Webinar: Building Trusted Journeys in the Digital Identity Era

[00:00:01][Music] All right, let's let's kick it off.

[00:00:14]Uh before we begin, a few housekeeping items. Um if there are any audio issues, please try dialing in using the numbers provided in your invitation. Also, feel free to submit your questions live in the chat during our presentation. We'll answer them in the Q&A session at the end or our team will address them as we go. This webinar is being recorded and we'll send out the link over the next few days.

[00:00:39]My name is Henry Padishman. I'm executive VP of identity verification solutions at Regular and I will be one of the two presenters for this webinar.

[00:00:48]Just a few words about our company. Uh Regular has been in the industry for over 30 years. It was founded in 1992.

[00:00:55]It all started with manufacturing of devices for banknote authenticity and ID verification purposes. From the very beginning, we've had all our research and development 100% inhouse, which allows us to control and guarantee the quality at every step of the verification process. Currently, more than 80 countries borders are equipped with regular solutions and devices.

[00:01:18]Also, we proudly offer the most comprehensive library of identity documents from 254 countries and territories that is being used by thousands of our clients around the world. Now, I will hand over to my co-presenter for today, Ken Eert, CTO of Indisio.

[00:01:35]Take it away, Ken.

[00:01:37]>> Hi. Uh, thanks. Just a little bit about me. I've been involved in decentralized identity since uh working on the standards at uh the W3C to help define some of the decentralized identity um uh present uh protocols and uh credential formats. Uh and I'm involved in Indicio as the chief technology officer there to help implement these technologies. And Disco is a company founded in 2020 um to bring the world of decentralized identity to governments, industry and uh enterprises around the world. We focus uh primarily on travel and hospitality, financial services, uh enterprise solutions and education um with varying types of credentials in each of those different industries. The ecosystems that we support support all of the things necessary to have a decentralized identity uh system and solution up and running. Um and its applications are broad including passwordless login, document authentication and biometrics u and AI verification. We partner with major organizations around the world to deliver these mechanisms uh including regula to offer a combined solution that's very powerful.

[00:02:54]Fantastic. Thank you, Ken. And um now let's get started with our webinar.

[00:03:01]Why digital ID matters? Well, in today's world where many interactions are now online, we need a useful, inclusive, secure, and fitfor-purpose way to prove our identity electronically whilst keeping the choice of when and where we want to do this. If this can be achieved, it will make things easier for citizens, businesses, and governments and will enable significant economic value by facilitating easier access to goods and services. In fact, in an ideal world, it should be a basic right of every person to have a digital identity that is recognized everywhere.

[00:03:38]In their latest predictions, Gartner expects a very significant uptake in the use of digital identity with at least 500 million smartphone users making regular verifiable claims using digital ID with both user and business benefiting from the use of these technologies.

[00:03:57]A bit of history. So let's let's have a look at uh the evolution of digital identity.

[00:04:05]So if we take a step back, um the evolution of identity documents from traditional to electronic forms has been shaped by technological advancements, societal needs, and security concerns.

[00:04:16]Not long ago, there were documents that didn't even have photos. They still exist now, but there's still and they're still paper based documents like birth certificates, social security cards, and government issued ID cards. In the mid 20th century, a layer of security was added. Photo photographic IDs appeared, making it harder to impersonate someone.

[00:04:37]The next step to consider is once the standardization and security features are in place, such as holograms, watermarks to enhance the authenticity of identity documents and barcodes allowing for quick scanning and verification.

[00:04:53]Another step was digitalization of identity documents. So smart cards and biometric data. These plastic cards contained embedded microchips that could store digital information securely.

[00:05:05]Then came the electronic ID. So eids, national eids, mobile driver's licenses, MDLs that can even store can be stored on smartphones. And finally we come to digital identity.

[00:05:19]Now let's have a look what um is being done to standardize how digital trust is built.

[00:05:26]Well, the regulatory landscape is vast and growing with many regions, countries, and even individual states within countries legislating their own data privacy laws, which in many cases are also sector or even use case specific.

