Light Dark
January 22, 2016 By Dan Gisolfi 3 min read
Identity & Access

Personal Identity Instruments

Today our personal identity is collected, captured and rendered by identity-issuing institutions. The plastic card is the common format used to convey that a trusted institution has certified your identity. However, we all know that this trust model is plagued with fraud issues.

The most common personal identity instrument, the plastic driver’s license, is easily counterfeited — so much so that 39 U.S. states recognized the issue as a pervasive problem. The Center for Immigration Studies also recognized that fraudulent licenses are an easy way for illegal aliens to break the law.

Technology vendors and identity-issuing institutions continue to explore new approaches to make identity fraud more difficult and keep personal identification documents safe, secure and authentic. As history has proven, sometimes the simplest policy change is difficult to execute given our existing paper/plastic identity document model. Recently, several state agencies have decided to go mobile by declaring their intentions to move driver’s licenses to a digital format on your smartphone, according to Move Magazine.

As the shift from paper and plastic to digital identity instruments evolves and matures, there will be pilot projects that are still haunted by security concerns in our current model. Yet these approaches only claim to carry the same level of trust and security as our current physical instruments, the driver’s license and ID card.

It’s time to rethink the construction and issuing of personal identity documents by leveraging mobile devices to make digital identification documents the center of your identity.

Digital Identification Documents

Academic institutions, government agencies and even retail companies rely on card data element standards such as ISO 18013 to provide guidelines for the content and formatting of data stored on machine-readable personal identification instruments. These identity-issuing institutions will expect the same level of industry consistency when they move to mobile devices. But individuals have their own set of requirements around digital identification documents — namely instant access, availability and reliability.

To achieve such expectations, we must rethink the entire life cycle of personal identification documents. This new era of digital identification must address transitions across the personal identity ecosystem:

  • Issuing institutions need to manage the life cycle of identification documents in a cost-effective manner while also considering governance processes, user convenience, fraud protection and privacy.
  • Identity documents need to be safe, authentic, secure and accurate.
  • Owners need a convenient mobile offering for their identity documents that safeguards privacy, is secure and provides control over releasing identity information to others.
  • Verifiers need an efficient and secure manner to verify the authenticity of the identity document and obtain information from that document.

This shift requires new technologies to address the issuing, managing and challenging of digital identification documents. This includes offering:

  • Protection against fraud, tampering and counterfeiting;
  • Prevention of fake IDs;
  • Reductions in human errors during validation and governance tasks;
  • Prevention of privacy threats and theft; and
  • Face-to-face identity validation, which reduces broadband dependencies.

Business processes and workflows will be impacted by a move to digital identification documents. There are a number of steps in the typical life cycle that can benefit from the switch:

  • The layout and design of digital identification documents can be created, reviewed and modified quickly and easily.
  • The appearance of existing digital identification documents can be modified and distributed. You can update digital identification documents systemwide all at once.
  • New digital identification documents are generated and pushed out to the owner’s device immediately. There’s no need to create, print and mail a plastic card.
  • Multiple copies of the same digital identification document can be used. An identity owner can have a copy on all registered devices.
  • Digital identification documents can be quickly and easily replaced if a mobile device is lost or stolen.
  • Digital identification documents can be revoked and purged from a device.

An Aberrant Approach

Organizations are attempting to rethink solutions for the personal identity ecosystem. To get started on a mobile identity strategy, IBM recommends that identity-issuing institutions:

  • Perform a costs analysis of the design, production and delivery of cards today. This should include assessing the ecosystem of providers and dependencies.
  • Identify the operational assumptions for the tactical period where both paper/plastic and mobile identity options are available.
  • Spend time examining verifier procedures for the handling of physical cards and mobile IDs.
  • Speak with ecosystem members (e.g., insurance providers, vehicle registration bodies, etc.) to understand how they are proceeding since the pace of adoption will also impact them.
  • Consider a tactical business model for a digital identification document solution. For example, analogous to vanity plates, mobile convenience could be handled as an uplift to offset initial adoption risks and budgetary shortfalls.
  • Approach this technology shift in phases with focused pilots.
 |  |  | 
Dan Gisolfi
Distinguished Engineer and Client Innovation Advocate, IBM

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature