About three years ago, Rebekah Cox, an experienced product designer at Facebook and Quora, tweeted: "The first company to fully execute on embedding your identity into your phone (making a truly first-class experience) wins the next decade."
Well here we are in 2014, and winning that decade is still up for grabs.
At the time, Cox's tweet was widely circulated and provoked discussion. Later in a post to her blog "Mobile Identity" she gave a brilliant definition of identity - being "the product of how you manage your attention and others' access to that attention."
She said the phone promises "instant communication at the cost of having attention interrupted and redirected."
If we update Cox's thinking, today it would sound like this: the key to unlocking that attention is permissions which you can give to a person (classically your phone number) or to a service that you want to interact with (e.g via OAuth 2.0 or SAML tokens). The key to the design of such a solution is to emphasize ease-of-use and minimize user interruption.
What device would be better suited to facilitate that process than your smartphone?
So today we are making a bid for winning the next decade with the release of our PingID service, elegantly designed for smartphone-based authentication and identification.
Wouldn't it be great if you could securely identify and authenticate yourself to any business or person via a single mobile identity app? Enterprises could protect web and mobile access to their VPN, cloud-services or single sign-on platform and enable self-service password reset. Beyond web and mobile access, contact centers could dramatically reduce their cost by slashing verification process times, while increasing customer satisfaction.
Retailers could verify payments in any channel with the right level of security, from sending a notification for a micropayment, requesting a user acknowledge between two apps or applying several authentication factors in approving a macro-payment for $1,000 or more.
Banks could securely sign transactions and securely capture credit card codes. Governments could approve workflows. Consumers could safely control their homes - from heating to appliances to physical access.
The PingID service was designed to provide one single solution for all authentication and identification needs of a business in any industry. It provides employees, customers and partners a smart, secure identification and enables access to any service, anytime, anywhere.
To maintain a high level of usability and to prevent the need to receive a password acknowledgment from the user on any transaction, PingID supports context-based authentication.
The first release of PingID enables an authentication mechanism that dramatically improves the user experience. This mechanism covers major enterprise use cases for secure access to cloud and VPN services and enables smart authentication for PingOne and PingFederate.
Based on policies set by the enterprise, the user receives a push message to his smartphone which wakes up the PingID app. Instead of entering a password into the browser, the user just acknowledges the authentication with a simple swipe on his phone. Faster, more secure and simply more strategic than today's authentication services - PingID leverages the user's smartphone for BYOD and MDM scenarios.
PingID is neatly connected to PingOne, which provides a cloud-based backend integrated into the PingOne Service, a Radius-compliant VPN client, mobile clients for iPhone and Anroid, as well as, text message support for users without a smartphone.
In the future, PingID's cloud-based backend and SDKs offer limitless opportunities for authentication innovation. The support for context-based authentication will expand to include multiple authentication factors: what-you-have, where-you-are, what-you-know, what-you-are (man-vs-machine).
In addition, it will allow you to integrate third-party authentication mechanisms, e.g. a biometric who-are-you factor such as Apple's Touch ID.
PingID is the fruit of our labor. It shows the hard work we've done to win the next decade by being the first company to fully execute on embedding your identity into your phone.
See today's other Ping Identity blogs and product releases: