Webinar Recording

Identity Verification: Why It Is Needed and How It Can Benefit the Business


Log in and watch the full video!

The COVID-19 pandemic has transformed the way customers engage with brands and led to increased digital interaction. But this has increased the incidence of fraud during the account creation process. As a result, businesses now face the challenge of verifying customer identity and verifying that those entities interacting with their brand are human and who they claim to be. Join identity experts, Martin Kuppinger, Principal Analyst at KuppingerCole and Armin Ebrahimi, head of Distributed Identity at Ping Identity, as they discuss how best to tackle these challenges without adding unnecessary friction to the user experience to reduce the risk of customer drop off and lost business. 

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Welcome to our KuppingerCole webinar on identity verification, why it is needed and how it can benefit the business. This webinaer is supported by Ping Identity. And the speakers today are Armin Ebrahimi, who is head of distributed identity, Ping Identity. And me, Martin Kuppinger, I'm principal analyst at KuppingerCole. Before we go into the topic of today, which I believe is a very interesting, very hot topic, I like quickly like to hint on some upcoming events and also to a little bit of housekeeping before we start with today's content. So there are two, I think, very interesting upcoming events the next couple of weeks, the one I'd like to mention this, the virtual event, the KClive, we went the access management playbook securing today's organization. So that's the title. This is very much about how would you move forward is the entire access management theme.
And then we had like all to mentor our upcoming European identity conference, which is our flagship event held every year. And we will do it again in uni this year. It's a fully hire pretty well. So it's, you can either visit us in Munich on-site or you can participate online. So don't miss this event. It's really the place to be around identity management and digital identity for the housekeeping. We are recording the webinar and this webinar recording as well as the slides will be made available probably after the webinar, we will do a Q and a session by the end, so you can enter questions at any time. And so I always say the more questions we have, the better it is because the more lively, the more interesting, the more interactive Q and a session will be as last, at least we will run a few polls, in fact, two polls during the course of the webinar. And that's also where I wanted to start with. And the first poll that re-keyed like, like you to, to participate in a vote on that. The first poll I have here is do you feel already familiar with terms such as de-centralized identity self-sovereign identity verify with credentials and so on. So that total of different terms, do you think you, you, you really know what it is or not.
Oops. Yeah. That's a better, I think we have an issue with DePaul here because yeah. As I should be. Yes or no. So I think that Paul, we had have made a sorry for that a little mistake. Not having a yes, no answer here, but at the three options, but maybe you just select the term you feel you're most familiar with. And then at least we have a well-lit result. I leave it open for a few more seconds. So I say we can give it one more or five more seconds on them. Oh, we can close it to thump. Okay. So then let's proceed from there. What's the agenda. And the first part, I'll try to explain some of these terms. And so hopefully you're more familiar with the terminology afterwards than before. So I'll talk about these interactive entities that's around identity more and how I, this very important point. How does this fit into what we have today? How does this fit into our customer journeys and the solutions we build around consumer identity, et cetera. And the second part Armeen, we'll talk about the business need for integrated identity verification. Why is this entire theme of verification getting so much more important than it has to be even done? As I said to the serve part, dynasty Q and a part.
So to start with that, I'd like to talk a little bit about if future identity and how will this differ from what we frequently have today. The first thing I'd like to look as or two to say is it will be digital. The future identity will be digital. We are already having our digital identities. And I think this is when we look at past year, it became even more clear. Everything happened. Digital also the onboarding processes, all these things had to happen digital. And so the knowledge grew a critic processes we are even familiar for. Maybe did this, the state identities date, this truck, they were disrupted. So we need to do it digitally. I think this is an offset here. It also will be more private that it has been privacy forward because we need data, but we need to also understand that data can and is weaponized we're fertilized.
And we need to come to ways which are allowed to have a better controls control about what happens with personally identifiable data. And this thing will let go away. This is something we have to find a good balance between the interest of different parties. It also will be used centric. So just use centric thing is I think also very logical because I use a mix three, two, the purchase, the user blast for a loan. It is always started from the user. That is the common factor, honestly, whom of us is not annoyed by having to register again and again and again, oh, it's the same data because it's not user centric. It's sort of organization centric, it's corporate centric. And this must change. We have to change the perspective sync from user because that's where your money comes from. And the future of identity will be reusable.
