Digital identity


A digital identity is data stored on computer systems relating to an individual, organization, application, or device. For individuals, it involves the collection of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.
Digital identities are composed of the full range of data produced by a person's activities on the internet, which may include usernames and passwords, search histories, dates of birth, social security numbers, and records of online purchases. When such personal information is accessible in the public domain, it can be used by others to piece together a person's offline identity. Furthermore, this information can be compiled to construct a "data double"—a comprehensive profile created from a person's scattered digital footprints across various platforms. These profiles are instrumental in enabling personalized experiences on the internet and within different digital services.
Should the exchange of personal data for online content and services become a practice of the past, an alternative transactional model must emerge. As the internet becomes more attuned to privacy concerns, media publishers, application developers, and online retailers are re-evaluating their strategies, sometimes reinventing their business models completely. Increasingly, the trend is shifting towards monetizing online offerings directly, with users being asked to pay for access through subscriptions and other forms of payment, moving away from the reliance on collecting personal data.
Navigating the legal and societal implications of digital identity is intricate and fraught with challenges. Misrepresenting one's legal identity in the digital realm can pose numerous threats to a society increasingly reliant on digital interactions, opening doors for various illicit activities. Criminals, fraudsters, and terrorists could exploit these vulnerabilities to perpetrate crimes that can affect the virtual domain, the physical world, or both.

Background

A critical problem in cyberspace is knowing who one is interacting with. Using only static identifiers such as passwords and email, there is no way to precisely determine the identity of a person in cyberspace because this information can be stolen or used by many individuals acting as one. Digital identity based on dynamic entity relationships captured from behavioral history across multiple websites and mobile apps can verify and authenticate identity with up to 95% accuracy.
By comparing a set of entity relationships between a new event and past events, a pattern of convergence can verify or authenticate the identity as legitimate whereas divergence indicates an attempt to mask an identity. Data used for digital identity is generally encrypted using a one-way hash, thereby avoiding privacy concerns. Because it is based on behavioral history, a digital identity is very hard to fake or steal.

Related information

A digital identity may also be referred to as a digital subject or digital entity. They are the digital representation of a set of claims made by one party about itself or another person, group, thing, or concept. A digital twin which is also commonly known as a data double or virtual twin is a secondary version of the original user's data. Which is used both as a way to observe what said user does on the internet as well as customize a more personalized internet experience. Due to the collection of personal data, there have been many social, political, and legal controversies tying into data doubles.

Attributes, preferences, and traits

The attributes of a digital identity are acquired and contain information about a user, such as medical history, purchasing behavior, bank balance, age, and so on. Preferences retain a user's choices such as favorite brand of shoes, and preferred currency. Traits are features of the user that are inherent, such as eye color, nationality, and place of birth. Although attributes of a user can change easily, traits change slowly, if at all. A digital identity also has entity relationships derived from the devices, environment, and locations from which an individual is active on the Internet. Some of those include facial recognition, fingerprints, photos, and so many more personal attributes/preferences.

Technical aspects

Issuance

Digital identities can be issued through digital certificates. These certificates contain data associated with a user and are issued with legal guarantees by recognized certification authorities.

Trust, authentication and authorization

In order to assign a digital representation to an entity, the attributing party must trust that the claim of an attribute is correct and associated with the person or thing presenting the attribute. Conversely, the individual claiming an attribute may only grant selective access to its information. In this way, digital identity is better understood as a particular viewpoint within a mutually-agreed relationship than as an objective property.

Authentication

Authentication is the assurance of the identity of one entity to another. It is a key aspect of digital trust. In general, business-to-business authentication is designed for security, but user-to-business authentication is designed for simplicity.
Authentication techniques include the presentation of a unique object such as a bank credit card, the provision of confidential information such as a password or the answer to a pre-arranged question, the confirmation of ownership of an email address, and more robust but costly techniques using encryption. Physical authentication techniques include iris scanning, fingerprinting, and voice recognition; those techniques are called biometrics. The use of both static identifiers and personal unique attributes is called multi-factor authentication and is more secure than the use of one component alone.
Whilst technological progress in authentication continues to evolve, these systems do not prevent aliases from being used. The introduction of strong authentication for online payment transactions within the European Union now links a verified person to an account, where such person has been identified in accordance with statutory requirements prior to account being opened. Verifying a person opening an account online typically requires a form of device binding to the credentials being used. This verifies that the device that stands in for a person on the Internet is actually the individual's device and not the device of someone simply claiming to be the individual. The concept of reliance authentication makes use of pre-existing accounts, to piggy back further services upon those accounts, providing that the original source is reliable. The concept of reliability comes from various anti-money laundering and counter-terrorism funding legislation in the US, EU28, Australia, Singapore and New Zealand where second parties may place reliance on the customer due diligence process of the first party, where the first party is say a financial institution. An example of reliance authentication is PayPal's verification method.

Authorization

Authorization is the determination of any entity that controls resources that the authenticated can access those resources. Authorization depends on authentication, because authorization requires that the critical attribute must be verified. For example, authorization on a credit card gives access to the resources owned by Amazon, e.g., Amazon sends one a product. Authorization of an employee will provide that employee with access to network resources, such as printers, files, or software. For example, a database management system might be designed so as to provide certain specified individuals with the ability to retrieve information from a database but not the ability to change data stored in the database, while giving other individuals the ability to change data.
Consider the person who rents a car and checks into a hotel with a credit card. The car rental and hotel company may request authentication that there is credit enough for an accident, or profligate spending on room service. Thus a card may later be refused when trying to purchase an activity such as a balloon trip. Though there is adequate credit to pay for the rental, the hotel, and the balloon trip, there is an insufficient amount to also cover the authorizations. The actual charges are authorized after leaving the hotel and returning the car, which may be too late for the balloon trip.
Valid online authorization requires analysis of information related to the digital event including device and environmental variables. These are generally derived from the data exchanged between a device and a business server over the Internet.

Digital identifiers

Digital identity requires digital identifiers—strings or tokens that are unique within a given scope.
Identifiers may be classified as omnidirectional or unidirectional. Omnidirectional identifiers are public and easily discoverable, whereas unidirectional identifiers are intended to be private and used only in the context of a specific identity relationship.
Identifiers may also be classified as resolvable or non-resolvable. Resolvable identifiers, such as a domain name or email address, may be easily dereferenced into the entity they represent, or some current state data providing relevant attributes of that entity. Non-resolvable identifiers, such as a person's real name, or the name of a subject or topic, can be compared for equivalence but are not otherwise machine-understandable.
There are many different schemes and formats for digital identifiers. Uniform Resource Identifier and the internationalized version Internationalized Resource Identifier are the standard for identifiers for websites on the World Wide Web. OpenID and Light-weight Identity are two web authentication protocols that use standard HTTP URIs. A Uniform Resource Name is a persistent, location-independent identifier assigned within the defined namespace.