In the physical world, each person is unique, with their own set of relationships, personal preferences, financial profile, physical characteristics, past behaviors, future plans and so on — the attributes that make up their identity.
Being able to recognize each customer’s unique identity makes it possible for companies to do business with them — to know what kind of services to provide and recommend, charge and track payments accurately, measure and enhance satisfaction, and provide the kind of continuity that delivers optimal value for customers and providers alike.
Digital identity is the extension of this concept into the digital realm — and it’s central to modern connected life. The ability to recognize and manage individual customer identities effectively is the foundation of:
- Trust, as companies safeguard each customer’s personal information and use it with consent for their benefit.
- Consistency, by harmonizing identities and connecting user identity record across organizations and industries.
- Experience, making it possible for companies to know their customers, personalize services, simplify online interactions and increase satisfaction.
- Privacy, allowing customer transparency and choice on what where, and how their personal data is used.
- Security, helping companies protect against identity fraud, hacks and breaches.
- Innovation, as companies use identity across industries to capitalize on synergies and deliver new and dynamic connected experiences powered by context.
Most fundamentally, digital identity makes it possible to take a customer-centric approach to business. By building trusted relationships and delivering more personalized and consistent experiences, companies can improve customer retention, strengthen their brand, increase their share of wallet and achieve competitive differentiation.
So, digital identity is the ultimate “vehicle for success” that must underpin the new mobility. To have a clearer understanding of that role, it’s helpful to review a few of its core concepts.
The fundamentals of digital identity
Digital identity can apply to things as well as to people. This is important to keep in mind in our world of connected devices and things. Just as businesses and systems need to know who they’re interacting with, a thing (such as a connected car) needs to be able to recognize another thing (such as another car, a charging station, a drive-through payment terminal, a tollbooth, etc.) to enable secure new mobility functions and experiences.
Authentication is simply the trusted recognition of the user’s digital identity: Who is this? Is it really who he claims to be?
Authorization goes one step further: Based on their authenticated digital identity, what should this person be allowed to do? What applications and data should he be able to access based on factors such as his business role or relationship, customer subscriptions, account status, current scenario and so on?
Single sign-on simplifies the customer journey by allowing customers to log in once for access to all of your applications that they’ve signed up for, rather than having to log in application-by-application. Frictionless login across applications isn’t just convenient; it’s also fast becoming an industry standard. Meeting this expectation is increasingly important for maintaining a brand’s credibility and trustworthiness.
Federation extends single sign-on beyond your organization to encompass your ecosystem partners as well. In addition to making life easier for customers, federation positions your company as a trusted identity provider and go-to access point for a broad range of content and services.
Simple multifactor authentication is, as its name suggests, the use of multiple factors to authenticate who someone or something is. Multifactor authentication typically uses a combination of identity types such as something they know (e.g., a password), something they have (e.g., a key fob or an iPhone app) and something they are (e.g., biometrics, such as a thumbprint or retina pattern).
Privacy is critical. Personal digital data is precious — customers have to be able to trust you with theirs. As the number of connected devices and things grows, companies must be able to secure the user experience wherever and however services are used, tailor it to the customer’s data-sharing preferences and ensure that their data is never used in a way they haven’t approved.
Security becomes more challenging all the time — and more important. As consumers become more mobile and do more online in more ways, businesses need to ensure continuous protection not just at login, but throughout each digital session. This includes responding to threats in context by asking for additional identity verification when something unusual takes place, like a resource request from an unfamiliar location or device.
From IAM to CIAM
Initially, digital identity was used primarily as a way for businesses to control access to their systems by their own employees. Based on your digital identity, verified through your username and password, you would be granted to the appropriate applications and data for your role. By the same token, you would also be prevented from accessing applications and data that you shouldn’t, aiding customer privacy and security.
Digital identity also makes it possible to track your behavior over time, helping companies meet requirements for auditing, regulatory compliance, internal security and the like. Within the tech industry, technologies to manage digital identity fall into the identity and access management (IAM) category.
