In this guest post, Juniper Research Lead Analyst James Moar describes developments in the field of digital identity, and explores the challenges and opportunities in how we may interact with our digital environment in the near and distant future.
In the digital world, the issue of ‘who you are’ is hugely important. Every organisation wants to know, from the eRetailer, to the tax office, to the bank. There are two main issues with this. Firstly, it is very easy for fraudsters to exploit the system when all that is required is an email address or password. Secondly, when the burden of proof is higher, this can be very problematic for users.
These users might have to supply passport numbers, bank account details, letters from employers and so on. This information is hard to access and time-consuming to enter, particularly when, given the continuing digital migration, consumers have to re-enter the same information for a multiplicity of services.
James Moar, shares forecasts and insights into digital identity and mobile biometrics during MEF Connects London 2019
Furthermore, with that information now being stored by numerous online providers, it increases the risk (and the consumer’s perception of the risk) that the data will be exposed and potentially misused.
As a method of solving this, a unified digital identity, is being proposed by several companies, both financial and technological. For the purposes of clarity, we consider a digital identity to be a digital representation of an entity which grants rights, access or privilege on the basis of that representation.
The technical components of any digital identity are credentials (what the identity can do for you) and the validation checks (how the service proves you are who you claim to be). The digital world can also isolate credentials and open up different types of validation checks. Most digital identity solutions are focused on the validation piece.
As a result of these developments, governments worldwide are developing forms of digital identity. The proliferation of these solutions, particularly in regions like Africa and China, which have little in the way of older identity infrastructures to replace, means that 73% of people with a government-recognised or civic identity will have a digital identity in 2024.“
Multiple centralised logins are currently the norm, which creates the problem of requiring multiple passwords, leading to weak and repeated authentication credentials that are stored in a central location, which can easily be stolen or guessed by a fraudster.
Federated logins, seen by consumers as “login with…” and increasingly common in the enterprise space, store identities and their validation credentials in a single place, moving the identity away from the digital service in use. This reduces the number of credentials in use, decreasing any attack surface.
Both forms of identity typically involve cloud storage, creating large, tempting targets of authentication data for cybercriminals to steal. This can be remedied by replacing passwords with biometrics, which are harder to spoof and, if compromised, can be supported by rigorous liveness checks.
Self-Sovereign Identity distributes the risk and can be used to pass on information on a need-to-know basis via tokenised zero-knowledge proofs, without centralising information at all. While not a true Self-Sovereign Identity, on-device tokenised credentials are becoming common, thanks to an increase in the usage of on-device secure hardware, such as Trusted Execution Environments. This hardware can provide highly trusted and verifiable forms of ID, which can be held to similar authenticity standards to government forms of identity document.
As a result of these developments, governments worldwide are developing forms of digital identity. The proliferation of these solutions, particularly in regions like Africa and China, which have little in the way of older identity infrastructures to replace, means that 73% of people with a government-recognised or civic identity will have a digital identity in 2024.
Mobile-based identity is often the most reliable form of identity for people in the developing world, where spotty identity document practices are prevalent; Juniper Research estimates that only 63% of people in Africa & Middle East had any form of civic ID whatsoever in 2019.
The future for these identities in terms of validation will be facial biometrics. 98% of smartphones released since 2014 have a selfie camera, while non-facial biometrics will only reach over 50% of smartphones in use next year, and be at 85% penetration by 2024.
This means that traditional documents and document verification will persist, as most forms of existing ID (passports, driving licenses, ID cards etc) are premised on a facial recognition check. There are a few countries using non-facial biometrics, such as fingerprint collection, but the infrastructure costs of this sort of identification means that countries like India and Kenya will be outliers in this for several years to come.
The reliance on facial recognition means that there will be problems for the IoT and identification in the short to medium term. IoT devices are often used as a second factor for identification, but are likely to miss the boat on the primary future identity evolution; the shift of official identity documents to digital means. As most of these devices are not geared to take photos, they will be shut out of this important change in the use of digital identity in the future.
MEF Connects 2019 brought together members from MEF’s different working groups to exchange updates and explore key trends across the mobile ecosystem, including digital identity and personal data, Mobile IoT and payments, blockchain use-cases & industry trends and innovation pitches.
Exclusively for MEF Members, watch videos and download the presentations from day’s sessions and discussions.