Let’s start with a question…
How long would it take you to notice you’d lost your phone?
We’re going to go out on a limb here and say you’d notice pretty quickly. Afterall, the average smartphone user checks their phone 221 times a day. If we sleep for 8 hours, that means we’re checking our phones about 14 times an hour while we’re awake…or once every 4 minutes. So if our phone goes missing, it’s not going to take long before we know about it.
But what about your driving licence? Your passport? Your university diploma? Your health insurance number? Let’s face it, it could be months before you realised any one of these could be missing.
Which is why it makes perfect sense for everything to be in one place and for our phones to become the place where we verify who we are, no matter the use case or the setting we’re in.
In the not too distant future, you’ll see everything from digital passports through to the highest level of assurance document signing all managed directly through the magic little devices we take with us everywhere.
However, we’re not quite there yet but the next twelve months are shaping up to be a hugely exciting time in the mobile portable identity space. So we’re going to dive into what we expect to see coming up in the year ahead.
Here’s everything you need to know about mobile portable identity in 2024.
1. eIDAS 2.0
eIDAS 2.0, the new EU regulation, should go to parliament in the early part of the year and, once it becomes approved, it’s law. The details still haven’t been finalised but, in the words of Ursula von der Leyen, President of the European Commission, the goal is to create a “secure European e-Identity…that any citizen can use anywhere in Europe…a technology where we can control ourselves what data and how data is used.”
This new legislation gives EU citizens the right to be served digitally by their government. It will be another twelve months before the implementation laws are live but, once they are, it will automatically trigger transition timelines for compliance.
This means EU governments will need to do two things; they will need to enable all government delivered services to be served digitally and they will need to give citizens an EU digital wallet.
While the EU digital wallet won’t be mandatory and won’t replace physical ID immediately, users will have the ability to selectively share only the personal attributes and data they choose to disclose with third parties. The wallet will enable users to easily identify, authenticate, and demonstrate their entitlements, paving the way for an expanding array of services and use cases in the future.
While member countries have the freedom to pursue unique designs and functionalities for their wallets, a key feature is interoperability. This ensures that every wallet, regardless of individual design choices, will share common features and seamlessly operate across the entirety of the European Union.
2. Greater control and less risk
Two of the major benefits of eIDAS 2.0 will be giving people back control over their data and creating less risk for businesses because the level of security and assurance will significantly reduce the risk of hacking or fraud.
A pivotal feature of eIDAS 2.0 is the user’s exclusive control over all personal information. The development of the EUDI Wallet is geared towards streamlining access to online services, facilitating secure transactions, and enhancing the experience of cross-border operations and travel for both individuals and businesses. Centralising electronic identification and trust services, such as electronic signatures and certificates, within the wallet empowers users to easily access and utilise their data and certificates whenever required.
People are getting control back and nothing will happen without user consent – which means the user experience with a digital wallet needs to be seamless because nothing can happen without the user being involved.
A much more secure digital ecosystem will also facilitate less risk. For example, right now, things like digital signing are not done to a high level of assurance and it’s becoming a highly commoditized industry. By transitioning services like this to a government-provided digital wallet, there will be a guarantee of the highest level of assurance possible and, as a result, less risk.
3. The highest security everywhere
Following on from this, once you start to have a strong and robust digital identity, you can start securing data and exchanging data securely at scale, creating a much more secure digital ecosystem. This level of data provenance (for example, knowing where, who by, and on what device data was created as well as relevant tagged metadata) will help distinguish what has been created by AI and what has been created by a person. As we veer into a world where the likes of deepfakes will become the norm, this will become increasingly vital. And, eventually, we will see this trickle down into social media, helping users see at a glance what types of content are authentic and what isn’t.
4. The need for remote secure elements
What we know for certain is that the current mobile phone infrastructure isn’t suitable for facilitating the use of a digital wallet because it doesn’t have the requisite level of security required to make it happen.
All EU Citizens will have the right to EUDI Wallet. But how do you make sure that, after onboarding, you can stay logged in without compromising your safety and privacy?
There are a couple of options:
- Software token: You can store your private information in a software token. The problem is that it isn’t really secure and can be compromised. Therefore it won’t be certified to the highest level, and thus you won’t be able to login to anything digital provided by your government in the near future.
- Hardware token: This is the safest option. By storing your information in an encrypted physical token you enjoy the highest security. But you need to carry it with you all the time which is a hassle, plus you could lose it.
- Internal phone chip: This could be an option, except it misses the right certification. The second problem is that as it’s in your phone – and if one phone gets compromised, all phones of the same type are not safe anymore.
So the ideal solution would be a hardware token that you don’t have to carry around with you but is always accessible. That’s why ubiqu introduced the Remote Secure Element. You can upload your personal data to this element and access it any time you want. This way you can conduct notary worthy actions, with the simplicity of a PIN code.Implementing a remote secure element involves ensuring secure communication channels between the device and the remote secure element, as well as employing encryption and other security measures to protect the sensitive data being transmitted.
Our system establishes a secure connection to the token, enabling online identity verification through a convenient phone application. This means verifying a user’s identity can happen instantaneously through a secure element that the user doesn’t have to do anything with or carry around with them because it’s accessed remotely.
In Summary
Identity is paramount to everything. It’s why we put it at the core of all the aspects of the work we do. The future always holds unknowns. We can guess at what’s coming but we can’t say for certain. But, what we can do is ensure we’re ready for any type of eventuality the future might hold.
It’s why, in the face of evolving digital challenges, we envision a future where identity security is elevated through pragmatic and robust solutions. We aim to establish a secure digital landscape, providing individuals and businesses with a steadfast shield against emerging threats. Our vision is anchored in practicality, aiming to build a digital ecosystem where identity protection is a fundamental and reliable cornerstone.
If you’d like to find out more about what we do and how we can help you get ready for eIDAS 2.0, then we’d love to talk to you.