We look at digital identities and how they help people around the world.
Why is digital identity important?
The last three decades have seen the steady transformation of the way we live and work from an analogue world to a digital one.
More and more, the services that we rely on are provided in a completely digital form, making the multiple digital identitieswhich we use to access them as important to protect as our physical ones.
When trust in these digital identities is strong, new services and innovations can flourish: when trust is low, opportunities are lost.
We’re swapping office spaces for virtual collaboration tools; bricks and mortar shopping for online retail; and, of course, adopting social media to augment our offline recreational activities.
Being able to prove identity quickly and conveniently is essential to use a service and also to protect it. To deliver a service securely, it’s imperative for a provider to know that they are delivering it to the right person. When individuals are unsure that their identities are protected, they are reluctant to engage with new products.
One of the impacts of Covid-19 has been the acceleration of the trends of transformation, especially in areas where digitalisation has been slower to take hold previously. The ability to switch from office worker to home worker and Zoom conferencer has saved businesses and economies worldwide – and is no longer the preserve of richer economies.
Adoption of the cloud, remote networking and digital services has given organisations and individuals the ability to continue working, communicating and engaging with civic services.
The challenge the digital experience has, of course, increased the risk of online fraud, identity theft and data breach.
What is digital ID in all this? A strong digital identity acts as a defence against cyberthreats.
Risks are mitigated when both sides of a digital interaction can trust that the other is who they say they are.
Providing a trusted digital identity
Traditionally people have many digital identities.
The most common form consists of an email address and a password to access different online services. In this case, they are not verified and, therefore, not trusted. It is critical that user identity is verified and trusted when it comes to sensitive services such as government, financial services, mobile communications and a whole host of others.
A trusted digital identity provides the ability to prove that the person or device trying to access a service is the one for whom the service is provided, and is vital to the development of online services and seamless experiences when interacting in digital space.
However, the transition even to basic digital authentication is far from complete.
In many cases, especially where data protection laws are yet to catch up with the standards of the European Union’s (EU) General Data Protection Regulation (GDPR), it’s still common to be asked to supply a scanned copy of an official paper or card identity via email or handed in over the counter.
Everyone knows how to prove who they are in a physical context but it is currently a lot less straight-forward virtually.
How are digital identities stored?
Governments, banks, mobile operators, retailers and corporate IT departments have been using using technology to create trusted digital identities for citizens, customers and employees that use strong encryption and certification linked to a smart card for some time now.
Typically these are used to authenticate a user by reading a digital certificate stored on the card and cross-referencing it with something else – either a simple photo on the front or a second factor such as a fingerprint.
There is still room for innovation to improve both the security and convenience to the end user.
There has been little standardisation in the way digital identities are stored and used – an access card for your office can’t be used to prove identity when opening a bank account, for example, or logging into your social media profile. This can create confusion and encourage poor security habits – such as reusing passwords to make them easier to remember.
One way that is emerging as a highly convenient and secure way to store proof of identity is in a digital wallet on a smartphone.
These can be mobile applications used to store a single digital identity, or multiple identities in a single app – much in the way that payment providers offer digital wallets for all your payment and loyalty cards, or one app can be used to generate one time passcodes for multiple services.
User convenience and trust is key.
Simple tools such as QR codes can be used to add digital identities to an app, and once onboard the details are protected by strong encryption.
With Mobile ID, identity can be proved using a device that is owned by the consumer or citizen themselves, so that fewer details need to be passed to the organisation requesting the authentication. This reduces further the potential for fraudulent interception of identity information and can put the user in control of how their data is used.
Standards for interoperability of identities are emerging, and the proof is that they can provide security and convenience at the same time.
The EU’s Electronic Identification, Authentication and Trust Services (eIDAS) regulation is designed to facilitate the use of identities created in one jurisdiction to conduct business and sign legal documents in another. Launched in 2014, a proposed amendment to eIDAS in 2021 aims to boost its adoption. Its objective? To provide at least 80% of the bloc’s 450 million citizens with digital identity solutions for accessing public services by 2030.
Where are digital identities working?
Many private sector firms have embraced mobile identity, from banking to retail services. While it may be that most of these are still at the level of a unique digital identity for each organisation, universal credentials are being adopted too.
In Belgium, for example, the itsme service provides authentication in a single app for two million citizens accessing over 150 services. Developed in conjunction with mobile operators and local banks, the service is now recognised by national governments throughout the EU.
Governments around the world are working to create the correct regulatory structures for digital identities to flourish and deliver on the promise of security and convenience.
In the UK, work is underway on a national framework for trusted digital identities and standards for interoperability. As the Minister for Digital Infrastructure puts it:
In India, with the ubiquitous national identity system Aadhaar, every resident has their own 12-digit Aadhaar number – it has become a single, universal digital identity number that any registered entity can use to authenticate an Indian resident . It is also going mobile. The Unique Identification Authority of India has released a smartphone app which enables citizens to prove their identity using a variety of mechanisms including the generation of a QR code. This is used for access government services, e-KYC (electronic-Know Your Customer) processes for banking and more.
What is Digital ID in the Internet of Things?
Strong, trusted digital identities aren’t just for humans.
Today’s world is underpinned by transactions and communications between humans, but also between humans and machines, and machine to machine conversations. As our networks grow and evolve and we engage more closely with the Internet of Things, the requirements to quickly and securely authenticate individuals and devices also converge.
If we look at the field of smart energy, it is important that we have a robust way of trusting the identity of a smart meter. Without this, the devices could be cloned, leading to a range of potential attacks on the wider smart grid network, which must be avoided at all costs in order to safeguard a country’s critical infrastructure.
One thing is sure, to support the world’s rapidly accelerating transformation, new ways of providing strong, trusted and convenient digital identities are equally important for people and things.