By Neville Pattinson, Senior Vice President of Government Programs at Gemalto
The Internet, technology and innovation move quickly and can change directions just as fast. The forecast is showing more – more devices, more connectivity, more data – and with that, the need for better, trusted security. Everyone wants the ability to use and benefit from the Internet, devices and new technologies without sacrificing personal identities, privacy and security.
In today’s Digital USA, 62% of Americans bank online, an estimated 54.8 million have tablets, with more than 1.1 million smart phone users and 234 million cell phone subscribers. This connected world of convenience and functionality also comes with dangers. The National Cyber Security Alliance reported 90% of Americans do not feel safe from viruses, malware and hackers.
As technology advances, so must the identity credential. Steps have already been taken in this direction with the Government Printing Office producing more than 80 million electronic passports since its inception in 2005. Similar upgrades – to protect an individual’s identity by storing personal information in an embedded chip on the ID card – are in discussion with the electronic driver’s license and Medicare Common Access Card Act.
The identity credential is changing, and advancements are coming within government and for its citizens.
Secure identification is already making headway in the government sector. The Department of Defense Common Access Card is part of an ongoing effort to provide government personnel with the most secure, reliable forms of identification. After banning usernames and passwords, the DOD’s cyber attacks were eliminated by 46%. By 2014, all federal agencies will follow suit. Smart card credentials will increase with the Personal Identity Verification cards required for all government employees and contractors for both physical and logical access.
In five years, government personnel will have a comprehensive way of using that ID credential in their mobile devices, leveraging the cost savings and convenience of bring your own device (BYOD). The smart phone credential is already moving forward because the technology already exists to address the mobile issues of security, diversity of devices and standardization: UICC SIM cards.
The biggest opportunity for the identity credential lies with the citizens.
Within two years, a proliferation of mobile device identity apps will appear, enabling consumers to put an identity on their smart devices, pick the credential, launch it through the app and present it to the service that needs its verification. No more trying to remember username and passwords.
With the mobile apps, more federated login capabilities will also be arriving – enabling users to bypass creating a new credential when opening a new Web account and simply use one that’s already created and provide permission for its use. Facebook, Google, Microsoft and others have already started the move.
Currently, the credentialing authentication process results in the creation and maintenance of several different identities used for different services. With federated logins, a user’s many cyber personas will be managed through this one credential presented to a Web site to access any protected information from e-mails, financial accounts, retail Web sites to other services.
The next, essential element needed will be a real trust in those credentials and an ecosystem of identities that can be cross-trusted.
On the five-year horizon, users will have an identity credential that is trusted by many services and Web sites. The proliferation of identity credential providers and services will come together and work cohesively within a common ecosystem, which can be provided by the National Strategy for Trusted Identities in Cyberspace (NSTIC) and its certification process. NSTIC will define the ecosystem and its rules of engagement in the next two years, and a critical mass of identity ecosystem participants will gather over five years. Therefore, when a user signs up with a provider for a credential, it will be recognized by another system in that connected community.
The identity credential Holy Grail is that relationship of managing identities – securely and trusted. Innovative technology will continue to provide risks and opportunities for the Internet, devices and security in two, five, 10, 20 years. The ease of identity authentication should not come at the price of privacy, and the convenience of technology cannot replace a real insurance of security.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of January, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews, ContactlessNews, CR80News, NFCNews, DigitalIDNews, ThirdFactor, RFIDNews, EnterpriseIDNews, FinancialIDNews, GovernmentIDNews, HealthIDNews, FIPS201.com, IDNoticias es.