And I think this is a logical consequence of what I trust is that if we want to take a user perspective, that we must allow the user to bring his or her digital identity and use it again. So because it's meaningful attributes, rarely change. The address stays quite stable for usually a long period of time. So why should I enter a hundred times by registering two websites? The same data? Yes, we can support the little, like what I'm process do, but it's that really the solution? Well, no, sorry. So why should we do ? And if we, the data or science was to use it and kind of share securely of his confidence, this is good, better approach. And I think this all fits into what we need to do as businesses and also to the past one and a half year has been showing the, demonstrating the need for businesses to go digital.
So many industries were really driven to, to, to speed up their digital journey. I'm always a little reluctant. This is term to true transformation because it's more than a transformation transformation means we go from a to B and stay there. In fact, it's a journey, a long journey where we improved our, our sort of digital business, our digital services, our business model, and that will not stop. It will be a continuous and very fast journey forever. So, but digital identity from my perspective is really one of the things which is at the very core of digital transformation. So when we look at digital transformation, no, this is about a lot of external factors, which drive organizations to change the changes in competition, Tesla, challenging traditional automotive vendors, dynamic business partnerships. So when you look at today's supply chains to give you an example, one of the learnings also the past 18 months has been, yeah, there's too much dependency the supply chains.
So there will be a need for a more open, more flexible, more dynamic partnerships along the supply chain to be assured that the goods from somewhere. So it's not this dependency on a single supplier, right. Which you can do. So this will also lead to a lot of change all the time for rapid innovation. A lot of things show coming up on the other hand, the downside, so to speak, we have to add tech cellos ever. has a regulatory regulations. We have more and more regulations to deal with the connectivity part, a business models at the end they'll change. That means organizations need to change, needs to be more agile. They need to be very flexible. They need to be very innovative and they need to make use of the, the large sort of the large changes. Large core innovations core seems like smart manufacturing, like customer interaction with TriNet changing, like the internet of things like would be quitters software.
So is everywhere has softness power of your business. It is what it can help you depending on the industry, but in many industries helps you differentiating from your competition and certainly will ruin lots of it. And software's changing. It becomes part of the business model part of the business. And there are a couple of technologies in debt, which are super essential in that change of business, the internet of things, that's blockchain, robotics, cybersecurity, privacy technologies, AI, data analytics, and last not least digitally identity digital identity is what connects organizations with their customers. Consumers is to support. This is whoever it is and being able to deal well with the digital identities at the end, th the entry point for success in digital business. However, when we look at it from a little bit of sort of a perspective of what can we do or not, then over time, the way we Deb, we have dealt with digital identities, a very broad, broad sense has changed in the early days of computers, because maybe a login to an employee, to a certain system outside the mainframe.
And some, I don't know, over time and the mainframe, there was a little bit more of authentication authorization. So the other days it might have been trust access to the Hoover that a computer was in at the end. But Mr. H tomato from Singapore, as I said, where I got half or so then there was authentication some level of audit logging, but also still focused on the employee. And the savers glance are written some 20 years ago was the event of the widespread adoption of the internet and this new economy of face we had out it, some, some more focused went to, to authentication authorization of the, as a partners. This is Papa's customers. And in a digital age, I think we have this challenge right now to say, we need to make it more universal. We need to add to the consumer to death.
We need to get better. And the challenge was big. Starting this date, the internet new economy was that identity and identification and verification part became more problematic because we always managed to identify and verify the employee. But what about the poplin customer, this pot false already challenging. And what about the consumer and on others? And this is what really is the challenge. How do we deal with that? How do we do identification verification and how do we make the life of them subsequently easier? So there are use cases at the end for that perspective for a reusable identity, because this onboarding onboarding is easier. If you have a strong trust or usable identity, then you can say, okay, if I accept that a lot of data also flows for 40 onboarding, you can do a lot of know your customer, know your whatever in a different way, because that can be verified identities, identities that have a certain verification from other parties that bring to certification wisdom already. This is whatever I really improved behind the key ID and stuff like that.
Also vacation can be part of that. We will see that in a few minutes, credentials can be shared across different areas. So it's easier for, to use it because it's that hundreds of passwords to keep in mind or to store somewhere, to write down somewhere. There can be also some sort of that selective attribute sharing. So most use cases don't need to know the date of birth for most use cases. If at all, it's necessary to know above 18 or above 21 or above 16 or not that's enough or good credit or not. If you could move even further to things like, like life management platform, you wrote a box say roughly 10 years ago already. So how could this end up in, in really sharing data and using data, your own data to, to utilize it, a lot of applications, which also improve a lot of business processes, have a look at all. The research around lash management platforms are clear benefits for the enterprise.