[00:05:42]Europe is arguably the center of data regulations thanks to its landmark GDPR law, which has inspired nearly every other framework on the map. Ultimately, the aim of all of these laws is to secure privacy, user consent, and control over personal data, including identity elements like biometrics.

[00:06:06]One of the key challenges is that the existing standards in different countries issue digital credentials for different purposes and and they're not connected. This is a huge problem in making digital ID unified. It all started with the worldwide web consortium developing a new data model for identity called the credential model. Rather than having a single identifier, you have to use a set of credentials for different purposes. For example, passports, ID cards, driver's licenses, and payment cards. And in partic in in practice, you don't want to present your full physical identity information every time. So the verifiable credential data model is very much userentric with different forms of credentials representing your identity plus it is under control of the wallet holder so you can present the relevant credentials for various services. The W3C standard is shaping different approaches to using digital credentials.

[00:07:09]When it comes to holding your credentials on a mobile device, the ISO has provided a series of standards and frameworks for managing and interoperating your smartphone for mobile based digital wallets and credentials.

[00:07:21]This work was based on the standards for mobile drivers license. The experience has been generalized in this ISO standard and has been further adapted for use with the W3C credential model.

[00:07:36]Another one is the European digital identity wallet. The regulation entered into force in May 2024. The wallet supports the principles outlined in the EU declaration on digital rights and principles and will help fulfill the digital decade policy program target of 100% of EU citizens having access to digital ID by 2030.

[00:07:58]Currently, there are four large-scale EU pilots ongoing and all implementations should be done by 2026.

[00:08:06]The European digital identity framework amends the EIDAS um regulation with the goal of creating a unified approach to electronic identification that works across every member state.

[00:08:22]As for the US, uh the National Institute of Standards and Technology, NIST, has released updated guidance on a wide range of methods people use to prove their identity, from digital wallets and pass keys to physical IDs. The draft guidelines aim to help organizations manage risk associated with digital interactions while making it easier for individuals to use digital identity successfully, including when applying for government services.

[00:08:52]Let's have a look at what is driving the adoption.

[00:08:56]Well, digital IDs are poised to revolutionize sectors that rely heavily on secure and efficient identity verification.

[00:09:04]One of our survey results predicts the most significant and fastest benefits are are in online financial transactions, online account opening, and e-commerce, reflecting a strong expectation for these technologies to enhance user experience and trust.

[00:09:21]Particularly in the UK, 50% of respondents believe egovernment services will see the greatest improvement, more than any other country surveyed.

[00:09:31]This shift towards digital IDs promises not only to streamline transactions but also to bolster security illustrating pivotal advancement in how we interact with services daily.

[00:09:42]As expected, the use cases for digital ID are at this stage identical to use cases for traditional ID verification.

[00:09:50]So we're talking things like online account opening, remote customer on boarding, egovernment services, online financial transactions, healthcare service access, age verification which is quite a hot topic in a number of countries around the world at the moment. Crossber services, mobile device access, workplace access and remote work, e-commerce transactions, travel and hospitality and remote educational services.

[00:10:19]Digital identity is already augmenting traditional identity verification processes such as KYC and financial services, pre-authorized travel and seamless border crossing and hotel and airline reservations and check-ins.

[00:10:35]Now I will hand over to Ken to talk about interoperability and trusted frameworks. Take it away Ken.

[00:10:41]>> Thanks Henry. Um identity fraud is one of the main drivers that is uh causing the interest in this new technology and that is to um address some of the limitations of traditional tech. Uh manual verification databases that are held within individual organizations and static credentials are a big problem in creating vulnerabilities for these types of systems. the digital ecosystems are uh requiring that we step up our game and improve those technologies in order to uh provide a more secure and privacy preserving environment.

[00:11:21]Um if you look at the current systems uh with their um legacy verification and phone home mechanisms in order to verify a person's identity, there is a big difference in the functionality, speed and security of the new systems. The new systems are based on cryptography and a verifiable credential held in a digital wallet. This allows for uh crypto cryptographically verifiable data to be held in a wallet in a tamperproof form that can be shared anywhere online or offline and authenticate uh by a verifier or relying party anywhere they they they need to and that's a huge leap forward in in um providing benefits to all the parties concerned.

