Digital Identity

Digital identity refers to the online representation of an individual or entity, which can be used to identify and authenticate the user when accessing digital services or resources. Digital identity can include information such as a username, password, and other personal or demographic details.

Digital identity is increasingly important in today’s digital age, as more and more services and resources are accessed online. It is used to authenticate users when they log in to websites, apps, and other online platforms, and is also used to verify users’ identity when they make online transactions or access sensitive information.

Digital identity can be managed in a number of different ways, including through the use of a central authentication server, through self-sovereign identity systems, or through other decentralized systems such as blockchain technology.

One of the key challenges of digital identity is ensuring that it is secure and that users’ personal information is protected. This can be especially important in cases where digital identity is used to access sensitive information or financial resources. To address this issue, many digital identity systems use multiple layers of authentication, such as two-factor authentication, to ensure that identity is verified effectively.

Overall, digital identity is an important aspect of modern life and is essential for accessing and interacting with a wide range of online services and resources.

Bank ID

There are a number of federated identity schemes in place, such as Bank ID, a scheme setup in Norway by the Norwegian banks. The scheme was setup in 2004 as part of an initiative to create a joint banking infrastructure. Today BankID can not only be used for banking but also for government services and many other services including the Google Play store.

Gov.UK Verify

In the UK a scheme called Verify was created by the UK government, developed by Government Digital Services (GDS). The scheme is operated by a number of commercial partners but managed by GDS. Setup initially to provide an easier way of managing government services, it has now been opened to the commercial sector, however currently none of the current identity providers under the scheme currently provide a service to the commercial sector. The Verify scheme has taken a lot of criticism, an ambitious target of 25m users by 2020 was set and is expected to a achieve only 5m users by 2020. The service setup for government services with an ambition of being available to all received further criticism due to it’s acceptance rates with as few as 5 in 10 people being able to complete the process to create an ID. The scheme is underpinned by a set of guidelines for identity assurance across government services namely GPG 45 and GPG 44.

ThreatMetrix

The ThreatMetrix solution approaches digital identity in a different way. The solution is able to identify a person uniquely using their digital presence alone. This is mainly driven by the device that the user is using. The system is unaware of the Identities of the people in the physical world but is able to identify that it is the same person. Customers of the solution associate their customer records with digital identities, which then provides a very effective way of preventing fraud, should the digital identity accessing the customer account change. In addition customers of the solution report fraudulent activity against digital identities, which can allow other customers of the solution to prevent an application from a digital identity which has previously been associated with fraud. Companies such as Gamalto have gone further by using the ThreatMetrix solution and combining it with behavioural biometrics to create a secure user authentication process.

Yoti

Yoti is one of a number of companies approaching the storage of identity data in a different way, by allowing the user to store their own data and take it with them on their own device. Known as Self Sovereign Identity (SSI), this provides superior protection against cyber attacks and puts the user in control of their data. The creation of a Yoti identity is in a traditional way, by verifying a users and uploading a document, which is then checked by a team of document professionals. Once created the identity can be used much like a federated identity scheme.