It's a new framework, but we can't consume data. Yeah. We can build a relationship on that where we sort of have a mutual dress that save, eat only get certain data we have maybe even on a cream and all that data, how it is used her lab. And we can, at the end of the day, I'm building a better quality of information because it's, if a user who uses the identity, that will be usually very, very accurate when it's entered again. And again, only the minimum effort will be put in yeah, technical controls to deliver, verify the highly trustworthy identity. And based on that, we also can optimize processes because if someone comes in this strong with a wetted that entity already, we can safety effort wetting it ourselves. So there's a lot of technology innovation. I love change. Hang on. And I'd like to quickly explain a little bit of basic terms concepts here.
This is my de-centralized identity and the societal natural slide, a very simplified, and we can always discuss a bottle of wine or aspect should be better that way or that way. So decentralized ID or decentralized identity or did is the one thing, and there's this name of self or right. Identity of it's pretty much equals terminology. You also see well where I filed the credentials, which is sort of an implementation of that and a couple of our toes USO of Trump. Hi mommy. Later on. So yeah, quite a lot of technology, but the idea is that we have some sort of a wallet user that holds proofs credentials. Like this is the national Eid, and this is proven this is a bank ID or something else. And based on, let's say crypto, correct. I think approaches, there are private keys and then private attributes. And then in, in many of the implementations of some sort of blockchain is used where decentralized identifier styles.
So the did which in fact maps, then this ID too, some other party for, or certain use that the hack was off lecturer. So that doesn't happen in the blockchain itself, but directly. So this is trust used for sort of verifying, okay. This is that there's a relationship of proven relationship between for instance, Martin and peanut entity. And so this is the basic concept. And then the good thing is to provide stress because we have the user's identity attributes. We might have a gun man shoot ID implemented. We might have a bank participating at that, which says, okay, I have some things like, like credentials attesting, the trues of certain information that is required for a loan to employer Mike Houston information about whatever or requests information about a user's driver's license on our things. So we can do a lot of things for step health providers could utilize certain data, but only trust parts of this data or deliver data back like, like a health card in that trauma.
Many are stuff like that. So we can establish this of this verified information. We hold quiet trust or a lot of business use cases. And this helps us in optimizing processes. So at the end, this is really comfortable with the future because it's digital it's secure for privacy forward is sense of, we decide on what is check with whom, what is used for what, which use case based on the relationship we have, the person that's wallet and the organization. They are a side user centric because the user owns it, the user controls user shares, and it's reusable the authentication. It can be used for high volume transaction. And this is something which works between the, the different environments. So many use cases, and without going into much detail, some more complex, somewhat promising use cases. But for instance, in, in know your customer use cases in many of the authentication use cases, that's a huge, the revenue or cost saving potential and applying what is a little bit of a challenge.
I speak a little up this, that there are still a lot of things going on. There are still a lot of things in flow. And when you look at your national initiatives, there might be even some specific like, like in Germany, I think we have currently three or four competing approaches around establishing a decent realized identity standard. But if you also have to initiatives which work on, on exchanging an exchange between different standards to make it work universally like the W3C and the EITF and diff so, and the, the Hyperledger. So we have foundations which are working on how can we sort of build your interoperability with different schemes and different approaches.
So work is going on and what I'd like to do before, before I come to the end of my, part of the presentation is I'm looking at one of the ponds for just very frequently and very intensively discussed. Also, when we talk with end user organizations of different types, then the question comes, what does it mean for the use of journey? And I think it's important then to construct the journey because you still are, are in control of what you do for your business. But if this trust another other means for users to interact with you, with your business, with your organization, which makes it easier for the user. And if it's easier for the user, it's better for you. It's a very simple equation. So the use of Charney and oldest things that are on that is I think important to understand that. So we have this identity to customer, consumer popper, whoever maybe even sings for.
So they authenticate and there are different authenticators. You might use different authenticators to access them. So if your pupils example, if you're using windows, hello, sometimes my used to pin or fingerprint or D face recognition or whatever else. So there can be different osteo caters for the same thing you are doing against an IDP. This is this, the identity provider who Dem sort of works against it. And that then maps to an account and there's data off type account. And yeah, the, that also gives you access to the, at the applications and services. And then there's a system of record, which is linked to the ecology data. So the IDP has an account, certain data, and you have customers account data, which goes into your system of records across potentially different types of ways of coming in. And the decentralized identity in fact comes into play around this first step.