[00:12:11]The essential um items that need to be included in a verifiable credential ecosystem are the verifiable credentials themselves. Uh things like a digital travel credential or a mobile driver's license or other type of identity. So the credential is is a key to this to being able to encapsulate the data and have it be shared. Uh DIDs are also essential to this. A DID is a decentralized identifier and that helps both establish and maintain relationships between parties whether the parties any entity an entity could be a government an enterprise a person uh a smart car a uh an IoT device any any of those types of things can have an identity and uh hold credentials in their own uh wallet. Uh the wallet is the place where uh the DIDs are stored and uh and also the verifiable credentials. A secure mechanism uh allowing uh cryptographically secure uh storage of the of that data so that it can be shared when and where the user wants to share it.

[00:13:18]Uh verifiable credentials are can be thought of uh as a container or a box that you can seal any kind of digital information in it. And uh the contents can't be changed without um breaking the seal essentially or the the signature.

[00:13:34]And so um the detection of any tampering can be immediately notifi noticed by the verifier. Um because the credentials are signed, you can uh trust that if it's signed by a party you trust, then you can trust the contents of that verifiable credential. Uh an essential part of this is the mechanisms for um sharing the data in a privacy preserving manner. Uh such features as selective disclosure where you're only revealing a certain set of attributes instead of the entire uh credential or predicate style proofs where you say I can prove my age is over uh 18 or 21 without revealing my exact birthday. The cryptography supports all of that. And so it's a really transformative way um to up our game in how we authenticate and authorize and share data by providing that portable um seamless mechanism for the the the creation of the credentials and the sharing and verification of them.

[00:14:41]Um if you look at u a little bit about mutual authentication right now everybody's familiar with the old mechanism where I give my identifier to a website or uh an organization and they check out who I am uh by just comparing against their centralized database to see if if it matches. the in the new mechanisms that we do what is called mutual authentication using DIDs and or credentials in combination one can verify both directions I can verify that the site that I'm talking to or the the agent the digital agent that represents a a government or a business I can verify that they're legitimate and I'm not being fished at the same time they can verify uh my identity typically either through DID mechanisms for presentation of a verifiable credential and looking at the contents of that. And having that combination of a DID and a verifiable credential allows for flexibility in the the authentication mechanisms or extraction of the data for feeding into a policy engine uh for further authorization uh beyond the authentication.

[00:15:53]An example of a a high value government grade credential is a digital travel credential. Um a digital travel credential is a digitalized version of a passport. IO is the uh standards body that has developed the standards for how our passport booklets uh look and they also have standardized on a mechanism for what a digital version of the credential should look like. Uh the DTC or digital travel credential type one is the um a digital form of a credential uh passport credential that sits alongside of the paper passport booklet. It's embedded inside of the passport chip for those of you who have a chip in your passport. That data is signed by the issuing country and it can be verified.

[00:16:42]uh this is uh the types that have been we have been deploying around the world uh with our customers to uh assure that um the digital travel credential can be wrapped into a uh verifiable credential so it's easily recognized and transported over the interoperable protocols that are available to support that there are also two other types of DTC a DTC type 2 and a DTC type 3. A DTC type two is instead of deriving the credential from the passport booklet by a third-party organization uh such as the technology that we employ with um inco regular uh DTC type 2 the credential is issued directly by the issuing government into the wallet. It's compatible with and looks very similar to the DTC type 1 once it's in the wallet but instead of being derived it's issued directly. DTC type three um eliminates the need for um the um the paper passport booklet and can be directly issued again by the issuing country directly into a wallet.

[00:17:50]Currently the DTCC type 2 is um undergoing trials and early 2026 we'll start to see those being deployed by governments and uh um put into use. DTC type 3 is a little bit further away as people develop trust in the the mechanisms and the the methodologies.

