Biometric authentication gains trust, reusable ID advances with oversight

The steady march of digital identity credentials towards reusability with biometric authentication is meeting the skepticism of some privacy advocates even as it marches past flagging efforts to modernize access control with single sign-on systems.

The overall trend is clear in Biometric Update’s most-read articles of the week. Mobile driver’s licenses and digital wallets increasingly look ready to meet the real-world identity verification needs of just about any relying party, in person or online.

The power of reusable digital identity can be seen in Singapore, where a quick SingPass scan replaces the laborious manual process most of us associate with auto insurance claims, David Crack of the ADVP wrote in Computer Weekly this week. He uses the example to elucidate a vision for the UK’s ID roadmap.

Most-read biometrics news of the week

An audit of the U.S.’ SSO system Login.gov by the GAO shows the federal government has spent far more on commercial identity verification solutions like those from ID.me, LexisNexis and Experian than developing its own. It is hardly surprising, based on the imbalance in investment, that commercial providers have done a better job meeting the government’s own security, privacy and assurance expectations.

The need for such a system is unclear, if private-sector versions do a better job of protecting against fraud. An interoperability demonstration event held recently by the OpenID Foundation indicates that mDLs like those being issued in the U.S. and Australia and digital wallets like those being issued in the EU are already capable of supporting ID verification in a wide range of scenarios. Participants included 1Password, Android, Mattr, OpenID Foundation, Panasonic, Scytales and SpruceID.

One of the few remaining requirements for mainstream adoption to take off is a killer use-case. Age assurance could easily be it, with Spain’s digital wallet joining a pilot of the EU age verification app planned for July. The idea is user privacy to be protected with double-blind verifications.

Orchestration services have been identified as a key opportunity in the UK’s digital identity market, with the Gov.uk One Login digital wallet set to store the government-issued mDL. Orchestrating Identity has been accredited as an OSP by the Kantara Initiative, and also as an IDSP, while GDS is spending 18 million pounds (approximately US$24.3 million) on cybersecurity for One Login.

Government-issued IDs have long sparked worries about state surveillance in many places, including the UK and U.S., and the latest concern to rise to prominence is the possibility of server retrieval by ISO-compliant mDLs. A collection of influential cybersecurity and privacy advocates are warning that “phone home” capabilities could be turned on by nefarious mDL issuers without people knowing, allowing them to track the credentials’ use. The extent to which this is a standards issue, rather than an oversight one, is debated.

Trust is clearly lacking, similarly to when Login.gov didn’t include face biometrics and liveness detection, and therefore fell short of meeting NIST’s IAL2 standard.

Independent testing for the technologies behind these solutions are one of the pillars on which businesses build trust that they will deliver on their promises. For face biometrics, NIST’s FRTE is probably the best-known test, and a new 1:1 report was published this week. Idemia is happy with its results. iBeta is already among the most well-known NIST-accredited private laboratories for biometrics already, and has now introduced demographic bias testing to its services, based on ISO/IEC 19795-10.

Our ongoing coverage of ID4Africa 2025 also continued this week, with an interview with Ethiopia NIDP ED Yodahe Zemichael, and a look at the birth registration reforms undertaken in Chad, Mali and Senegal.

Please let us know about any long-form articles, podcasts or other content you spot and think we should share with the people in biometrics and digital identity through the comments below or social media.

Article Topics

biometrics  |  digital ID  |  digital identity  |  identity management  |  reusable digital ID  |  week in review