So to speak, it is about there's an authenticator and their state on that data is then provided to you to 40 account data for the system of records. But it, trust is an alternative to some of the things you're doing and you might already work as a lot of IDPs and it's still just be trust and the orange and Purdue area trust the natter option. You, it doesn't mean that you change everything. It just is one more way to do it. And it's potentially a better way because the, the information is flowing. You're given a different way. You then use the data. In other ways, there's additional data you might have for certain types of applications. And this is a framework which is complex. What is from my perspective, very important is to understand it doesn't mean that you reconstruct everything it's trust. Perfect, adding some more options at certain places, because you have been an authenticator, you have proven set of data, which you can then use, which this goes in a controlled flow to you.
And that is at the end changes here. So what is important resync, recent QT identity silo. So you match, you must have measure all of your identity, all of that entities yourself, and it's always some or many cases it's split off that. So put a customer identity. Some of that ends up in your own account data in your system are free tickets. Autos state outsiders are held by an IDP that could also be Facebook or whatever. So deconstruct the silos and business. The really important thing to do was that I come to the poll too. And that would be a very simple, yes, no question here. Definitely. So do you already have an approach for automated verification of customer consumer identities implemented so something which allows us without human intervention to verify the customer consumer identities, please vote. Now give it another few seconds. Okay. I think we can end here. Thank you for that. And Ms. Stanton, was that the photo or I do I hand over to Amin.
Thank you, Martin. And thanks to everyone for making time today to really listen in on something that I think it's changing the way the industry is handling identities. And w what I'm really gonna do is pick up on a lot of things that Martin, just talk about. Let me go ahead and put this in presentation mode, just a quick way of introduction. My name is Armenia Rahimi, and I head the distributed identity team here at ping. And I was previously the founder and CEO of short card, a company that got acquired by paying about a year and a half ago with this. We should just look at some of the trends in 2020. And that was actually what last year, right when COVID started by 64% of new checking accounts were open using mobile web people, not doing it in person, which means you can't really verify people in the traditional ways that we had done before over 2 billion buyers are doing their purchases digitally, and that's not transactions.
That's just number of people actually doing digital purchases. And over 53 million Americans are doing using online dating services, or will be using online services by 2024. And all of those, and these are different areas of anything from commerce to banking, to social use of the internet, but places where, knowing who individuals are is important, you see, are they important to enterprises businesses or to other individuals who in there are interacting with each other. And it really comes down to, does your organization really know who their customers are and are they who they claim to be? And the other question, and then one of the things, Martin top quite a bit about this, and I think it's a trend that we are beginning to see the beginnings of any we'll explore significantly more, which is who should be in control of the user's personal data when it's being exchanged or it's being stored.
And right now is all the central servers and service providers that really have that control. And the question is, is that the right way to do it, then, are there better alternatives for that? And with a decentralized identity? I think we have a way of being able to provide for that the first part, and one of the products that we have at painting and sculpting on verifies all centered around identity verification. So before we can even talk about decentralized identity and users owning on identity, part of it comes down to being able to identify who that individual is. And then with that, we could put in all these other verifiable claims and attribute, as many of those Martin talked about in traditional ways, I wish those traditional ways are still being done today. A lot of identity verification is done through data centric methods, things like KBA.
You ask a whole bunch of questions and, you know, the individual answers those. If you answer them correctly, then the assumption is that must be you the individual doc, a couple of problems with that one when it's knowledge-based information, fraudsters can have that data. And sometimes it's also very challenging for users, or it creates unnecessary obstacles for the user where they have to answer these questions over and over again. But also sometimes I like knowledge based questions. Sometimes it becomes difficult. I felt biome knowledge-based questions at times where I don't remember a particular street that I lived on when I was in high school. That was way too long ago. And even remembering some of those things, then you have to answer more questions. I can go through the process and where we're moving towards. And there are a lot of enterprises that are doing that today. It's really doing, what's considered to be document centric match, which is both using the biometrics of individuals as well as government ID cards and doing a match on those position with those being able to present it and have your biometrics, which is your facial image, Amazon document match, being really a way of identifying users with less friction in the processes as well.
Now, part of this and integrating identity verification into your overall Sam experience, part of that is to create a more seamless onboarding experience by doing it this way. You could provide a more self service process. You also don't have to verify individuals who agents that perhaps to call, ask questions and verify, especially when risk level goes up to be a lot more individuals can load up their data using the mobile app and be able to identify themselves and removing a lot of the friction that is traditionally there for creating accounts and so forth. And even in the reverse application process, once you verify someone, once you shouldn't have to go through the whole verification, loading up your driver's license or password and all of that again, and again, you can just do it once you should be able to present it again and again. But the key thing about that is that you can prevent fraud.
