Around the world, governments, businesses and individuals are increasingly moving toward providing products and services online. For transactions, it is necessary to know the identity of the person involved. This is particularly needed where money is changing hands or sensitive data is involved.

Trust is the foundation of any relationship – and essential to trust is the idea of identity. One of the key enablers in the future digital economy will be trust – which can be provided by a highly secure Digital Identity service. Digital trust is achieved by properly identifying, verifying and authenticating individuals, organisations and devices before granting access to valuable assets:  data, a network, system or building. This framework follows the sequence of Identify – Trust – Connect and aims to tackle the questions: are you who you say you are, can you be trusted and what access should you be granted depending on your identity?

Identity proofing

Generally, there are two options for identity proofing: in-person and remote (performed over an online session). These seemingly simple approaches vary significantly, often in nuanced ways that can strengthen or weaken the expected proofing results. Moreover, the market is blurring the distinctions; in-person processes often conduct digital checks while remote processes sometimes employ human checks.

Identity proofing to support the issuance of physical credentials, such as drivers’ licenses and passports, is an established field that is typically based on an in-person registration event where “breeder documents” are: Presented, verified as authentic, and were legitimately issued to the person claiming the documents belong to them. Identity proofing is also an essential element for those online transactions that require association of a user’s online persona with his or her real world identity. While not necessary for all online applications, consistently proving that an individual is who they claim to remain a focal point in efforts to limit impersonation and ensure that only the correct users receive services and entitlements. Identity proofing can be varying with some degrees of certainty — a level of assurance that the person is who they say they are.

Digital Identity is more than authentication

The method we currently rely on to identify each other online is insecure and irritating: we use usernames and passwords, which are hacked en-masse and we forget every 5 minutes. The system has been well past its sell-by date for years. Read more on authentication >

Identity is more than information

A set of individual attributes can then be used to create a Digital Identity, allowing the holder to gain access to services or resources either in the real world or online. Therefore, the Digital Identity has a key role to play in:

• Ensuring that online service providers and retailers can be sure about the identity of the individual wanting to access their service;
• Providing certainty to the consumer that they are accessing a reputable site that can be trusted; and
• Managing the preferences and permissions of the consumer, thereby placing them in control of their personal data and building strong trust.

There are four ‘foundation conditions’ for Digital Trust: security, privacy, transparency and reliability.

Building trust today for tomorrow’s digital economy

Trust takes the time to build, a moment to destroy and forever to repair. Businesses and governments can no longer afford to approach security in a silo or as an afterthought in the wake of an attack, and then wonder why they lose revenue and customers.

Read more:

• Digital Identity by Phillip J. Windley (Published by O’Reilly Media, 2005)
• Achieving Digital Trust: The New Rules for Business at the Speed of Light by Jeffrey Ritter (Published by Original Thought Press, 2015)