For the past few years and in an accelerated manner since the health crisis, the mode of operation favored by our society has been described as “remote”. The same can be said for our mainstream economy, which has also become predominantly online. As a result, the needs for identification, authentication and authorization, three essential functions of digital identity, have increased in both economic and civic relations.
Digital identity more important than ever!
Under the pressure of new needs, the development of these functions continues to grow quite rapidly.
Identification has been adapted to be able to verify the information elements remotely, check the real presence of the person to be identified and the correct allocation of the documents and data presented. Biometrics and artificial intelligence as well as the orchestration of data source verification have become the keys to a new business: the service of remote identity verification (PVID), is now recognized by several standards.
Authentication has improved considerably. Under both regulatory, risk and fraud management pressure, multi-factor authentication (MFA) has become a reality. Internet accounts, payment services, transactions almost all market players have adopted new practices with numerous technological innovations. The new frontier is now authentication without passwords, for which several protocols and solutions are already positioned on the market.
Authorization is a more diverse stage (digital signature, access management, granting of resources) in its components, but still just as crucial. It takes into account the trust levels of identification, authentication and network security (or federation), but it has also been diversified thanks to a more advanced contextual and dynamic analysis of risks, as well as customer behavior and new remote analysis and interaction tools.
In connection with new cloud service platforms and connected mobiles or devices, these essential functions of identity use, combine and transform several forms of data that are most often certified, such as physical and/or digital titles, attribute identity or application tokens.
Governments facing the challenges and opportunities of digital sovereignty
At the country level, the choices of digital infrastructure and architecture have become more pressing with the new situation. Governments and States are faced with the need to no longer build simple e-service platforms, but real digital ecosystems, capable of responding to the needs of the population in a resilient manner, including key services for administration, education, health, inclusion and assistance.
The designed ecosystems must meet increasing requirements in terms of security, data protection, and technological sovereignty. The construction of these ecosystems is both a challenge and an opportunity to shape the national and/or regional digital scene. A crucial point is the respective role of the public and private sector. Both sectors need each other to build a trusted ecosystem that is economically viable and operates in a sovereign way.
In the continuation of this challenge, States must also strengthen their governance of digital ecosystems. in addition to the legal aspects of cybersecurity, identity management and data protection, the organization of governance between the public and private sectors is important and the establishment of an independent supervisory authority, capable of encouraging and supervising the various players in the ecosystem is usually a good practice.
The effort and investments in infrastructure may seem significant, but they are the price to pay for governments if they want to remain able to act in digital intermediation, which concerns economic flows as much as citizen and social relationships.
The mobile electronic wallet: a revolution?
This year, a small revolution particularly agitated the digital sector. This is the mobile electronic wallet, the famous “e-wallet”.
The mobile has for several years served as a support for certified titles or attributes presented in the form of two-dimensional codes (QR codes type) or within applications. But the sanitary period has led to a massive development of the uses of mobile support to present these supporting documents, digital rights or entitlements, “sesames” to all types of access for various accesses: logical or physical, remote or in presence, public or private.
From now on, the orchestration of these entitlements has become the leitmotif. Digital identity is taking on the role of the leader of a multitude of certificates and attributes for civil status, administration, KYC, payment, diplomas, etc.
How to orchestrate and certify public and private data, while respecting data security and user consent? This is the new challenge to which a multitude of public and private initiatives are contributing. In Europe, the focus is on the European Digital Identity Wallet (EUDIW) project, proposed by the Commission as part of the draft Regulation on the European Unified Digital Identity Framework.
At this stage, there is only one certainty. The electronic wallet will change the way we experience digital identity. For example, with more integrated paths (including all the stages of identification, authentication and authorizations) and above all more fluid experience for users.
The use of mobile as a multi-purpose medium represents a great opportunity for the development of digital identity but also updates many of the market perspectives.
Solutions are needed to address security, privacy and sovereignty challenges within mobile operating systems and the cloud-mobile technology environment as a whole. The card also wins increased importance as a reliable and distinct factor for identification and authentication, for use in association or in addition to the telephone.
The so-called centralized, federated and decentralized architectural models are also evolving in the direction of complementarity. Standards and protocols such as those of the ISO for driving licenses and the W3C for decentralized credentials seem to be able to be combined or associated in the future with a view to greater interoperability and compatibility of architectural models, for example at the within mobile wallets.
The roads of digital identity are widening with the multiplication of use cases, while technologies and architectural models are diversifying. With these good prospects, the quest for greater international interoperability is also becoming more and more assertive. Intense collaborative work is being undertaken to allow the opening of protocols and the maturation of market standards. With such prospects, 2022 and 2023 promise to be two pivotal years for identity!
This brief overview of identification and developments highlights its growing importance for governments and citizens as well as for all economic stakeholders.
TRUSTECH, which will take place in Paris from November 28th to 30th, 2023, is an opportunity to meet the major public and private stakeholders on the subjects of digital identity and their technologies. The main topics of this article: new identification and authentication practices, government experiments, mobile electronic wallet, new perspectives will be discussed and developed with the testimony of institutions and experts during several conferences. The technological solutions of the most innovative and renowned partners in the sector and numerous demonstrations will be accessible during the three days of the event.