Now is the perfect time to rethink how we engage with others digitally. Online interactions are increasingly prevalent and our personal data is being spread across numerous companies’ applications and services like breadcrumbs dropped on a hike. All the while, regulations and technical requirements associated with collecting and storing that data are growing, causing businesses to reexamine their identity and access management systems and evolve to keep pace. The game is changing—and it’s time people have more control over their own digital selves.
What if individuals could determine how to share data and with whom? What if that data was always up to date? And what if instead of merely having a unified customer profile in a single company, each person could have one identity experience for all the companies and people they interact with?
Personal identity holds the key to answering these questions. Also called decentralized identity or self-sovereign identity, personal identity enables individuals, rather than a company or other organization, to control, manage and share their own identity-related information. The concept is gaining traction as more and more individuals demand jurisdiction over their personal data and businesses gain confidence in their customers’ verified identities. Here at Ping, we’re taking the lead to ensure everyone has complete ownership of their own personal data.
How Personal Identity Works
In the personal identity model, individuals store identity-related data in a digital wallet on a mobile device so they can keep that information updated and share exactly what data they want—right down to the attribute—with businesses and other individuals. This streamlines how people safely reveal personal details to prove their identity when shopping online, applying for a loan, conducting banking transactions and more. Businesses benefit under this model as well, since personal identity enables companies to better protect customer privacy, improve the user experience and alleviate the challenges associated with collecting personal data.
Why Now Is the Right Time
Year over year, more daily interactions between people and businesses are becoming digital, in large part because of the ubiquity of mobile phones. (At last count, over 6 billion people have access to smartphones.) The pandemic was merely an accelerant of a trend that was already in motion:
But the current paradigm isn’t sustainable. Today, each company or organization a user interacts with owns and manages a specific version of that user’s identity data, the foundation of which is a username and password. Identity providers and service providers have to know each other and have some form of agreement (i.e., standards) that allows the exchange of information.
But as a person engages with an increasing number of service providers, their identity-related data is spread across multiple identity providers (IdPs). Once that user ceases doing business with a service provider, they can no longer access that information, sprinkling behind remnants of personal data that can soon become out of date.
Personal identity will force a major change in how users interact with businesses and other individuals because it revolutionizes how we build trust relationships between people and organizations. Customers are demanding more privacy and the ability to maintain control over what they disclose about themselves. At the same time, businesses and individuals must be assured that the human at the other end of the digital transaction is who they say they are and that the information they are providing is valid.
With personal identity, the organizations that issue information that users can store and share have no connection to the organizations that the user may choose to share that independently verifiable data with—thereby enabling increased privacy and boosting identity verification.
The Benefits of Personal Identity
The shift from businesses and other organizations controlling identity information to individuals managing their own data has already started, and we at Ping have seen how it creates a better user experience. Digital wallets are a convenient, user-friendly method of storing and accessing personal information, and they simplify registration and other interactions by storing information on a device that is easily accessible: the user’s smartphone. This makes it easier for users to access up-to-date information, and instead of a lengthy process of finding, collecting and sharing information, an individual can take care of it with a few finger swipes.
Personal identity also lowers the risk of fraud. Fraud can never be completely eliminated, since there is risk in every digital transaction, but it is lessened when the processes of opening accounts or registering online are made more secure. Businesses have greater confidence in the identity of the user and that the information they are presenting is valid and current.
Personal identity also decreases the burden of information sharing. We’ve all seen the stats showing how the amount of data collected in the normal course of business is increasing exponentially, and shifting the ownership of storing personal information from a business to the individual can help alleviate the burdens of meeting technical, regulatory and compliance requirements of data storage.
How Ping Is Furthering Personal Identity
In February of this year, Ping announced Project COVID Freedom to enable vaccine providers, businesses and individuals to securely prove vaccination and COVID test results to others. This critical piece of personal data was an important starting point for making it easy to securely share personal data, and solved the immediate need of safely reopening communities.
Ping is taking the next step to innovate digital interactions using personal identity by expanding support beyond proving COVID-19 vaccination status. We’ve recently announced two new offerings that will secure and streamline how consumers exchange personal information with businesses and other individuals:
ShoCard is a digital wallet for consumers, who use it to securely store and share personal information about themselves.
