A Matter of Trust

New digital identity technologies will increase security, functionality, and convenience in many areas

Stefan Widing, HID Global

A shift in the use of identity technology is leading to increased adoption of mobile devices and the latest smart card technology, a greater emphasis, and reliance on the cloud, and a radical new way of thinking about trust in smart environments and the Internet of Things (IoT).
Initiated more than a decade ago with the move to smart cards that carry digital identities on microprocessor chips, this shift in thinking has precipitated the move from legacy systems to near-field communication (NFC), Bluetooth low energy (BLE) and advanced smart card technology to meet the evolving needs of governments and organizations worldwide.

Moving forward, organizations will use a broader range of smart devices than ever before, extending beyond cards to mobile phones and wearables, while enabling users to do much more than simply open doors in an increasingly connected world. This will directly affect how customers view and use trusted identities on both mobile devices and smart cards for more activities and in more connected environments.

Trusted access and other physical and online interactions will become more personal, contextual and valuable, as everything comes together through unified, more fraud-resistant, end-to-end identity and access management systems.

Today’s shift in the use of trusted identities affects businesses, institutions and other organizations in many ways, including improving the user experience as these identities are embedded more deeply in everyday activities. It will also yield better ways to establish, create, use and manage secure credentials, while creating new options to deploy hybrid on-premises and cloud solutions for access control – and to tie people, assets and processes to the Internet of Trusted Things (IoTT).

Trust will become increasingly important, along with a focus on biometrics for conveniently and reliably associating digital identities exclusively with the true identity of the person claiming to own them.

Improving the User Experience

The consumerization of security will lead to heightened demand for using phones, wearables or smart cards to open doors and log in to cloud resources, not to mention enabling personalized on-demand printing of documents and consuming many other building services in the connected office.

Trusted identities that integrate security, privacy and convenience will provide a new level of assurance to these applications and transactions, while making secure access more personalized to the individual.

Outdated security policies and procedures will be replaced by better ways to use digital identities that are trusted and work easily with cards, mobile devices and/or biometrics, and users will have more control over how they access and interact with their work environment, and how they discover, purchase and enjoy commercial services and experiences.

The industry will also look toward complete identity relationship management that considers the need to grant access based on the context or circumstances for risk-appropriate authentication across trusted identities assigned to people, devices, data and things in smart environments. This will pave the way for the virtual equivalent of a personal building assistant who does double duty as a user’s confidential assistant, continuously anticipating needs while delivering secure and seamless access to doors, IT systems, networks, data, and services.

These and other changes will have a dramatic impact on everyday activities for businesses and consumers. In the enterprise, new capabilities for managing and using trusted IDs will be driven by the increase of temporary offices, mobile knowledge workers and the evolution of tomorrow’s more connected workplace, where adapting to the preferences of the talent pool will drive the need for more open, flexible workspaces.

“Distributed work” models that combine independent workspaces, social interaction and formal/informal collaboration in the office space will need a more seamless, secure access experience. When breakthrough technologies allow management of identity across the organization, there can be a universal approach to identity that connects disparate systems and assists in achieving regulatory compliance mandates.

Trusted IDs Beyond the Enterprise

Trusted identities will become an embedded feature of more “use cases” rather than simply an add-on capability. The trend of “security by design” will lead to many more convenient approaches to using digital identities across a variety of activities, services, and industries.
Consumers will see trusted identities used in such scenarios as guaranteeing authorized use of corporate and heavy machinery fleets, as well as creating new ways to safeguard students and validate drivers. Indeed, as digital identity technology becomes an embedded feature in wearables, there is an opportunity for it to pervade virtually all aspects of daily life.

Digital identity will open every door, connect us to cloud-based applications and services, and control our environment at home and where we work, shop, learn and play.

In banking, trusted identities will help drive consistency across multiple service channels to improve the user experience, from faster, anytime/anywhere instant issuance that is revolutionizing the way customers receive new or replacement debit and credit cards to “out-of-band” mobile push capabilities that increase trust, reduce fraud, and deliver an easier path to compliance for financial institutions.

Digital IDs will also push the banking industry to increase trust levels by better associating a user’s physical identity (via biometrics) with his or her digital identity. And by combining multiple types of biometrics with mutual authentication, mobile certificates, and other technologies, banks will be able to deliver a game-changing user experience across all channels. A user will be able to “be present” for his or her transaction on the phone, at the bank or automated teller machine, or online.

Similar dynamics are changing the way citizens interact with government agencies and systems. Passports, national IDs, driver’s licenses and other credentials will coexist with new disruptive technologies and change the way IDs are issued by government agencies and used by citizens. More citizen IDs are poised to move to mobile phones this year, with some state governments offering mobile driver’s licenses as an option. Physical passports and national IDs will be more secure, with more ways to encode information onto and inside more durable cards featuring contactless microcontroller chips.

Digital IDs will move beyond paper and plastic documents to phones, starting with driver’s licenses and other government-issued documents – all with a focus on meeting policy, privacy, interoperability and security requirements.

Physical IDs and government documents will coexist with mobile credentials and will feature improved card quality and security, higher resistance to cloning and counterfeiting, and streamlined methods of personalization, printing, and issuing.

In the increasingly connected healthcare environment, trusted identities are improving the patient experience and increasing efficiencies while safeguarding and managing access to equipment, facilities, patient data and electronic prescribing of controlled substances (EPCS). Physicians will have a much better experience writing, monitoring and tracking online narcotic prescriptions, in full regulatory compliance, from any location.

