What is digital Identity and key components of digital id systems?

What is identity?

Identity is a difficult concept with various meanings. For our purposes, an identity is a combination of attributes that belong to an individual. One attribute may not be enough to differentiate one person from another, however, a combination of characteristics can be a real game changer. Identity is often referred as official identity of an individual, which is different from the social identity of an individual which can not be used for regulated purposes.

What is digital identity?

A digital identity is a set of validated digital characteristics and credentials for the digital economy, like a person's real identity for the real world. In this uncertain time, business models have either failed, disrupted, or changed. Organisations and especially the one in finance domain and peer-to-peer (P2P) sharing economy has realised the value to adapt quickly to provide online services in our digital economy. Being able to prove identity digitally can streamline on-boarding process, increase financial inclusion, reduce fraud, and save money spent on manual validation processes. Digital identity is now frequently required for transactions in the new digital economy.

Face to-face interactions happen in-person which means that the concerned parties to the transaction are in the same physical location and conduct their activities by physical interaction. Whereas non-face-to-face (remote) interactions happens remotely which means the stakeholders are not physically present on the location and conduct activities by digital means, such as email, video call or phone.

What is a digital ID system?

Digital Id System uses various technologies like liveness detection, facial biometrics, and artificial intelligence (AI) to ascertain an individual’s official identity digitally or in person with various assurance levels. End to end digital ID systems covers 1) Identity enrolment/proofing and 2) Identity authentication. The enrolment stage in the digital id system can be either physical or digital or combination of both. However, binding, credentialing, authentication, and portability must be digital.

Components of Digital ID System

1. Identity proofing and enrolment

• Collection: Collection of identity evidence via uploading a selfie photo, uploading photos of documents such as passport, driving licence or national Identity card etc.
• Validation: Digital or physical inspection to ensure the document is authentic and its da is accurate. It can be done by simply checking physical security features, expiration dates etc.
• De-duplication: Attest that the identity features and proof related to an individual in the ID system via duplicate ID searches and biometric attributes.
• Verification: It is about linking and matching the person to the identity proof provided using biometric solutions like facial recognition and certified liveness detection.
• Enrolment in identity account and binding: Create the identity account and issue and link one or more authenticators with the identity account passwords, one time passcode (OTP) generator on a smartphone, PKI19 smart cards, FIDO certificate). This process enables authentication.

2. Authentication and identity lifecycle management

Why is authentication important in the digital id systems?

Authentication answers the question like: Is he/she the individual who has been identified and verified by the digital id systems? It establishes, based on possession and control of authenticators, that the person exercising an identity (claimant) is the same person as identity proofed and enrolled.

There are three types of factors that can be used to authenticate an individual:

• Ownership factors (something an individual may possess like cryptographic keys)
• Knowledge factors (something an individual may know like password)
• Inherent factors (something an individual is like biometrics).

Authentication can depend on different types of authentication factors and processes. These authentication factors have various levels of security. A single authentication factor is usually not considered adequately trustworthy. An authentication process is usually considered more ambulatory and reliable when it couples with multiple types/layers of authentication factors.