PingOne for Individuals enables businesses to issue digital identity and information cards to their users. These digital cards are tied to verified data and stored in the ShoCard wallet.
How ShoCard and PingOne for Individuals Work
The process involves three different entities:
Issuers. These are the official sources of verifiable data that issue identity-related data to users. For instance, an issuer might be a college issuing transcripts, an employer providing official sources of employment history, or a credit bureau releasing a credit history. Businesses can use the PingOne Credential service that is available with PingOne for Individuals to create and issue verified credentials, or cards, that users can store on their digital ShoCard wallet.
Users. These are the individuals who store verified identity information from the issuer, like a driver’s license, vaccination record or health insurance card, in their ShoCard wallet on their mobile device. To add the verified information to their wallet, the user scans a QR code or clicks a link provided by the issuer. This portable data is only stored within the ShoCard wallet and is never outside of the user’s control, and it can be shared with as many people or businesses as the user wants.
Verifiers. These are businesses or individuals that need to confirm something about someone. For instance, it might be an employer needing to confirm college graduation status, a healthcare provider requesting proof of insurance, or an online date seeking reassurance that they are talking to the right person. The user scans a QR code to share whatever current, verified information they wish to disclose to the verifier.
The Technical Details
If you’re interested in the nuts and bolts of these solutions, here’s some detail about what goes on behind the scenes.
When a user downloads and installs the ShoCard app, they create a profile that is a unique identity tied to a private key on their mobile device. They create this profile by using their smartphone to take a live capture selfie that is verified against their government documentation photo. If the photos match, the ID card is examined to ensure it has not been tampered with and is consistent with the issuing government IDs. Then, the device is linked to the individual, and it sets a foundation for the user to collect digital cards to place in the ShoCard wallet.
Users then create digital cards (aka identity claims) via the PingOne Credential service or the PingOne for Individuals SDK and store these cards in their ShoCard wallet. PingOne Credential service is a no-code method for businesses to configure and issue digital cards, while the
PingOne for Individuals SDK allows businesses to issue and verify identity claims from users.
These claims need to be created by issuers using cryptography to certify the data. PingOne for Individuals and ShoCard use public ledgers to manage revocation and changes to a credential. This platform is blockchain agnostic. The current version leverages the Hedera public ledger to cryptographically secure credential records. By managing credentials on this public ledger, we can better ensure each credential is tamper-resistant and secure, only able to be modified by the holder of its key. Additionally, this process allows an issuer to revoke the status of the claim if anything has changed, and this will be reflected in the ShoCard app and any verifier can check the status of a claim that a user shares with them for its current state and veracity.
Personal Identity Use Cases
Our Project COVID Freedom initiative focused on enabling individuals, businesses and vaccine providers to securely share information about vaccination status and test results. But this is only one example of how personal identity can be leveraged to streamline and secure the sharing of personal information. Organizations use personal identity in a variety of ways:
Global Sports Club
In this scenario, the organization is both the verifier and the issuer. The sports club has access to player data and can confirm identities as players show up to fields to prevent fraudulent player substitution during games.
Health Insurance Provider
Health insurance providers issue insurance claims, such as information regarding co-pays, high-deductibles, deductible status, etc., that allow hospitals and other healthcare organizations (the verifiers) to understand a patient’s coverage, helping the verifier decide how to bill, collect and react.
Event Ticketing Platform
Ticket scalping has long plagued the entertainment industry. To cut down on this practice, authorized sellers could verify buyers at the time of purchase, or venues could access the user’s identity and event ticket details before admitting the user into an event.
Individual as Verifier
Individuals may act as a verifier in a range of situations, such as when selling an automobile online. In these cases the data provider website, such as the site where the car was sold, can verify the information, and when individuals meet, the website can provide a verification URL where the individual can scan a QR code and confirm information.
These are just a handful of the interactions in which personal identity promises to play a large role. We’re already seeing organizations look to the future on how personal identity can revolutionize their interactions with customers and employees. Ping is excited to be at the forefront of giving individuals back the control over how they share their personal data with others. Learn more about our Personal Identity initiative.