You can meet regulatory requirements, but good beyond that, it's really also being able to prevent fraud because you can tie real people with their biometrics, to the claim of who they are through their government IDs. You could get out of things such as bot registrations, and certainly when it comes to finance, being able to deal with quite a bit of what's no, your customer, the process, which is very typical of new technologies that are there, the way that we provide that is we have an SDK that could be integrated into your customer's app. In this case, what you see here on screen is an example with BX finance, being a, a sample app that we've created for banking use case, but the verification is very simple. Step one, you take a live face capture, and it's important to make sure that this aspect of it, and we've been investing quite a bit in it and advancing it even more.
So to make sure that you are keeping up with the other technologies that are in place where the fraudsters can actually fake it, real person through various methods, either a video video and stream playbacks or deep fake, which is becoming more and more readily available for people. But the first part is you get a live face capture. Second part is have them scan the government identification card. And then the last part is being able to tie all of that to your private key that's on the device and go through it. Once you do the verification, try and get back to that. Private key is the process that you can allow the user to replay that Rupert we represent the identification they have for Ruby verification, because it's not just the documents, but documents tied to a private key that has actually been certified by an authority that has done the verification.
Now, let me beyond just ID verification. Let me just talk about personal identity, a little bit and personal identity. We refer to as personal, but in the technical domain of that, it, you know, there are other references to it, including decentralized identity or blockchain based identity. Many of the terms that Martin also talked about, the reason we call it personal identity as we are also trying to keep it more personal and end-user centric, and they tend to think of terms or terms such as personal identity resonates with them, obviously a lot more than decentralized identity, but we might have to explain it to them, but it's ultimately the same thing.
The coin digital interaction is you've got a user. The user has no control over the data. You have IDPs. They really control the identity of the user. And we have our aspect of our identities with all these different IDPs. They communicate with apps downstream where the authentication and they can allow you access ping itself provides that, right? So we have federated federated identity, it capabilities and single sign on services, especially for enterprise, but also for the consumer use case, we'll make that available for our customers. You've got Facebook connect for examples and other IVP. You use that to access Facebook, but you can also use that to register and then access other services. Same thing with Google, Microsoft, and other forms of open ID IDPs. But this is the way things are done today. And if you lose your access to any one of those IDPs, you lose access to all of the apps downstream from it.
So it's not just that you have an access controlled with the IDP, but your identity is also with that IDP. And they control that. Now with personal identity, you get the control back. You've got identity providers who can authenticate you, and then you've got service providers, but you, in this case then in the middle. So rather than depending on the ID providers to give you access to the services, they do the authentication with you, but you get access to your services yourself. So they can deal with identifying who you are and identity, but you surely information yourself directly from your device and the service providers can just confirm. Yep. I have an identity provider that vast for a certain attribute, a value that gives you access to that service. But the paradigm changes, then you remain in control and you don't need to rely on those identity providers to provide you that access.
Now, there are three main stakeholders in personal identity. The obvious one is the user. The one that we oftentimes forget about, but the user that sits in the middle and they have the mobile device, ultimately as a wallet where they can collect all these various claims, but you have issuers and you have verifiers. Issuers would be examples of it being universities and colleges. When you actually go through an education, you get a certification that this is your diploma. For example, you've got a certain aggravation from that university. You've got a credit bureau, is that gives you a credit rating for whatever set of activities you might do, such as buying a car or a house or whatever else that maybe your employment employer that ultimately says you work for me. And they may even give you more detailed data aside from your working for them, including things such as when you got hired, what your salary, other information they have all of that data, but it can issue that data to us.
It giving you that data, including let's say with an employer, what your salary is your credit report with what the credit report score is or details about it when you have the data with you, but you can protect that data and only share it when it's appropriate and only share the pieces it's appropriate. And when you share that with verifiers, there could be any, anything from businesses were the need to look at you data for the activities you do. The example was like, you're gonna buy a car, you're getting a known for it. And you need to provide your credit report, plus your proof of employment and how much money you make in that. But there's a reason for it. You're trying to buy a car and get a loan for it. It could be health providers. If you've got health insurance, for example, you want to prove that you have health insurance with a certain deductible associated with it and a co-pay and the co-pay could change over time.