[00:18:14]Um the creation of a digital travel credential using the regular technology and issuing it as verifiable credential using Indicio's technology is a very straightforward process. It starts with u uh taking a picture of the passport.

[00:18:28]This gives the ability for uh the chip to be unlocked and with NFC scanning to read the contents of the chip and pull it into the software. You combine that with a selfie capture and the biometric verification that allows for um the person part of it to happen and then both of those pieces of information are shipped to the a server side component where verification can occur. validation of the matching of the person's face with the photo in the passport chip. Uh background checks to make sure that the the contents of the DTC were signed by a valid authority. Um any other background checks uh that need to be performed can also be performed at that time. Once that's completed, um, it is packaged into a verifiable credential and then that credential can be issued to the holder who holds it in their wallet in a typically in a secure mobile device although cloud uh custodial wallets are available as well. But the that idea of doing this this happens in a matter of minutes and me talking about it takes almost as much time as actually doing it. if you if it if you can smoothly hold your passport and go through the steps. So, it's a really simple step. It can be done remotely. It can be done um in a very uh secure manner and then validated and issued.

[00:19:57]Once you have a a set of credentials, it's how do how do they get used? And uh in a in a larger ecosystem, you need to talk about governance. What does the governance accomplish? Government is a simple way to establish who's trusted issuer of which type of credentials. Um a machine readable format uh established uh by the decentralized identity foundation or diff establishes a format for a machine readable uh document that can contain all of the trust information. It can also have additional enhancements such as workflows identified in there. That same format can also be published by uh into a centralized trust registry such as those promoted by trust over IP which allows for API access to perform the validation that a trusted party is there. Uh a third mechanism in common use is a use of certificate-based authorities to allow for establishment of trust. All of these are to provide the idea of who is a trusted issuer of that type of credential and they can be augmented by an individual verifier's decision to say in addition to the ones in the trust list I also have a set of uh trusted u credential types or uh other issuing authorities that I will trust and they can be combined for a a tailored experience for the verifier. The verifier can uh uh in that ecosystem that the the governing agency publishes to either to a ledger or to the internet or into a repository the trust uh mechanisms those can be looked up by any of the participants uh the issuers holders and verifiers to to make sure that the parties that are involved can be trusted to take the actions that they're going to take. It's particularly important for the verifiers because they're the ones who are going to make a decision based on the contents of a of a credential and they want to know that that credential is legitimate and it's of the type and from a source that they trust and so they they rely heavily on um a governance being published. Um the manual authentication mechanisms before um um are now replaced with mutual authentication in the in an ecosystem that allows for um both parties to know who they're talking to before they start sharing the data. That is a way to to uh remove fishing attacks. It's as seamless and very uh efficient for the end user.

[00:22:26]Simple UI and UX experiences can indicate to uh the parties that the trust has been established before data is shared. That leaves the control with the people and the organizations over their identities uh and international travel. This has been demonstrated and in live use with um a travel example. This one involves uh the government of Aruba and Sitta, partners of Indicio and Delta Airlines.

[00:22:58]Delta Airlines incorporated the technology uh from Regula and uh Indicio into their their uh mobile app and use this to facilitate travel with preclarance of travelers before they leave home. They know that they're going to be pre-clared to cross the border in Aruba. This allows for a higher level of confidence, fewer fines for the airlines. um and a much much smoother experience for the passenger as they interact with multiple checkpoints where they have to present and use their identity. Because biometrics were incorporated in the credentials, it makes for a face recognition uh mechanism to establish who the person is and to and to bind that to to their identity data that they'd shared prior to their trip. This is a a much smoother and faster way to move people through the the travel experience and it's much more secure. And this was the first interaction demonstrating both two forms of the digital travel credential. One is a DTC type one um and another as the IATA one ID. This was used seamlessly between the the different parties involved there. The user doesn't know that they're using two different protocols, two different representations. They just know that their data was interoperable and was securely shared with the appropriate parties and they don't need to know all the technical deals of the cryptography or the protocols underneath.

