A strong credential solution that promises cost savings for enterprises and better privacy for users was announced Monday by AU10TIX, an Israeli identity verification and management company.
The firm stated it’s working with Microsoft on Reusable ID, a technology that uses verifiable credentials to enable enterprises to simplify and accelerate ongoing ID verification, reduce customer onboarding costs, automate workflows, and enhance the security of sensitive data.
In addition, it enables users to store their information locally in a tamper-proof digital wallet that gives them control over what information is disclosed to third parties.
AU10TIX explained that verifiable credentials are reusable, unalterable digital credentials that prove the identity of a person or entity and allow the safe sharing of personal documents and biometric credentials.
Verifiable credential architecture also gives users the self-sovereignty to share just the right information on-demand for actions such as opening an account, applying to college, and paying taxes, it added.
“The creation of unalterable digital credentials is important because it enables secure and tamper-proof identity verification,” said Mark Brady, AU10TIX’s vice president for emerging products.
“Digital credentials can be easily altered or forged, posing a significant risk to identity verification processes,” he told TechNewsWorld.
“Unalterable digital credentials ensure that the identity of an individual is verified accurately and securely,” he continued, “which is particularly important in areas such as financial services, healthcare, and government.”
Up-Leveling Verification
Digital credentials go beyond a simple username and password by linking a person’s physical self to their digital representation, explained Karen Walsh, the principal in Allegro Solutions, a cybersecurity consulting company in West Hartford, Conn.
“A digital credential might link personal documents, like a social security card or passport, and biometrics, like face ID or fingerprints,” she told TechNewsWorld.
“However, the Reusable ID would give companies a way to incorporate HR documents with these biometrics, ultimately up-leveling verification,” she said.
setWaLocationCookie(‘wa-usr-cc’,’sg’);
“With typical authentication, you’re making sure that a user is who they say they are, but relying on them to identify themselves honestly,” she continued. “With Reusable ID, Microsoft is going to be able to verify that initial ‘who they say they are’ with government documents.”
Microsoft Senior Product Manager Deepak Marda explained in a statement that Reusable ID will be used in his company’s third-party onboarding flow to streamline repeated validation of user identity verification at critical steps while preventing fraudulent activity and ensuring regulatory compliance.
“Decentralized ID verification is a key imperative in the digital world, and the AU10TIX solution will increase security while reducing friction in the process of online ID verification,” he added.
Unfulfilled Promise?
Decentralized IDs are an attempt to turn over tangible control of a digital ID to the user using it, noted Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla.
“The real challenge with digital IDs is if they can really be decentralized or what percentage of them can really be truly decentralized,” he told TechNewsWorld.
Like the promise of crypto and decentralized finance, he continued, true decentralization never happened. “For a myriad of reasons,” he said, “it turned out that most supposedly decentralized DeFi had more highly centralized control than the traditional things they were replacing.”
“True decentralization of anything is tough, and IDs are no different,” he maintained. “Most people don’t want the hassle of maintaining and securing their own IDs. They just want to use them and have them work.”
He asserted that digital ID standards proposed by the World Wide Web Consortium could lead to true decentralized IDs, but he questioned whether the standards would have any staying power.
“Will they be adopted by any meaningful percentage of users, or will they be used only by a very small percentage of privacy zealots and no one else?” he asked.
“We don’t know, yet,” he added, “but if history is any lesson, then the promise of digital IDs is bigger than the number of people who will use them. I hope I’m wrong.”
Age-Old Disadvantages
Brady noted that cost had been a damper in the past on the widespread adoption of secure verification methods, such as using tokens. “Additionally, there may be resistance from users who are not familiar with the use of hardware tokens and prefer the convenience of traditional forms of identity verification,” he added.
David McNeely, CTO of Delinea, a global privileged access management provider, pointed out that digital credentials have been around for years in the form of PKI certificates and FIDO authentication mechanisms.
setWaLocationCookie(‘wa-usr-cc’,’sg’);
“However, we do need a better way for users to create and verify their own identity, as well as to enable better ways for users to control the information that is presented during the account creation process,” he told TechNewsWorld.
“There are many advantages, but there are also some of the age-old disadvantages that will travel with us when we go to digital identity,” added James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization devoted to minimizing risk and mitigating the impact of identity compromise and crime, in San Diego, Calif.
“Digital identities are more secure and more privacy-centric, but there’s no such thing as an unalterable identity credential,” he told TechNewsWorld. “There’s always a way around it.”
Enhancing Cybersecurity
Lee praised the AU10TIX/Microsoft venture. “It’s a step in the direction that we’ve been seeing for a while, with FIDO, with passkeys instead of passwords,” he said.
“If you move toward an identity predicated on a secure transaction using tokens,” he continued, “that’s going to be a more secure process and result in a more confident outcome than just handing over driver’s licenses.”
“One of the things we’re seeing is a tremendous increase in driver’s license data being targeted in cyberattacks,” he added. “We’re seeing data breaches being committed specifically to get driver’s license information. That wouldn’t happen with a digital credential.”
Brady noted that improved credential management could enhance cybersecurity by reducing the risk of identity theft and fraud.
“By using more secure and tamper-proof digital credentials, organizations can ensure that only authorized users can access their sensitive data and systems,” he said. “This reduces the likelihood of security breaches and helps to protect against cyber threats.”
“Better credential management also simplifies identity verification processes, making it easier for organizations to manage access to their resources and reduce the risk of unauthorized access,” he added.