The static number as you make payments, your copay could potentially go down for example, but healthcare provider can see all of that data and be able to give you care much, much faster, and you don't have to reenter the data each and every time as one of my pet peeves, each time I go to the health provider, after we answer name, address, phone number, email, and so on, but they've already done all of that. That shouldn't have to keep doing it, but you feel offer, share data with other individuals. In fact, in a demo I'll run in just a couple of minutes. You'll see how there could be exchange with individuals just as well.
In all of these cases, it says, and I'm going to run some parts of this thing a little bit quicker so I can get to the demo. And we leave enough time for Q and a as well is you have issuers. When you can share data in a more standardized way, data can be kept up to date. You can actually update the data, both for you on your device, but also update the status of that by utilizing the blockchain in a way so that verifies can independent check the data and say, is the de-risk valid, right? What is the latest data that you have users that can protect your identity easily, share it with who they choose to. And they can also use that to verify other peoples. There could become the verified where someone else shares identity information without getting, get rid of a lot of the friction that's in place. Make the process a lot easier, really be able to manage user identity. I mean, privacy, a lot better because the verifiers don't have to actually store all the data. They can look at the data. They could actually deal with a lot of regulatory issues. As far as protecting PII data very differently. You only keep the data that you need, but you don't need other data that you might use for authenticating your user. You authenticate them when the user shares the data with you, and then you're done with it.
Let me just go through this slide. And then after this, I'll jump to demos. What you see here is a new product that we just released on the ASOS, both apple and Google, but this is our decentralized personal identity wallet. It's called card. It is what we expect to be one of many wallets that will be out there. And we are also going to be in parallel working with our platform to be compatible with other wallets, everything from or wallets, such as the apple wallet, Google wallets, to other wallets that are going to be out there. And I think that interoperability is going to be critically important, but you still need to have a wallet. And we also want to provide a secure way for users to store the data and engage with the platform that we've created for decentralized identity or personal identity. The way that this works is that within the app, we have a private key that private key is critically important, and it ultimately replaces whether your username and password with otherwise be on top of that, we have the verifiable verifiable ID.
That was the first part of the presentation I talked about on our Martin. As you're pointing to that quite a bit as well, being able to say this is the identity of a person can tie that to that private key. One of the things that's important about this is this is not a one-time event that you go through. And then next time you do your ID verification. You go through it again, there's a temporal aspect that actually adds value to that verifiable ID. Because once you identify a person over time, you can re verify that person, the person does transactions. Other credentials get created the value of that ID increases. So if you can verify an I B a and over a two year time period, it's the same person, same ID and other credentials added to it. You trust in the ID identity of the person goes up because you have that time associated with it as well.
But on top of that, you can add these other planes, anything from a health ID, health insurance, vaccination records, back account information, credit scores, proof of employment, proof of insurance, home insurance, our insurance needs. You may have licenses like fishing license that you may have. Other credentials can also be added on top of it, but those are all being added on top of that. Verify the ID plus the private key that really ties everything together. Now, with this, I'm going to go ahead and bring up a quick demo. It's four minutes long, just going to show you that process of what you do with the show card app. First is setting up your identity. We go through a process. We capture live selfie. We also use backend services to make sure that the picture that was captured was a live. You mentioned, done off of your phone rather than something that will be operated.
Next year. You got to take a picture of your driver's license front and back. If it's a passport, that obviously would be just the front of that. Now I'm going through a process access. The data has been loaded. The user's going through over here using HR system, scanning that QR code in order to get my employment data in a self-service mode. This data is available in the HR with my employer, but being able to get that as a claim that comes to me. So here you see that the claim was received. And if I click on that issue is proof that I worked for, I believe the name, right? Generic company, ABC, but that I'm a software designer. There here's another case signing up for a credit card rather than entering the information that can scan a QR code habit. He feel my verify data there, which is my name, date of birth address, all of that, but also my employment information.
So you obviously an exchange where it tells you where the information is I requested from the phone and then the data can come back along with the verifiable claims to see the KYC emblem on the top, right? Just indicating that the data has been validated, all the data just got, we feel you didn't have to reenter it. My employment information, my salary information for the last few years is there to being able to get a credit a lot faster. We can, they also create those credit cards as a verifiable claim as well. So I get a credit card issued to me with a credit indicating that that was actually issued against me as an individual, my private key, in this case, I'm signing up for a bank going through scanning the QR code. Eh, I was asked for a bunch more information again, we got the KYC verification was there previously. We don't need to do it again, but it's my ID card employment card for, you know, work, the salary information I've had. And the second form of ID in the form of a credit card that I got, that was actually the issue that I can register for the account and not using names and passwords. Just get in.