[00:24:28]>> Fantastic. Thank you. That was very insightful. Um now if um you could take us through our joint value proposition.

[00:24:34]>> Sure. This is really fun because uh the combination of Regula and Indicio gives you end-to-end digital trust. Regular has that uh trusted identity verification component and they have a mechanism for life cycle management of of the the flow of that data. Once the data has been extracted and is now available and verified, it can now be put into a uh a credential a verifiable credential format when that infrastructure allows for its broad sharing. So on board once, reuse the multiple credentials for a trusted experience and a smoother experience uh while preserving the individual's privacy and you have government grade identity at and a combined package.

[00:25:24]Um so the again the passport chip to the verifiable credential is a very smooth process. Uh you're you're taking a photo of your digital uh travel your your passport page. Um they're scanning the MZR the machine readable zone and the the OCRing that allows it unlocking of the NFC chip um for capture of the data in the chip. Uh a selfie and livveness check allow for binding of the biometrics to the person. Um that's sent to a back-end server for comparison and validation. and then a DTC can be uh created and shipped to the mobile uh wallet whether it's in a standalone app or embedded in an existing app and that allows for that quick um onboarding mechanism in a highly secure way and away we go.

[00:26:16]Uh once the the uh uh the document scan and validation, PKD check and livveness check are done uh regular has um orchestrated all of that. They incorporate the indices proven software to issue that that as a credential and it's sent to a mobile wallet. The user now has the credential in their wallet.

[00:26:38]They can use it to present to in the travel use case for crossing a border or for financial services. They can use it for onboarding to a new account or logging into their account for secure access. Uh the use cases are are multitudinous. Um in addition to DTC's you can have uh for instance uh um boarding passes, loyalty credentials, uh vouchers for free meals and hotel stays if if the flight's been delayed. All of those types of credentials use the same technology and can be incorporated into a system to provide a more comprehensive experience for the end user.

[00:27:17]Uh using biometric um credentials and the infrastructure that supports them makes for a faster and more secure in infrastructure for um validation of a of a user's identity and their data. Now once the the data has been uh through the the the regular process of the livveness check and the and the uh document scanning the biometric data doesn't have to be stored in a centralized database. This is important for areas and jurisdictions around the world which are increasing uh that don't allow private enterprise or anyone else to keep um centralized databases of biometric data. This means that the data can be embedded in the credential, presented and then used uh at point of of use rather than storing it centrally.

[00:28:06]It also removes the honeypot of data that attackers would just love to to get their hands on. Now they would have to attack everyone's individual wallets to gain all the access to that same information. Um the backend systems that that uh uh do this can and can can have audit information in them but that allows for the elimination of centralized storage.

[00:28:30]Uh once the data is in that credential it can be presented. So once regular has issued that as a as a um as a credential now the DCO verifier software uh upon presentation can take the data verify its origin by its signature and then extract the biometric data and do the comparisons either biometric or just looking at the contents of a credential.

[00:28:57]Either case is supported or both in in uh depending on your use case. And then the again once again you have APIs for back-end systems and audit uh trails and things like that.

[00:29:11]So Gardner has warned us to prepare for a chaotic period of consolidation in this digital credential uh infrastructure but and they recommend that you choose a vendor with a track record of early success in supporting these diverse use cases. uh Indicio and Regula together are a combination that is the among the very earliest the the earliest to deploy this type of credential uh system and uh we have a good track record of success with our our companies getting them to scale production systems.

[00:29:46]>> Thank you Ken. Um once again that was um very very insightful and hopefully our audience find um some very interesting content within that because um the industry is certainly moving very quickly.

[00:29:59]Now let's talk about something that um we at regular believe is critical in today's identity landscape and that is orchestration of the identity life cycle.

[00:30:11]Um today's reality for most organizations is this patchwork of disconnected systems, separate tools for document verification, biometrics, AML checks, livveness detection, reporting and workflow management. Each of these systems might come from a different vendor with different APIs, maintenance schedules, and um compliance rules. The result, well, complexity, inefficiency, higher costs, and most importantly, risk. So, this chaos makes it incredibly difficult to maintain consistency and assurance in how identities are verified. And that's where Regular's approach begins to change the game by bringing order and control back to identity verification.