Patients will also have a better experience since prescriptions and refills can be sent ahead for fulfillment, usually on the same-day – a savings of at least two to three days as compared to waiting for paper-based prescriptions. These and other developments are being enabled through new ways to leverage the power of trusted identities using flexible and unified management platforms.

A Simpler, More Efficient Approach

Cloud-based solutions for IT access management are well established and widely used, and there is growing interest in using cloud-based solutions for physical access control and ID management, as well. These systems could cover the full identity lifecycle, from the printing of badges or issuing of cards or mobile credentials through system management and assigning of access rights.

Credential issuance for physical ID cards will also experience a digital transformation, as the use of cloud technologies will enable service-focused models for badge printing and encoding.

Cloud-based models for ID badge issuance will feature the security of end-to-end encryption and provide the choice of on-premises or cloud models for card personalization. This will transform the user experience and the operational management of ID badge printing, reduce costs, eliminate capex outlay, simplify system maintenance, and improve security as compared to on-premises solutions.

Organizations are also recognizing the interdependencies of technologies and platforms needed for business agility, cost management and providing a better user experience within a mobile workforce, as well as for digital commerce and relationship management, which require more reach, flexibility and security.

To support these technology interdependencies, breakthrough advances will allow identity management across the organization and will connect multiple platforms for a unified approach that delivers a single, comprehensive security view. This model will make it easier for administrators to deploy and maintain an integrated system and will help lower the total cost of ownership. It also will support extending strong authentication from the desktop to the door, and other advanced security, such as digital signing, full disk encryption and boot protection.

A good example of this can be seen in a connected health care environment. Across the health care continuum, from hospital to home, identity technologies will simplify all aspects of operations, from opening hospital doors, accessing records and e-prescribing to how health care professionals interact with patients and log their activities.

Hospitals will explore leveraging their e-prescribing architectures for other valuable capabilities, such as authenticating to VPNs and enabling remote access using credentials, key fobs, smartphones and other smart devices and on-time password (OTP) tokens.

Growing Importance of Trust and Biometrics Identity

The shift in the use of identity technology is also exposing the crucial difference between biometrics identity and ownership of a digital identity, pushing the industry to increase trust levels and combat fraud by better associating a user’s biometric ID with his or her digital identity.

The use of passwords or PINs to validate who is presenting a digital identity will become an increasingly unacceptable approach as cybercriminals continue to assume and use false digital identities across a growing number of transaction channels and access platforms.

To solve this problem, the industry will look at biometrics as much more than simply a PIN or password replacement that makes it somewhat harder for cybercriminals to falsely assume another digital identity.

Instead, biometrics will provide the most convenient and reliable way to associate a digital identity exclusively with the person who truly owns it.

In applications that require the highest levels of trust and security, the industry will begin moving toward integrated solutions that use this biometrics-based identity-proofing process to create an unbroken chain of trust. Biometrics identity will be verified and bound to a digital identity at the time of set-up, and then verified again each time it is used.

Emerging IoT Use Cases

New ways to connect more people, places and things will drive the need to use trusted digital identities throughout the IoT. These identities will help to connect people with things to streamline processes and make it easier for users to manage their world. They will also increasingly be employed to help secure, customize and enhance the user experience across a growing range of industry segments.

Organizations will also look toward streamlining processes and operations using real-time location systems, presence and proximity-based location functionality and condition-monitoring solutions, and cloud infrastructure, gateways, beacons and software-as-a-service (SaaS) models, leveraging emerging solutions that secure IoT use cases.

BLE-based solutions will also advance existing secure proof-of-presence capabilities to include predictive analytics and functionality using location-based technologies.

As a result, there will be a variety of new and emerging energy efficiency, productivity and safety-oriented applications in the enterprise that need to know the identities of occupants in a physical space. BLE-based identity credentials will be an enabling technology in applications, including heating, lighting and other environmental management, coordinating meeting room booking, auto-configuring audio-visual equipment, and facilitating emergency mustering and alarms so organizations can determine who is in a building in real time.

In the health care environment, there will be continued momentum toward the adoption of electronic visit verification (EVV) that helps streamline in-home patient visits and eliminate billing fraud using “proof of presence” applications that make it easier to document the time, location and delivery of prescribed care.

Health care institutions will embrace trusted IDs, predictive analytics and new IoT solutions that use real-time, location-based services to effectively connect, monitor and manage patients, mobile clinicians, and staff. These solutions will also help to quickly locate critical medical equipment, beds, crash carts and other devices by providing the missing link between physical assets and a trusted ID ecosystem.

Preparing for the Future

Organizations across a wide range of industries will increasingly pursue the goal of truly converged access control that consists of a single security policy, one credential, and one audit log, delivered through a fully interoperable, multi-layered security infrastructure that is based on a flexible and adaptable platform.

Such a platform will enable organizations to preserve their investments as they grow, evolve and improve their security capabilities in the face of ever-changing threats, while also simplifying deployment and management and lowering the total cost of ownership. This unified platform will also improve the user experience, deliver a more comprehensive security view and facilitate a more coordinated approach for protecting privacy.

The use of trusted identities is entering a new chapter that will drive profound changes across a variety of industries.

As trusted identities are used with unified platforms that align facility and information security, previously independent teams will need to work together to understand and follow best practices for both physical and logical access control.

Organizations will also need to explore opportunities to combine authentication and new IoT applications to address a variety of current and future challenges. When they do, there will be an opportunity to simplify all aspects of their operations – from opening doors and accessing data, networks and cloud applications to how they manage assets and streamline processes – while creating a better and more secure user experience.

Stefan Widing (info@hidglobal.com) is president and CEO of HID Global (www.hidglobal.com).