Now, if I go back and sign in, I'm using names and passwords, I bring the QR code. They can just scan that. And then my scanning it, and I'm able to get back right back in there again. Now, if I were to work with other parties. So in this case, it would be, let's say a call center, as long as they have some handle it, we're using email as a handle for that. But if you have some handles to be able to identify the user, you can send a request out, even if they don't have your biometrics to be asked to take another life selfie, be asked to turn in the original selfie that was certified against their driver license. Get the data back in with that. They get the user detail information verified. They use it very quickly. This last case is a dating case.
This is actually a picture of my wife. She insisted that. I say that she is my wife, and I'm just going to go through examples, sharing information. But let's say if you had met online, don't see each other. She could make a request for data. She can send me an email, I'll receive the text. So it's just an email with a link and says, go, you show up an app. It'll tell you what it, what it's looking for. I get the th the, in this case, it was actually a text. I get a text notification can be gained, click on the link, just looking for myself and your first name, last name, date of birth. And with that, if I approve all of that data to be shared, I security can send the data to her and she can receive, well, that's my face. That's my name and my date of birth in that case, because that's what I chose to actually share with her, but she can see the verification of the data that way.
So a lot of what you just saw was data sharing a wallet that can actually get actually data issue to it. Be able to collect the data as verifiable claims for multiple different sources, share those with different services. Oftentimes what we do is to our codes as a means of sharing the data back and forth with a device that may otherwise not most in that case, being the browser device, that's running on it on a laptop. For example, it could be on your phone if it's on a phone, right. Then if you are, coding will be a link that you click on. And then it'll come back to your show by that, you know, share the data. This last case was between two individuals. There could be next to each other. You could create a QR code on the screen where you scan it, or you can send a message or link, but in all of those mechanisms, the process is very similar. You send in verifiable data that it's sent to the other party. It is only the data you choose to share. They receive the data to verify the authenticity of the data through these signed claims that you have sent with them. And we don't have, those are still current is checked by checking the associated records that they have on the blockchain and saying, are those claims still valid or as the issuer made a change to it or modified?
Yes. Thank you, Armin. So when we, when we look at this questions, I think it will be very interesting. interesting. I think that moved to one question, which came in one question was, came in, already has been answered, which is, was then to use to self-sovereign identity as a future feature. I think you trust, demonstrated ping identities approach of using it. We saw this announcement of Microsoft around verifiable credentials, as well as some support comes in. So we see IBM being involved in, into hyper lecture initiative, for instance. So I think the, my perspective at first would be the simple answer is yes. What is your perspective, your view of the market today? Could you just say, so how do you see this market evolving this established Glencore drink?
I think part of what we've seen and I think it will be an evolution really getting to the market, right? So we're talking about changing the front doors from usernames and passwords that no one likes and central centralized server services that actually hold users identity information to this personal identity. But so we're seeing a transformation towards that. The first part of it is really being able to get that verified ID and you get there, there's more than one way of integrating that into existing services and part of the adjuster, getting users more comfortable with it, part of what we were seeing ready, and the adoption is still starting out in silos. I liked the picture you had in your presentation where the silo like, Hey, this is the silent. We don't want to be in it. And users don't want to be in that, but there are actually a lot of use cases still in a closed loop system where you could use personal identity, make the journey of the user life easier.
And we're seeing that with a intent of being able to extend it now, not necessarily a standard, the way I showed the demo where you can use the credentials, go to all kinds of different providers and share the data, but being able to be, for example, sharing the data on, in financial vertical, for example, right? But being able to deal with like great credit reports to bank accounts that get created to loans and so forth, you get, but not necessarily having to mix that with your health information and so on, but that's part of the evolution is what see in front from customers they're focusing on. But I think the followup to that is, as that happens, the adoption will start getting bigger, but it is a process that we need to build that environment.
Yeah. And I think that the interesting thing is part of the question we have in here is so the assumption that would mean a lot of restructuring of the architecture. A lot of questions we have here is around what, what, what, what we think the biggest challenge for organizations adopting decentralized identity approach. And so my, my, my perspective is that the, the restructuring of at least, well architect applications would be relatively limited because at the end it's another authenticator and it's just a different flow for registration information. So at the end, it's not, not a fundamental change of everything because it sits aside of what you can do. And so what is your perspective on that maybe a short answer to address the time?
