Case Studies on Digital Identity
PART ONE — CASE STUDIES — EXISTING DIGITAL IDENTITIES
Some existing technologies used by governments to manage digital identities include BankID in Sweden, which uses a custom smart card and digital devices, facial recognition in Argentina, Chip cards and Digital keys in Estonia, and Biometric Identification in India.
- Sweden has a BankID system that was launched in 2003 by financial institutions. The government now recognizes it. Almost three-quarters of its population use BankID. Its purpose is to allow digital authentication and signature while also limiting data sharing with public and private sector institutions.
- The system uses both a custom smart card and digital devices. Within the European Union, and according to Swedish law, a signature made with a BankID is legally binding.
- The Argentinian government recently launched its Digital Identification System in coordination with the private sector. In July 2018, they integrated facial recognition with a remote biometric authentication for use across public and private sector services.
- The validation of the face caption can be completed by any device equipped with a camera. The country is currently working towards integrating its Digital Identification System for the health sector as well as banking.
Chip Based Cards and Digital Keys
- Estonia is one of the leading countries in digital identification. The country launched e-ID, its digital identification system almost two decades ago. Ninety-eight percent of Estonians have an e-ID card.
- The country has enabled "authentication, data storage and sharing, and digital signature through its chip-based cards or digital keys." Their e-ID cards offer a wide array of purposes and are now embedded in Estonian's everyday lives.
- It is used as a national health insurance card for logging into bank accounts online, for online voting, to check medical records, and file taxes.
- In 2009, India launched Aadhaar, its digital identification system. Managed by a public sector agency called the Unique Identification Authority of India, it has over a 90% adoption rate at the moment. They are using biometric authentication as part of broader digital ecosystems.
- Some uses of their system include the transfer of benefits to bank accounts, e-KYC (Know Your Customer), and digital document storage.
- This system does not collect information on, and therefore does not profile people based on the traditional Indian social classes, religion, health, or geography. The system simply provides proof of identity without intruding into the rights of citizenship.
PART TWO — IOT EDGE AND DIGITAL IDENTITY IN GOVERNMENT
There are many examples of governments using IoT technology and digital identity, including tracking water quality, speeding maintenance of vital equipment, improving emergency management, and bringing insight into complex real-world logistics problems. There do not seem to be any available examples of using IoT Edge for identity management. Some helpful and relevant findings are included below which demonstrate the potential of using IoT Edge for identity management.
State of Utah and ForgeRock
- ForgeRock markets themselves as "The Identity Platform You Can Trust." It is designed to securely connect people, devices, and things, allowing everyone and everything to interact in today's IoT world.
- They provide a flexible platform that scales to support billions of devices coming online every year.
- "The ForgeRock IoT Edge solution uses secure, standards-based tokens instead of hard-coded usernames, passwords, or thousands of individual PKI certificates. It enables customers and partners to build industry-specific solutions with additional functionality, and ultimately drive higher levels of interoperability. The ForgeRock IoT Edge solution and SDK are available as open-source software under the Apache 2.0 license."
- Utah has integrated over 900 applications and online services on the ForgeRock Identity Platform, with plans to bring all 1,400 of its existing services online. It has many more in development. The unified identity and access management system has provided broad efficiencies.
- "Because ForgeRock's IAM platform operates on an open architecture, it gives enterprises one system to download and deploy, providing comprehensive access control to virtually everything operating across the network rather than having to integrate or configure a grab bag of disparate products," said Jeff Brooks, regional vice president, public sector, at ForgeRock. "It works with people, services, and things, giving IT departments greater ability to adapt to changing needs in the future."
- Microsoft recently announced several new Azure capabilities for the government. In six months, they added over 40 services and features to Azure Government, as well as publishing a new road map providing ongoing transparency into their upcoming releases.
- They simplified their approach to regulatory compliance so that government customers can innovate more rapidly. They also added new options for using cloud services to make it easier to move to the cloud.
- Microsoft also brought an array of new hybrid and edge capabilities to ensure that governments have access to the latest technology of the intelligent edge.
- "Fundamentally, a cloud/edge application must be developed and run as a single environment from the application services to AI to security and management.
- "While the era of the intelligent cloud and intelligent edge is new, the approach to building and running solutions that take advantage of this architecture is based on enduring principles." The principles on which the applications for the government have been built include a consistent app platform across cloud and edge, holistic security, single identity management, and artificial intelligence.
Cisco Edge for Azure IoT Hub
- On "March 4, 2020, Microsoft announced that the Azure IoT team is partnering with Cisco to offer customers a pre-integrated version of Cisco Edge for Azure IoT Hub."
