A robust credentialing solution promising cost savings for enterprises and improved privacy for users was announced Monday by Israeli identity verification and management company AU10TIX.
The firm said it is working with Microsoft on Reusable ID, a technology that uses verifiable credentials to enable enterprises to simplify and speed up ongoing ID verification, reducing customer onboarding costs. reduce costs, automate workflows, and enhance the security of sensitive data.
Furthermore, it enables users to store their information locally in a tamper-proof digital wallet that gives them control over what information is passed on to third parties.
AU10TIX explained that verifiable credentials are reusable, immutable digital credentials that authenticate the identity of an individual or entity and allow the secure sharing of personal documents and biometric credentials.
The verifiable credential architecture also gives users the self-sovereignty to share the right information on demand for tasks such as opening accounts, applying to college, and paying taxes.
“The creation of immutable digital credentials is important because it enables secure and tamper-proof identity verification,” said Mark Brady, AU10TIX’s vice president for emerging products.
“Digital credentials can be easily changed or forged, which poses a significant risk to identity verification processes,” he told TechNewsWorld.
“Immutable digital credentials ensure that an individual’s identity is accurately and securely verified,” he continued, “which is especially important in sectors such as financial services, healthcare, and government.”
Karen Walsh, principal at Allegro Solutions, a cybersecurity consulting company in West Hartford, Conn., explained that digital credentials go beyond a simple username and password by linking a person’s physical self to their digital representation.
“A digital credential can link personal documents, such as a Social Security card or passport, and biometrics, such as Face ID or fingerprints,” he told TechNewsWorld.
“However, reusable IDs will give companies a way to incorporate HR documents with these biometrics, ultimately up-leveling verification,” she said.
“With Unique Authentication, you are ensuring that a user is who they say they are, but trust them to identify themselves honestly,” he continued. “With Reusable ID, Microsoft is going to be able to verify the initial ‘who they say they are’ with government documents.”
Microsoft senior product manager Deepak Marda explained in a statement that the reusable IDs will be used in his company’s third-party onboarding flows to prevent fraudulent activity and ensure regulatory compliance at critical stages of user identity verification. Bar verification can be streamlined.
“Decentralized ID verification is a critical imperative in the digital world, and the AU10TIX solution will increase security while reducing friction in the online ID verification process,” he said.
Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla., noted that decentralized ID is an attempt to turn tangible control of a digital ID over to the user who uses it.
“The real challenge with digital IDs is whether they can actually be decentralized or what percentage of them can actually be decentralized,” he told TechNewsWorld.
Like the promise of crypto and decentralized finance, he continued, true decentralization never happened. “For a myriad of reasons,” he said, “it turns out that most purportedly decentralized DeFi had more centralized control than the traditional things they were replacing.”
“True decentralization of anything is hard, and IDs are no different,” he said. “Most people don’t want the hassle of maintaining and securing their ID. They just want to use them and make them work.
He stressed that digital ID standards proposed by the World Wide Web Consortium could lead to true decentralized IDs, but he questioned whether the standards would have any staying power.
“Will they be adopted by any meaningful percentage of users, or will they only be used by a very small percentage of privacy enthusiasts and nobody else?” He asked.
“We don’t know yet,” he said, “but if history is any lesson, the promise of digital IDs is bigger than the number of people who will use them. I hope I’m wrong.”
age old damage
Brady notes that in the past cost has been a barrier to the widespread adoption of secure verification methods such as using tokens. “Additionally, there may be resistance from users who are not familiar with the use of hardware tokens and prefer the convenience of traditional forms of identity verification,” he said.
David McNealy, CTO of Delinia, a global privileged access management provider, pointed out that digital credentials have existed for years in the form of PKI certificates and FIDO authentication mechanisms.
“However, we need a better way for users to create and verify their identity, as well as enable better ways for users to control the information they submit during the account creation process,” he added. told TechNewsWorld.
“There are many advantages, but there are also some chronic disadvantages that will accompany us as we move toward digital identity,” said James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization devoted to digital identity management. To reduce the risk and reduce the impact of identity compromise and crime in San Diego, California.
“Digital identities are more secure and more privacy-focused, but there is no such thing as immutable identity credentials,” he told TechNewsWorld. “There’s always a way around it.”
enhancing cyber security
Lee praised the AU10TIX/Microsoft venture. “It’s a step in the direction we’ve been looking at for some time with FIDO, with passkeys instead of passwords,” he said.
“If you move to a secure transaction based identity using tokens,” he continued, “it is going to be a more secure process and result in more reliable results than handing over driver’s licenses. “
“One of the things we’re seeing is a tremendous increase in driver’s license data targeted in cyberattacks,” he said. “We are seeing data breaches being committed specifically to obtain driver’s license information. This will not happen with digital credentials.
Brady said better credential management can enhance cyber security by reducing the risk of identity theft and fraud.
“By using more secure and tamper-proof digital credentials, organizations can ensure that only authorized users can access their sensitive data and systems,” he said. “This reduces the likelihood of security breaches and helps protect against cyber threats.”
“Improved credential management also simplifies identity verification processes, making it easier for organizations to manage access to their resources and reduce the risk of unauthorized access,” he said.