Yeah. I think one of the biggest obstacles, people see division, a lot of customers just talk to, I've seen division and they, and they agree with it, but it is you can't just overhaul all of your existence systems. And I think creating a bridge, and one of the things we've been focused on, a lot of working with customers on is how do you bring in personal identity, but you're not going to get rid of all your IDPs in the way they deal with things today, nor are you going to get you into our user population overnight to say, now you're going to start using personal identity. So I think the biggest obstacle is creating that bridge and effective bridge that allows person identity to be included, but not get rid of existing systems overnight. I think there's going to be a transformation. It's an evolution, not just a revolution that will happen.
Yeah. And, and I think we have, I have two questions at the same seam, which is, we talked a lot about consumer identity, not only, but I think a focus was more on a consumer on a customer side, but what's the potential impact for work forces? What, what is your opinion on that? So how much can this, for instance, improve the workforce onboarding and other use cases?
Yeah. I think in some ways, when you're looking at, you know, we often have to stay consumers, but it's not just consumers, it's people, right. And people both work and do use that consumer based applications for what they do. So it is really a, an inclusion of all of that. But some of the things that we saw, especially last year COVID was a great element causing a push towards the digitalization. But it's people are hiring employees and contractors, right? Even employees who are no longer local, they may never see the individual. In fact, I have hired people in my organization that I've never seen. I only see the videos when they come on board, but the point is you want to make sure that they cannot be authenticated as to who they are. You don't want them to grab their driver's license each time you want to lock them out and say, get back in.
You want to do that once. And we utilize that over and over use biometrics when risk level goes up, when people are traveling for work. Now that things are opening up, people are doing that a lot more. So everything that we've talked about with the consumer use case really applies to the workforce. And in some cases, the burden is even higher. And the, the, the cost of failure is even higher because an employee of the company could potentially, or if someone impersonating them could potentially get access to lots more consumer data and cut, commit greater fraud. So I think the workforce, and know, when we talking about that verifiable identity of an individual and we verification and getting rid of the friction in the process applies to workforce just as it does.
Yeah. And, and also not to forget the business partners. So for business partner onboarding, it also can be a really huge advantage, you know, or students or whatever. I think there are so many use cases is really can make a lot of things much easier than maybe we give a quick look at the results of the second poll, at least, which was about, so, so maybe we can quickly displays the second poll, which was about, is there an approach for automated verification of place? And so we see a slight plus on the no side, so to speak. So there are some of more who said they don't have an automated verification yet in place, which means it's a, it's a way to go. So sometimes we have impartial use, but I think it shows organizations are starting at least on their journey, but it's, we, we are still in an early phase of adoption. Okay. Let's go back to maybe one more question. And I think this is the question, which is very much related to the demo. You have shown that. I mean, which is, how does the app know which information to present to the receiving party or do I need to select between the different, different cards?
So to, to, to note which info to decide or which information to show, maybe you can talk a little bit about that.
I mean, the demo was run rather quickly in four minutes. So it was hard to see it, perhaps all the, you know, changes that happen. But that's an important aspect of what we talk about. Both you and myself, Martin, by personal identity and decentralized identity. Do you use, it has all the information you choose, what you want to share, what you saw on some of those examples. I'm wondering the things that we felt was fundamentally important is each time you share your data, they use it should be presented with here's exactly what's being asked and do you approve it or not? And if you approve, we use face ID or touch ID, whatever the form has to confirm that yet it was you and you approve the sharing of the data. You could either ask for a complete, we refer to them as parts. So each one of these verifiable claims, we presented as a card, but you could ask for the entire driver license, for example, if you have banking, you've got regulatory requirements and users, you know, comfortable sharing that.
But in other cases, if you're thinking about that last use case, I was showing it was two people dating each other and post my wife. I I'll repeat that again. But she was asking for proof of, Hey, you know, who are you? Right? And it was my face that was matched with my driver license, with my first name, last name and date of birth. She didn't need to know anything else. I may not be comfortable or want to share my address and other things. So you can make the request for what data you want to share. And you'll see what they are. What we do in, in, within the wall of the app is we've got a little checkbox. You can uncheck anything you don't want to share. Now, if you want to share data, if I were to just give you data, I can go through a card and out of that and say, this is what I want to share, but the control should always be with the user.
Thank you, Armin. We are at the end of our webinar. So thank you very much, army for all information brought, it's like you to ping identity for supporting this webinar. Special thanks to everyone attending to this webinar, or later on, listening to the podcast of seminar. Thank you. Thank you. Bye-bye.

Stay Connected

KuppingerCole on social media

Related Videos

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00