[00:30:57]So, now imagine replacing that tangled ecosystem with one unified platform.

[00:31:03]Regular IDV platform integrates all critical components as a single vendor solution from document verification to liveness detection into one cohesive environment. This gives organizations full control over the verification process across all channels web, mobile, desktop or kiosk that can be regulars or any third party. Instead of juggling multiple systems, everything is orchestrated in one place. workflows, AML checks, reporting and integrations, all synchronized and compliant. In short, you get flexibility without fragmentation.

[00:31:43]With Regular's platform, you can verify identities instantly through advanced document and biometric checks. You can manage user identities securely, ensuring the personal data is protected at every stage. You can orchestrate workflows and create customized scenarios, adapting identity verification to your unique business requirements, whether it's onboarding, KYC, or travel authorization.

[00:32:08]And of course, you can comply effortlessly with international regulations through built-in data protection and audit capabilities.

[00:32:17]It's about transforming identity verification from a technical process into a trusted, scalable business enabler.

[00:32:26]And this flexibility extends across every point of user interaction. Whether it's remote on boarding through a web or mobile app, a self service kiosk at an airport, or a manager verifying documents at a desk, all these touch points feed into one secure identity verification platform.

[00:32:45]Regular technology connects seamlessly with any input source. webcams, RFID readers, document scanners, fingerprint devices, you name it, while maintaining consistent performance and data integrity. This interoperability means that no matter where verification happens, you get the same assurance, the same accuracy, and the same trusted result. And this is exactly the level of assurance required when integrating with decentralized identity systems like in DCOS together forming an end-to-end trust framework.

[00:33:20]As we wrap up today's session, let's take a step back and look at what all of this means in context.

[00:33:27]Digital identity is isn't about replacing physical documents. It's about enhancing them. It's about building a bridge between the trusted verified physical world and the convenience of digital interactions. Presence of physical documents remains integral to identity verification processes underscoring a harmonious coexistence of traditional and modern authentication methods.

[00:33:52]Unified global standards implementation is essential. This rallying cry lays the cornerstone for a truly integrated global digital framework fostering trust and collaboration across borders.

[00:34:05]Digital IDs is not about replacing physical documents but enhancing them.

[00:34:10]Biometric checks are an important part of IDV systems and must be done on the business side. Widespread adoption and positive perception.

[00:34:20]We discover significant endorsement of digital ID technologies across multiple sectors.

[00:34:27]On that note, thank you for watching our webinar and now we'll be happy to answer your questions. I see there are a few of them in the chat.

[00:34:38]Let's have a look.

[00:34:42]Okay.

[00:34:46]Question here. How can you verify the authenticity of a biometric linked verifiable credential without needing to reexpose biometric data?

[00:34:57]Ken, do you want to take that one?

[00:35:01]>> Sure. Um the biometric do data can be either um shared in its raw form or as a template that uh has the the mechanisms for a verifier to do the matching that can be shared ahead of time or at a point of verification to allow for the the verifier to load up the the data for comparison. it you have to obviously share some component of the biometric data if you're going to do a biometric comparison and that can either be done centrally in the as it's done today or using verifiable credentials can be shared in a secure way uh with the consent of the end user to share it for day of use or whatever purpose that they're going to share it.

[00:35:54]>> Great. Um, next one we've got is, "What would you recommend to be practical steps a company can take to start adopting verifiable credentials without having to completely overhaul their existing infrastructure?"

[00:36:09]I think that's another one for you, Ken.

[00:36:11]>> That's a common question. How do you get started? And um, you don't need to throw out whatever you're doing right now. In fact, we don't recommend that. We recommend that you start small introducing verifiable credentials alongside what you're already using. So you might issue a verifi verifiable credential after completing your KYC check that you're doing with your current system. Then you can reuse that credential multiple times for repeat verifications without having to redo the onboarding process. The beauty of that mo model is its interoperability and extensibility. You integrate verifiable credentials via the APIs or SDKs, connect to the whichever decentralized network you're using, and expand from there. You can start with one credential type and then add additional credential types as um as your use case sees um necessary or beneficial.

