Digital identity is the sum of all available digital data about a person
The “Digital Identity” paradigm can sound extremely incomprehensible and complicated. The difficulty in understanding this concept is attributable not only to technical issues but also to legal aspects. You might think, “This is not about me, it does not concern me,” but actually, it does.
Today, PaySpace Magazine offers you the chance to consider such a thing as digital identity, and all the aspects related to it.
What is digital identity?
Personal data creates not only great opportunities, but also risks that need to be assessed. These risks have to be correlated with benefits as well. We are already used to sharing our personal data in small pieces, in different places, and for different reasons. Such parts are small fragments of our lives that are scattered throughout the digital landscape: social networks, corporate servers, government databases, etc.
These fragments are on the rise, as information technologies penetrate deeper and deeper into our lives. More and more data about us takes a digital form. At the same time, the technologies per se become more powerful, as they can process and aggregate our personal data into a more detailed, more accurate, and, accordingly, more valuable for society business picture. More precisely, digital identity is the sum of all available digital data about a person, regardless of the degree of validity, form, or its availability.
How it works
Let’s cite a specific example. Nowadays, a lot of kindergartens and nurseries have an option to connect to cameras and watch their children during the day. Mostly, cameras film an image of almost all the rooms of the kindergarten. You can connect via your smartphone (if you have internet access) using an appropriate downloaded application (it depends on the specific cam model). Then you’ll have to specify the server’s IP address, port, username, and password (most often it works like this, but it can depend from the camera to camera).
The username can be quite simple and depersonalized, like “user01” or something similar. It is enough to have a username and password to finalize authentication. The entered data will be compared with the one stored on the server, and the system will grant you further access. Then the system will check the authorization details. It is obligatory for it to know whether the user has the right to use the video surveillance service (by analyzing the internal directory of rights, if the system works this way). It seems that everyone should be happy with this situation: you use the service to watch over your child, while a kindergarten provides additional services. Is everything really that good?
What if an attacker/fraudster would like to use this service? Normally, such systems don’t have access personification. Verifying your identity in digital space is not the easiest thing. How can providers of these services ensure that it is you who is watching your child? And most importantly, who is in charge of this control verification? Of course, no one wants outsiders to watch their children, no matter how cool and advanced the service is.
Remote video surveillance services in kindergartens is an excellent occasion to watch the situation from a different angle and take a look at the bigger picture. In fact, roughly speaking, there is no requirement for identification on the internet (establishing identity). Furthermore, there is no real infrastructure to implement this.
The Boston Consulting Group’s study “The Value of Digital Identity” says that consultants identified several groups of user information that turned out to be most sensitive, and vulnerable to such a thing as inappropriate use. Mostly, this is about data related to financial transactions and financial situation, the user’s health, and their social activity in vast social networks. Of course, the study doesn’t give due weight to the situation that has arisen, since it is extremely hard to encompass all the areas of crucial information security, which today can be directly accessed.
Who should be responsible for this?
Who should become the provider of Digital identity on the internet, and how should this happen? Should only the state government play the role of this very provider? At the end of 2016, experts (part of the working group of the World Economic Forum) released the study called A Blueprint for Digital Identity, which indicated several models for the development of these services.
In one of these development models, the platforms created by the business community (operating according to certain rules and standards) can also be an identity provider.
What is a provider (with regards to our topic)? This is a platform that allows access to various services, such as opening bank accounts, or monitoring a child in a kindergarten, using completely different accounts. It would be more correct if there are several platforms of this kind (in order not to keep all the user data in one place). For example, there would be one specific platform, in addition to the first platform, which can be used for authentication for Wi-Fi networks. In this case, a basic authentication standard is required, where a user will be authenticated with a primary personal appearance if we are talking about receiving login and password information. Any kind of government electronic services platform (E-government) may be one of these authentication standards. In other words, it can become an indispensable component. With its help, it would be possible to create profiles on the platforms of identity providers.
In such a case, data is not stored strictly in one place. There is a so-called federally-distributed model of such platforms, when individual platforms have a specific digital mandate and do not go beyond it, but use the same principles of data exchange.
In addition, a necessary component for storing and managing a user’s consent for the use of their data is the ability to control the availability of their data on the network using one profile. We believe that today, banks and financial institutions are the flagships when it comes to this issue, since they are developing in this direction in the most active way. Protecting and promoting such a concept requires the active participation of leading market players working with client data.
There are several leading solutions on the market nowadays:
- Thales – the experts in digital security;
- RaulWalter – specializes in identity solutions for both public and private sector applications;
- ForgeRock – helps to solve issues related to access/identity management, directory services, identity gateway, edge security, and common services;
- Imageware Systems – provides end-to-end digital identity proofing, authentication, and management solutions as a cloud SaaS and on-premises.