What are the building blocks of digital identity, and why does it matter to business?
In our modern world, people have a digital presence that parallels their offline lives. They go about their day accessing any number of businesses through the web and mobile apps. They often use multiple devices—a PC, a tablet, a mobile phone, perhaps a smart watch, a gaming console, or an in-vehicle computer.
Each digital event involves the exchange of hundreds of data elements between their devices (e.g., laptop, desktop, mobile phone) and the web servers (e.g., company website) with which they interact.
For consistency, we’ll refer to these data elements as “entities” moving forward.
Some of the entities in a digital event, such as an email address, are quite familiar. User names and passwords are common, but so are offline artifacts, including physical addresses, shipping details and more.
Globally, the average person will have four networked devices by 2021, according to Cisco.
Other entities are innocuous, such as the operating system of a handset. Hundreds of different technical attributes and event details are shared between a device and a web server just to make a digital connection possible. This exchange of information is central to the way devices recognize and communicate with one another to function properly.
Still more information about the user can be drawn from internal databases and merged into event details. Known as “truth data,” this includes intelligence that businesses have established about the user—the birth date used when opening the account, for instance.
Additional information from third-party systems can also be merged, such as data coming from address- or date-of-birth verification systems.
In North America, the average person will have 13 networked devices by 2021, according to Cisco.
All of this offline and online data can be merged and anonymized through the tokenization process. Sensitive data is assigned non-sensitive equivalents that have no exploitable meaning or value.
As you might imagine, over time, the amalgamation of these events and entities becomes quite a large data set. Thanks to the advent of advanced machine learning, we can peer into this data set to identify patterns hidden deep within.
For a digital identity, machine learning is tuned to find entity associations that infer a unique digital identity. This is analogous to the way DNA matching happens in the physical world.
In biology, it’s not the entire genome that’s compared to match samples, but rather a set of markers is identified that, if similar, infers a high-percentage likelihood that it’s a match with an individual. The same applies to a digital identity.
This white paper gives digital businesses insight into the key elements that make up a digital identity.
It turns out that entity associations for a legitimate identity may include multiple devices and email addresses. And it may be convenient to think of the combination of a single interaction on a single device as constituting a single user persona.
But, the amalgamation of all the personas related by “digital markers” to a specific individual form a recognizable and unique digital identity. This identity can then be assigned a unique, anonymized identifier, with a related trust and confidence score based on history.
With a unique digital identity in hand, new events can then be compared using the full context of the interaction. This includes device-level intelligence, but also location details and environmental factors as well. Using the same data science, the current entity associations are compared to past entity associations.
As in biology, a match, or a convergence between a new event and past behavioral markers, yields a legitimate identity. A divergence is indicative of suspicious activity. (Note: In the next chapter, we discuss how minor deviations, such as a new device, don’t necessarily lead to divergence.)
This approach takes authentication beyond device intelligence, beyond static identity data, beyond usernames and passwords–indeed, beyond anything that’s been before.
It takes business leaders to a place where they can genuinely understand the context of a digital interaction with certainty about who is on the other side of a faceless interaction on the web.
Next up: Digital Identity Intelligence