- The integration will bring hardware and software into line, with software-intelligence pre-loaded onto Cisco IoT network devices. They also include "OPC-Unified Architecture and Modbus telemetry data pipelines into Azure IoT Hub. Customers will have options to build IoT apps with services such as Notification Hub, Machine Learning, or Stream Analytics, with additional telemetry processing scripts for Cisco developed in Visual Studio."
- "By enabling Azure IoT with Cisco IoT network devices infrastructure, IT, and operations teams can quickly take advantage of a wide variety of hardware and easily scalable telemetry collection from connected assets, to kickstart their Azure IoT application development," wrote Tony Shakib, IoT business acceleration leader for Microsoft, in a statement.
- "Our customers can now augment their existing Cisco networks with Azure IoT ready gateways across multiple industries and use cases, without compromising the ability to implement data control and security that both Microsoft and Cisco are known for," he added.
PART THREE — EXPERT INSIGHTS
The United Nations High Commission for Refuges is addressing the underserved in the area of identity management, while the Global Legal Entity Identifier Foundation is working to get agreement to a worldwide framework for legal entity identification. The World Bank and the World Economic forum have a goal of global financial identities. The World Bank provided a graphic for the use of digital identity, which can be seen here.
United Nations High Commission for Refugees
- As a result of the urgent and critical needs of crisis-affected populations, the humanitarian sector has developed as a leader and promoter of establishing digital identity.
- UNHCR's agenda of sustainable development goals states in section 16.9 that it seeks to empower refugees with a secure, portable digital so that by 2030 there is "legal identity for all, including birth registration."
- The commission has a vision for a digital identity for all refugees "to increase their empowerment, inclusion, and protection, while also strengthening accountability and efficiency in humanitarian programme delivery and preventing and reducing statelessness."
- The World Bank's ID4D program has also taken a key leadership role in supporting developing country governments towards this goal: "We believe that every person has the right to participate fully in their society and economy. Without proof of identity, people may be denied access to rights and services — they may be unable to open a bank account, attend school, collect benefits such as social security, seek legal protection, or otherwise engage in modern society. No one should face the indignity of exclusion, nor be denied the opportunity to realize their full potential, exercise their rights, or to share in progress. No one should be left behind."
Global Legal Entity Identifier Foundation (GLEIF)
- An LEI is unique to each legal entity and is associated with a standard set of attributes that represent the specific legal entity. A trusted source of truth and support for this concept is the Global Legal Entity Identifier Foundation (GLEIF), which provides access to trusted information about legal entities.
- Unique legal identities can be attached to people, to corporations, to government agencies, to documents, even to IoT specific items in each step of the supply chain or the regulatory process.
- Currently, data sent from one system to another is not trusted and must be validated, authenticated, and reconciled. "With a more transparent and "trusted" architecture to manage identities of legal entities, these inefficiencies could be reduced."
- LEI is becoming a foundational build in database design that can be leveraged beyond compliance. One of the objectives of the LEI system is to provide consistent identity information to allow the unique identification of legal entities globally, in financial services, and beyond (e.g., supply chain applications).
- The LEI is planned as the link between IoT and all other identifier systems (e.g., KYC systems, business register codes). LEI also has the "potential to be leveraged in blockchain/distributed ledger applications as an identity label for trading financial instruments or managing LEI creation and administration itself."
World Bank Principles
- World Bank ID4D Principles on Identification for Sustainable Development (Digital Identity) include:
- Inclusion: Universal coverage and accessibility
- Ensuring worldwide coverage for individuals from birth to death, free from discrimination
- Removing barricades to access and usage and disparities in the availability of information and technology
- Design: Robust, secure, responsive, and sustainable
- Establishing a strong — unique, secure and accurate — identity
- Creating a platform that is interoperable and alert to the needs of various users
- Using open standards and confirming vendor and technology neutrality
- Ensuring user privacy and control through system design
- Planning for financial and operational sustainability without compromising accessibility
- Governance: Building trust by protecting privacy and user rights
World Economic Forum
- The World Economic Forum is working to ensure the reality of a digital mechanism for identity authentication that enables a system for persons, entities, and devices. It supports the movement of individuals, goods, funds, data, and other resources.
- This initiative aims to shape the future in identity management by defining a framework, basic principles, and requirements for digital identity rules.
- The initiative is also designed to provide a platform to frame and facilitate multi-stakeholder conversations across industries, sectors, and geographies; and "set the foundation for a digital mechanism that fosters growth and opportunity by addressing key questions about the impact of digital identity on the movement of individuals, funds, goods, data and other resources in the digital economy and society."