG 16.9 commitment of “legal identity for all,” the architecture must extend beyond smartphones.
Four channels for non-smartphone populations
SMS notifications and confirmations. A citizen without a smartphone can still receive text messages on a basic feature phone. SMS can deliver: appointment notifications (“Your credential is ready for collection”), consent confirmations (“Reply YES to authorize sharing your health credential with Dr. Mensah”), and status updates (“Your professional license has been renewed”).
SMS doesn’t deliver credentials themselves — a credential is too complex for a text message. But it keeps the citizen informed and enables basic consent capture.
USSD menus. Unstructured Supplementary Service Data (USSD) is the protocol behind the menu-based interfaces used for mobile money across Africa and Asia. A citizen dials a short code and navigates a text menu — no data connection required, no app installation, no smartphone.
USSD can support: credential status checks (“Dial *123# to check your health credential status”), consent flows (“Select 1 to authorize sharing your identity with the bank”), and enrollment initiation (“Select 2 to request a new credential”).
USSD sessions are real-time (unlike SMS, which is store-and-forward), work on every mobile phone manufactured in the last 20 years, and don’t require internet connectivity — they run on the GSM signaling channel.
Physical NFC cards. A government-issued NFC card containing a digitally signed credential provides the same cryptographic verification as a smartphone-based credential — in a physical form factor that costs $1–$3 and requires no charging, no updates, and no technical literacy.
The verifier reads the card via NFC (at a Puck or an NFC reader), checks the cryptographic signature, and verifies the credential. Selective disclosure can be configured per card issuance — the card shares only the pre-configured attribute set.
NFC cards don’t support the dynamic consent prompts that smartphones enable (the citizen can’t choose which attributes to share per interaction). But for fixed-scope verifications (age verification, benefit eligibility, health credential check), the trade-off is acceptable — and the inclusivity is essential.
Delegated agents. A community health worker, social worker, or village administrator acts on behalf of a citizen using an organizational device. The agent authenticates, then initiates a credential interaction on the citizen’s behalf. The credential belongs to the citizen; the agent facilitates the interaction.
Designing for the last mile
Non-smartphone channels can’t be afterthoughts bolted onto a smartphone-centric platform. They require architectural support:
Multi-channel credential lifecycle. A credential issued to a physical NFC card must be revocable through the same platform that manages smartphone-based credentials. The revocation mechanism (manifest update, trust data sync) must work for both form factors.
Channel-appropriate consent. Smartphone wallets present rich consent UIs with checkboxes and selective disclosure options. SMS consent is binary (YES/NO). USSD consent is menu-based. NFC card consent is pre-configured at issuance. The platform must support all consent models — not just the smartphone one.
Unified audit trail. Whether the credential was presented from a smartphone, an NFC card, or via a delegated agent — the verification event must appear in the same audit trail with the same metadata: who, when, where, what was verified, what was shared.
The KeyShare Digital ID Platform implements multi-channel support through the Mobile SDKs (smartphone), the Puck (NFC card reader), and the DIDComm Engine (agent-mediated interactions). The Trust Governance Service manages credential policies regardless of the presentation channel.
The inclusion commitment
Digital identity that only works on smartphones is identity for the privileged. The last mile — the populations without smartphones, without reliable connectivity, without technical literacy — is where digital identity has the most transformative impact: enabling access to healthcare, education, financial services, and social protection for people who have never had a formal identity.
The technology to reach them exists. The question is whether the platform architecture prioritizes them.
