Defining Person Centric Identity Management Systems - Why it Matters
By Janice Kephart, IdSP Owner and Managing Director
Identity has become a core vehicle that enables governments, commercial enterprises and individuals to conduct a diversity of business functions such as financial transactions, transit across national borders, enforce laws, transfer monies, secure infrastructure, and access personal and government devices. Pillars of success require that identity be both private and secure.
National and business identity management in the past involved credentials and biographic identifiers such as name, address, date and place of birth. Today’s increasingly globalized and digital world is demanding that biometrics, coupled with biographics, become the identity management standard. As a practical matter, reducing all the possible ways an individual can be identified to a simple set of attributes that, as unequivocally as possible, identify an individual as unique, checks the boxes for both government security and personal privacy. How to do that is the question.
Unique Identity is a concept that ensures that one person has one identity in a given population, and that the one identity corresponds to one and only one person. We call systems based on Unique Identity “Person Centric biometric identity management systems (PCBIMS).” PCBIMS are emerging answer for varieties of transactions by a variety of entities requiring identity verification to be harmonized successfully, and that is the focus here.
Identity systems with policies and technologies based on Unique Identity are evolving into viable core capabilities across the world. PCBIMS success stories include India, Pakistan, and Indonesia. The most renowned Person Centric identity management system (PCBIMS) is India’s Aadhaar system, where 99 percent of adult Indians hold an Aadhaar ID that links to some 84 government services, which will soon include the world’s largest welfare program. The Aadhaar PCBIMS is saving the Indian government about $2 billion a year. Europe, Japan, Australia, Singapore, and many more countries, have implemented some form of Unique Identity for border management, and over 40 nations today have biometric border programs, many of which are entry/exit programs that include Unique Identity. One system alone has 210 million enrolled identities.
The Schengen EU-VIS system processes fingerprint-based visas for the 28 member countries of the European Union based on the Unique Identity concept. Asian banks have begun to use Unique Identity to reduce fraud and improve customer service. Biometric banking platforms in the Middle East support anti-corruption efforts while enabling financial inclusion in third world countries at an unprecedented level using PCBIMS. The United States Department of Homeland Security will be modernizing its biometric identity management system that supports border and law enforcement functions to a person centric model beginning in 2018.
Where a business or national security situation requires one person to have one identity within a given population and function, PCBIMS is an opportune choice worthy of consideration.
Person Centric System Attributes
Systems that support Unique Identity have the following characteristics:
- Unique Identity systems, by definition, do not require any specific identity credentials, but rather, can adapt to whatever credentials are provided by the enrollees. The key capability is to de-duplicate new enrollments versus existing enrollment based on biometrics, not requiring the use of a credential to validate the actual identity. Credentials may be used in concert with the biometric to link to an identity file, but are not required to verify the identity itself.
- Scalable, accurate biometrics must be used in the system. At present, fingerprint, face, and iris are the most widely used Unique Identity system biometrics, with face still at the risk for false matching.
- Multiple modalities of biometrics greatly improve accuracy and can increase performance for identification and deduplication. Only one modality may be required for verification, but having multiple modalities allows for flexibility upon verification.
- Capture of biometrics and related identity credentials must be done at trusted encounters with oversight of officers at borders, banks, or airports to deter spoofing and help correct mismatch adjudications.
- Each transaction should typically three services: document check, identify, and verify. The backend IDMS must be highly available, scalable, responsive, and accurate, conforming to relevant biometric and identity management standards.
- Underlying data stores for these systems must not only be encrypted and stored under secure conditions, but (1) the biometrics, (2) the core identifying attributes, and (3) the functional identities created as a result of unique identity (e.g. a case file for an air traveler account in India), must be stored in separate data stores to preserve the privacy of each individual’s data by preventing unauthorized mining of information.
PCBIMS are perceptibly changing the way people interact with their governments, businesses, and each other. Yet with such rapid growth, concrete guidance as to how to architect a BIMS for success lacks understanding. Critical “must-haves” of any PCBIMS architecture, and the policies to enable all stakeholders to support its development, must be embraced at inception, no matter its purpose, in order to achieve success and avoid failure.