Today’s global society exists due to the ease of communicating, interacting, and doing business with one another beyond national borders. A digital society based on remote working and remote identity verification can only be successful in the long run if the same global – or at least regional – standards are applied. However, the pandemic emphasized several challenges that still need to be addressed so that people can access their rights by proving their identity remotely, or fulfill their missions in a more flexible way:
Let us dive further into these trends that have shaped 2022 and will likely be with us in the coming months, if not years.
Biometric technologies facilitate people’s lives, making the world a safer and securer place to live in. The sensitivity of biometric data cannot be stressed often enough, and in previous articles we presented several solutions to safely use them. But this time, we are going beyond securing data and the challenges of the present.
Due to the ease of use, convenience and security, there has been a significant increase in the implementation of connected devices such as biometric access control terminals. However, the drawback of using successful technology is that it often becomes a preferred target. Security is only as strong as the weakest link, which is why technology providers have had to reevaluate the full product lifecycle, especially the first step―manufacturing―to ensure the highest level of security.
Without appropriate security measures in place, a product is particularly exposed during the manufacturing process. For example, the firmware could be duplicated or modified in order to introduce security breaches that could later be exploited once the product is operational. Product counterfeiting, product duplication and theft of secure information such as keys are real risks when a device is being manufactured.
Although secure manufacturing has been in existence for many years for microprocessor chips used in bank cards and SIM technologies for instance, it has only just been introduced to connected device manufacturing.
There are three main pillars of secure manufacturing:
Secure manufacturing enables companies to work with subcontractors without fear of the device being modified or hijacked with an alien element. It is also the foundation to guarantee that the device is well prepared to resist in the future.
Instead of creating a product and then trying to protect it, secure manufacturing focuses on eliminating vulnerabilities from the get-go.
Since the beginning of the 1990s, major advances have been made to exhibit how a computer based on quantum mechanics could speed-up the resolution of intractable numerical problems. Currently, there is a worldwide effort to build quantum information processors. While the path to a general-purpose quantum computer is still long and uncertain, powerful special-purpose machines could arise in the coming years. One of the fields that will be impacted by the advances is cryptography―the technology used to secure our digital life through encryption, authentication and digital signatures.
Researchers have already designed quantum algorithms that could be used to speed-up attacks on the cryptographic technologies currently being used. For some algorithms, the speed-up is limited, and enlarging the cryptographic key is sufficient to thwart the threat. However, for other algorithms, which constitute the core of any modern security protocol, this means that, at the instant when a sufficiently powerful quantum computer will be available, it will be very difficult to ensure confidentiality. If security solutions should resist quantum computers, they need to be updated with new cryptographic techniques called Post-Quantum Cryptography (PQC) that remain resistant against such a threat.
Today, all encrypted data exchanged can potentially be recorded and stored until a machine powerful enough to threaten current cryptography is available, allowing anyone to reveal the plain data. For some applications, data has to remain secure for several decades, not forgetting that migration to new systems could take years. The National Institute of Standards and Technology (NIST) has initiated a standardization process for PQC. It started late 2017, as an open and transparent ‘competition’ in which 69 candidates participated, and by 2024, a handful of them will be standardized.
However, moving to this new cryptography will not be an easy journey. First, a significant increase in computational complexity and the size of data (keys and ciphertexts) will have to be compensated by new hardware and the optimization of software. Moreover, the brand-new algorithms will necessitate years of scrutiny in order to reach the high level of confidence in the current cryptography, to which society has committed decades of research. To cope with this, government agencies and leading industry players will work hand in hand, at the beginning, to deploy hybrid protocols that carefully mix today’s cryptography and PQC in order to avoid regression and to implement crypto-agility―mechanisms that enable the update of protocols for products already in the field. IDEMIA and other leading industry players are well aware of their responsibility toward society. They understand that in order to mitigate the risks of tomorrow, they have to start investing today.
Digital wallets are far from new. However, until now the emphasis has been on payment methods―the digital wallet replacing the physical wallet, and the need to withdraw cash. Users are already familiar with storing a digital boarding pass in a digital wallet on a smartphone or having a digital version of their loyalty cards. What is new is the creation of a digital wallet built for our diverse credentials including the invaluable identity documents. In 2022, Apple and Samsung, two giant tech providers added digital ID offerings to their digital wallet solutions. Another novelty is the aim to build an international solution that goes beyond a national system. Let us look at the EU digital wallet as a hot topic of 2022.
Today, only about 60% of the EU population in 14 Member States are able to use their national eID cross-border.1 Announced in June 2021, the EU digital identity wallet will be available to EU citizens and residents who want to identify themselves or provide confirmation of certain personal information. Used for both online and offline public and private sector services in the EU, this secure digital wallet could contain an individual’s credentials such as their ID card, driver’s license, diplomas, payment methods, vaccination records, and many more.
Once in place, the EU digital wallet will be accessible via an app on the user’s smartphone, which allows them to maintain control over their credentials at all times. They will be able to decide which specific elements they would like to share. For example, if a user needs to prove that they are over 18, they can prove just that, without divulging their exact date of birth, age, name, address and other personal details.
The EU digital wallet would also allow entities with whom individuals are sharing their credentials, to be sure that they are genuine and do indeed belong to the holder. The EU digital wallet is meant to become a secure, simple and safe way for people to share information with service providers.
And most importantly: independent from the exact approved digital wallet solution that each EU Member State will go for, interoperability with other Member States will be guaranteed.
Pre-pandemic, many companies did not encourage working from home. Accessing the company’s secure network via VPN was acceptable for a select few employees or for organizations where the majority of the team was regularly traveling. The same security concerns remained for law enforcement agents, notably field officers who had no choice but to conduct everyday tasks at the station, losing out on valuable time that could be spent keeping citizens safe in the street.
Thanks to securer technologies, the trust in mobile solutions is steadily increasing so that officers can perform tasks such as ID verification remotely. By using an app on their smartphone that is linked to the national AFIS/MBIS (via a dedicated cloud-based platform), officers can now conduct on-the-spot face and fingerprint biometric checks to verify or establish the identity of an individual instantly as they would do at the police station. The back camera of a smartphone is capable of capturing detailed photos of a person’s fingerprints, enabling a 1:N match.
Cloud-based law enforcement solutions benefit from efficiency, scalability and elasticity, which translates to a rapid response time for officers in the field, and various overall advantages for the entire organization. For example, the cloud-based platform could be used by many concurrent users such as field officers, without necessitating an investment in very large computing capabilities. Additionally, the platform could be started up or shut down in a matter of minutes, providing the law enforcement agency with maximum flexibility. Furthermore, specialized platforms could be created to specifically manage particular events; large public gatherings such as the Olympic Games, or major public security incidents, etc. With the technologies developed over the last few years and the increased security that comes with them, law enforcement agents should now access and benefit from the same flexible way of working that the pandemic has introduced for many other sectors.