Digital identity has now expanded to encompass personalization and quality of experience as well. As any successful business knows, the better you know your customer, the better service you can provide, helping you drive loyalty, growth and revenue. The personal information customers share with you to establish an identity with your organization, complemented with personal data from additional sources, helps you understand their individual needs more fully.
This in turn helps you cross-sell, upsell and deliver more personalized experiences. Of course, security and control remain paramount as well. Reflecting the customer-centric orientation of this way of thinking about digital identity, this technology category is called customer identity and access management (CIAM).
How digital identity adds value for new mobility
There are many ways the tools we use to provide and protect a secure digital identity can add value to the present-day development trends in connected and autonomous cars. For example:
Personalization and services: Feature on demand
For the most part, today’s cars are personalized during the purchasing process — not afterwards. If buyers subsequently wish they’d opted for more horsepower, matrix-LED lights or additional connectivity or GPS features, their only option is to try their luck with expensive after-sales projects. With digital identity, both owned and shared connected cars can allow flexible personalization of their software-enabled features on either a per-ride or ongoing basis. The identity of the user is linked with the identity of the car to sync the user’s preferences with the car’s configuration and trigger the corresponding monetization processes.
Identity for privacy and compliance
Some connected car capabilities raise delicate issues for user privacy. As part of predictive maintenance, a car’s ECUs may push alarm messages to the carmaker’s back end to signal a problem with the engine, gearbox or brakes. This message can include driven speeds, gear and RPM history, and geographical locations. And there’s the catch: A driver or user may appreciate the alert there’s something wrong with the car and where to find the next garage, but may not necessarily want to share information about how the car is being used. The carmaker needs a way to let users and drivers choose which data to share — a preference that can be linked to their digital identity.
Connected car security and safety
A modern car’s functions and features are controlled by upwards of 100 complex ECUs whose interaction is critical for the safety of the passenger and of the car. Equipping each ECU with its own unique and secured digital identity makes it possible for these control units to identify themselves to each other when sending messages, helping prevent hackers from injecting malicious messages to cause malfunctions.
These examples show how much even today’s connected cars depend on secure identification of different parts of the cars to each other, as well as of the entire car to its driver or owner, to ensure both a good user experience and the protection of the data being generated during each ride. Designing digital identity and its corresponding tools into the vehicle from the very beginning provides a vital backbone for security, privacy and monetization.
Identity use cases in new mobility
As the industry moves beyond connected cars to fully realized new mobility services, federated digital identities will play an increasingly important role, as illustrated in this next set of examples.
Bring the end user’s digital life to a connected car
One of the most important targets of the industry is to bring the digital life of the user into a connected car — to enable the same set of services during physical mobility as at home or in the office. To make this simple and frictionless, carmakers need to provide a version of single sign-on into the “car as a service,” linking the authenticated sessions of various digital services to the car for the duration of the journey. Digital identity will provide the mechanism for this seamless yet secure experience.
Enable the best user experience for car-sharing or ride-hailing services
User experience is a prime factor in people’s willingness to use shared vehicles rather than their own personal car. Federated mobility services will allow people to handle every part of the journey using a single app, from summoning their vehicle of choice to payment at their destination, with streaming media, GPS and other connected services along the way. The same app even works across fleet providers — no more separate apps for each car sharing or ride hailing service.
Make the connected car interact with the smart city
The examples above illustrate the links between users, services and preferences. As a next step, the car and the driver need to securely interact with the infrastructure of a smart city, such as identifying the car and payment at the charging station, autonomous parking, tolls and so on. Here, digital identity goes beyond the relationship between the car and the driver to manage the interaction of the car and driver with the world around them based on secure authentication.
As we see, digital identity is more than just a mechanism to secure and authenticate cars and devices; it’s also a foundational tool for enabling the entire new mobility and smart city ecosystem. Service providers offering digital experiences from the connected car to payment can collaborate to deliver new mobility services which are solidly built upon the security, trust and interoperability of digital identities across business domains.
That’s vital in building the most critical element of new mobility adoption: the ultimate trust and confidence of new mobility users.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.