Digital Identity is a term that is talked about a lot but something that is not necessarily well understood or well publicised. The basic idea of digital identity is to offer a digital alternative to physical identity documents like a driver’s licence, a passport, or a gym membership card. That means that many of us will already be using a digital identity of some form – we just might not be aware that it is classified as a digital identity.
Digital attributes and activities
Digital identities are grouped into two main categories: your digital activities and your digital attributes. These can be used for identification purposes, both when used alone or when combined.
Digital attributes refer to parts of your identity that are not influenced by external factors – they are constants such as your age, date of birth, or biometric identifiers such as fingerprints or facial recognition. These are known as inherent attributes.
Accumulated attributes are attributes that change over time. These can include things like your health and dental records or your transaction history. Over time, we will start to accumulate more digital attributes as more businesses shift to a digital environment and our digital identities become more integrated in our day to day lives.
A great example of this is the recent rollout of the COVID-19 Vaccine Pass here in New Zealand and similar programmes around the world. Your My Vaccine Pass is a digital identity – it contains inherent attributes such as your name, age, and date of birth but it also contains accumulated attributes such as the dates of your vaccines and boosters. This will continue to change over time as new boosters are rolled out or your vaccine pass needs to be updated.
One final digital attribute associated with digital identity is assigned attributes and these too are present in the My Vaccine Pass. Assigned attributes are attached to a person without being part of one’s intrinsic nature and these include things like your IRD number and in the case of the vaccine pass, your NHI number.
Digital activities refer to the things that you do online – your search queries, purchase history, social media posts, petitions you sign, apps you download, places you check-in as well as your mobile phone use. All these activities contribute to your digital ID whenever you are signed into specific apps and devices.
Difference between Digital ID and Trusted Digital ID
Not all digital IDs are created equal. Anyone can sign up for a Google or Facebook account, for example, using a made up name, email address, date of birth and even the country you are from. This essentially creates a digital ID for that person but does not authenticate that the person is who they say they are.
Trusted digital IDs are created when the information provided has been verified or checked for authenticity.
A trusted digital ID will consist of a set of verified attributes such as ID documents or biometric identifiers. This allows the identity to be authenticated and confirm that an individual is who they say they are. The verification process for trusted IDs may include cross-referencing the ID with government databases, social identity, or credit card numbers.
Much like physical IDs like driver’s licences are verified by the police if you are pulled over, trusted digital IDs allow for verification that a person is who they say they are, and it is trusted digital identities that will help businesses to make the switch to the use of digital IDs moving forward.
How to create a trusted digital ID
More and more businesses are going to be turning to trusted digital identities to enable them to move to a model where they can service their customers online. With reports showing that over 5 billion people already have access to the internet at the end of 2021, coupled with the rise in the number of mobile devices around the world, it is clear that there is a need for people to be able to identify themselves securely online.
The COVID-19 global pandemic has also accelerated the shift to digital-first servicing, especially for governments. Gartner predicts that by 2023 over 60% of governments will have tripled citizen digital services. Digital IDs went from a “nice to have” to a “must-have” for governments around the world and countries including France, Denmark and Italy have all seen massive growth in the adoption of digital ID, with Denmark close to achieving 100% adoption, enabling the government to make online access mandatory to public services in the country.
You can learn more about the successful digitisation of Denmark in our recent post.
To create a trusted digital ID, there are typically three steps: capturing verified attributes, verification of the documents, and digitisation of the ID.
Capture
The customer enrolment process will vary depending on the channel and platform being used by the customer to register for their digital ID, however, whatever method is used, either remotely or in-store, a user’s ID documents or biometrics must be captured and verified.
Typically, a user’s identity documents are captured (driver’s licence, passport, national ID etc) first. They are captured using optical character recognition that will extract the user’s name, date of birth and other relevant data from the ID.
This method of capturing a user’s data ensures consistent and accurate recording of data that helps to populate customer databases.
To enable a higher level of security, a biometric capture device (such as a mobile phone, web camera, tablet, or specialised fingerprint scanner) is used to capture different types of biometrics including information from the face, fingerprint, palm print, or iris.
Verify
The verification stage of creating a trusted ID is perhaps the most important. At this stage, verification confirms the authenticity of the user’s ID and biometrics to validate that they are who they say they are.
The verification stage can include several solutions and often a combination is used depending on the level of assurance that is needed.
ID document verification uses specialist software to verify the authenticity of the documents provided. It can be a complex process and typically involves online verification using a photo ID as well as using specialised scanners to verify embedded security features that can only be seen under specific lights such as infra-red or ultraviolet.
The verification stage also involves verifying biometric data such as fingerprint or facial recognition. Biometrics enable a simplified user experience by reducing friction while also deterring fraud. Verifying your biometric data involves the creating of a biometric “template” that is stored by the organisation. This is not simply an image of your face or a capture of your fingerprint. What is created and stored is the ‘biometric’ – a proprietary, mathematical interpretation of the subject’s face, fingerprint, iris etc. Any original image is then discarded, and the ‘template’ is stored. This is proprietary to the biometric system in place, and it cannot be ‘read’ by other systems.
Each time a user enters their biometric data moving forward, what they enter is then compared with the information stored in the “template” for authentication.
Digitise
The final step in the process of creating a digital identity is to digitalise the information that has been captured and verified. This stage links the personal information from a user’s ID documents with their biometric information and other attributes.
This cluster of data is saved as a digital ID and securely stored by the organisation. A user can then gain access to a service that accepts the digital ID by simply providing their biometric attribute.
The future of Digital ID
Here at NEC New Zealand, we are already working towards the future for Digital ID. Imagine a world where you did not have to carry cash, credit cards or a passport when you travel.
What if checking in for a flight or checking out at your favourite store was as simple as taking a selfie?
What if there was one technology that could make your hotel, banking, and entertainment experiences safe and simple?
What if you could achieve all this without having to physically touch anything and risk the transmission of viruses or other pathogens.
Whilst this all seems like something out of a science fiction movie, the reality is that this future is here now, if you are ready to embrace your Digital ID.
NEC’s Digital ID is already delivering these solutions around the world. Check out the video below and take a peek at what the future and present might look like using Digital ID.
Learn more about Digital ID
We have written extensively about Digital ID, and you can learn more about Digital ID in the articles below: