Digital identity solutions can be described using a set of identity verification interactions types that pertain to both in-person and online experiences.
Our daily lives are filled with a variety of identity interaction experiences. These daily life experiences may include a visit to the bank clerk, entering the airport or a login to your utility company’s website. Each of these interaction experiences require you to present proof of your identity. These identity interactions may be face-to-face or online.
As we migrate away from using physical identity instruments towards digital instruments we need to ensure that these new digital representations of our identity can seamlessly fit into our daily identity interactions. Ideally, overtime we will arrive at a point where citizens will benefit from a unified identity interaction experience regardless of interaction type, in-person or online.
Digital identity is one of those overused phrases that is typically used without the necessary situational context. The phrase digital identity refers to information stored by computer systems to represent an external agent. Unfortunately, when folks describe digital identity solutions we are rarely offered a cohesive description about the positioning of the solution. Specifically, the conversation should be grounded in a common understanding of the different identity verification interactions types one might experience for in-person and online interactions.
An identity instrument is a rendering format of an individual’s personally identifying information (PII). Identity instruments can be physical or digital objects. The traditional physical object is a paper or plastic identification card (ID). Many physical identity instruments contain public and encoded information about an individual. The encoded information, which is often stored using machine-readable technologies (magnetic strips or barcodes), are additional examples of rendering formats of an individual’s PII. Digital identity instruments pertain to an individual’s PII in a form that can be processed by a software program.
Mobile identities are another rendering format for an individual’s PII. For example, regardless of rendering format (physical or digital), a verifiable government issued identity instrument (G3I), that includes a photo, may be a:
National or state issued Drivers License
Trusted traveler ID
National or state issued ID
Military identity ID
An identity reader can be a physical or programmatic device that understands how to process information contained within an identity instrument. This includes:
Interpreting machine readable data formats (encodings) available on a physical identity instrument.
Programmatic processing of a digital identity instrument using peer-to-peer communications in a manner that assures privacy as well as document validity.
Any device that can read a physical rendering of an identity instrument in standard machine-readable formats:
1d,2d and PDF417 barcodes
DL PDF417 barcodes (ANSI, AAMVA)
A new class of identity instrument interpreters are emerging. These emerging readers can be described as mobile applications that reside on a device that can communicate with an identity instrument. Unlike Traditional readers, these emerging readers specialize in the processing (reading) of a digital representation of an identity instrument. These readers represent the white-space area where standards are lacking. Since the digital identification industry is still emerging there will be a time frame where interoperability between the possible digital representations is a challenge. For now, we can assume that this class of readers includes, but is not limited to:
Mobile device with a mobile reader app
Personal computer or laptop device with a desktop reader application
In-car computer with mobile reader app
A handheld device capable of communicating over various peer-to-peer protocols with the single function of verifying various identity instruments.
Additionally, these readers focus on the electronic exchange of information between an identity instrument and the reader.
Depending on the situational context of an interaction (identity transaction) concerning an identity instrument (physical or digital), there are standards (existing and emerging) that provide a means for the accessing, presenting and managing of identity information.
Human inspection and verification has a higher risk for error.
The paper/plastic ecosystem is not going away anytime soon so the market for traditional readers remains relevant.
To enable the mobile convenience benefits of digital identification instruments (digital assets) for citizens, we must ensure that the physical and digital solutions can co-exist. As such, a Digital ID on a smartphone must be able to render and communicate an individual’s PII in a manner that has been standardized for traditional readers.
The technologies, architectures and standards associated with this category of readers is still evolving. IBM believes that a vast array of digital use cases that may emerge from new citizen privacy behaviors and general mobile convenience pressures around all identity instruments.
An institution can be a business, organization or government entity represented by some non-human entity (for example a website or vending machine). The requirements and interaction mechanisms for authenticating with an online application are drastically different from the context of physical (in-person) identity interaction.
The next time you are involved in a conversation around a digital identity solution, challenge the conversation participants to associate the solution with one or more identity interaction types. Ideally, the conversation will evolve towards a vision for the solution to provide a unified identity interaction experience regardless of interaction type, in-person or online.
Technology innovations like IoT, autonomous systems and mobile solutions invariably bring with them increased risks and security threats. Today’s news cycle features a constant stream of stories on hackers commandeering household nanny-cams, smart thermostats and video-enabled doorbells. The expansion of the Internet of Things has dramatically increased the attack surface. As the number of connected […]
A survey by the National Coffee Association finds that 64 percent of Americans, age 18 and over, drink coffee daily. After factoring in the less-caffeinated casual coffee drinker, this results in 400 million cups of coffee consumed daily in the United States. That may seem like a lot, until compared with most European countries who […]
Identity and control of personal identity is top of mind, given recent events as well as the European Union’s General Data Protection Regulation (GDPR). A lot of our identity is shared without our explicit consent, gets stored in locations we are unaware of, and when compromised creates tremendous setbacks. Almost everything we do in the […]