The future of the identity credential

From the beginning of time, humans have employed an array of methods for identifying people and deciding how to rank them in terms of what we in the identification industry now call “privilege management.”

Early man relied on simple, direct visual or voice identification of others to grant a privilege such as sharing a meal or shelter. Larger human settlements added markings, colours, code words or sounds to help with identification and the management of a limited number of important, often vital, privileges.

As settlements expanded into villages, towns and cities, the need to deal with total strangers and finding methods for granting them specific privileges became more complicated and relied more on proving one’s relationship with a known and trusted person or group.

In the twenty-first century, with unprecedented levels of migration, travel and international commerce, a true global village environment has emerged that nevertheless still relies on proving our relationships – with governments, employers, schools, financial institutions, companies with which we do business – as a way of gaining access to certain privileges.

We use our drivers licenses for general ID purposes such as banking or checking into a hotel; passports to travel internationally; health insurance cards for access to medical treatment; frequent-flier cards, bus passes, library cards, bank debit and credit cards – even ski passes and loyalty cards. We carry badges to access office buildings, college dorms, parking, company cafeterias or gyms. For access to online information or digital transactions, we use cards or tokens and a multitude of passwords that must be memorized. The need for identification and privilege management has exploded in volume and complexity.

By the year 2023, it is likely that most people will be required to carry government-issued credentials. However, the increasing drive for efficiency by both governments and technologists will likely result in a reduced number of physical credentials and a subsequent rise in secure electronic IDs.

In the U.S., the aversion to a national ID might therefore skew the market towards voluntary, convenience-driven alternatives. Programs like GOES, Global Entry, TSA’s Pre Check show the beginning of this trend. Globally, there is a trend towards the adoption of common standards.

We could see an Italian citizen use her Italian government-issued national ID card to enroll into the British National Health Service or apply for a temporary residence in Singapore, each enrolling authority having full control of its procedures and policies.

As we move on to the world of enterprise, the wider adoption of cyber security measures will result in more secure, multi-function electronics credentials. The reliance on passwords is likely to disappear for most enterprises with more than 50 employees in advanced economies. They will be replaced by a single, secure electronic identity for physical and logical access that is centrally issued and managed.

For consumers, we are likely to see mobile phones play a much larger role as both a credential and secure transaction device. There is growing confusion and irritation as people juggle ever more ID cards, tokens and passwords in order to prove that they are entitled to the privileges they are trying to access: money, the office, the ski slope, their bank accounts, social or company networks, etc.

This mounting dissatisfaction with the status quo is accelerating a convergence between employee ID and consumer ID. We see this now with the Bring Your Own Device trend, as companies begin to cater for individuals using their own preferred mobile devices. The next step is for companies to enable their employees to add access privileges to their mobile devices.

Ultimately the conversion of physical IDs into fewer, more secure and convenient electronic credentials will offer people more efficient and secure solutions for privilege management.

The technology is here today, but more is needed to make this vision a reality. Policies and practices must be developed that allow diverse organizations to use a secure credential issued by a third party, and this requires some changes in culture and mind-set. Also important is the wide adoption of NFC-enabled smart phones to empower people with secure credentials and transaction devices, right in their hands.