[00:37:05]>> Great. Um another one here you mentioned using biometrics and document validation to strengthen verifiable credentials.

[00:37:14]How effective is this approach in combating deep fakes and AI generated identity fraud? Well, that's that's probably one for me. So, this is actually where regular technology really shines. Um, deep fakes and synthetic identities um are a serious threat, but they depend on falsified digital inputs.

[00:37:32]So by combining biometrics and document livveness detection, document validation, signal source and injection checks, we make sure that the person and the document are both authentic before any credential is issued. So once those verified attributes are converted into a verifiable credential, they become tamper evident and cry cryptographically bound to that individual. So the result is what we call government grade digital identity resistant to AI generated fraud and it is trusted across borders which are probably the most highly regulated use case. So that was a good one. Um okay what else have we got? Um how customizable are orchestration workflows in your platform?

[00:38:23]Well extremely. So pretty much anything you would like to do you can do within the platform. So you can easily configure workflows. Uh it's an intuitive interface. Um you can define all the different checks to run different document verification processes livveness detection biometric matching uh sanction screening. You decide the order of how everything works and when it works and for which use cases. So rules and logic can be adjusted dynamically as well. based on your business, the risk level, geography, document type or customer segment. So, um an example is financial institutions might run a lighter verification for returning customers but um enforce full biometric and document validation for new accounts or high-v value transactions. Um and similarly, travel partners can trigger passport validation and DTC creation in one automated flow.

[00:39:22]Um okay.

[00:39:26]Uh is it possible to issue digital ID within your platform? Yes, the answer is simple. Yes, it is absolutely possible to issue a digital credential within regular ID platform. Um it handles the identity proofing and verification stage. Uh verifying the authenticity of documents, doing all the livveness checks and all the other checks that are required. Once that identity is verified um and trusted, digital credentials are linked to a user profile and can be securely packaged and issued as a digital ID or verifiable credential um and integrated through systems like indicoss to be decentralized and ident and available.

[00:40:11]Um what else have we got? Um, how is a credential verified if there is no direct integration into the issuing source of the credential?

[00:40:31]Ken, do you want to take that one?

[00:40:34]>> Sure. The mechanism used by the verifier or the relying party is that they um receive a presentation of the credential through a secure encrypted channel from the holder of the credential. Once they've received that presentation, they use the contents of the presentation to look up um the issuer of the one or more credentials that were presented and see if that source that did for instance that was used to sign the credential is a trusted source for them for that type of credential.

[00:41:08]The governance mechanism could be a decentralized ecosystem file published as a document that they can cache locally on their uh system. So they can do online or offline verification of that data or they can have a an API that they call such as that supported by trust over IP or they can look up the the um certificate and uh see that the data came from a trusted source. because it came from a trusted source and it's signed, they don't have to phone home or uh call back to the issuer. That allows them to independently without tracking or user correlation to validate that the data is indeed comes from a trusted source. What's in the credential? they can now take that data out of the credential uh whatever parts were presented in the presentation use it in their business logic and workflows to say okay I've received the the data from the credential I trust the credential and now I can act on that data to either accept or reject the person based on the contents of the credential so that that gives a simple mechanism for verifiers whether they're server-based or mobile to do those lookups and and establish that trust Great.

[00:42:23]>> Um, here's here's a common question. Uh, when you mention decentralized ids, do you mean it's using blockchain?

[00:42:31]>> Not necessarily. There are some protocols and representations and uh ecosystems that rely on blockchain. But there are also web-based mechanisms for publishing that same type of material.

[00:42:44]So whether you're using a blockchain to uh secure your DID documents, your schemas, your revocation lists or or registries or you're using the web to do such a thing. Um both mechanisms are supported and depending on the credential type and the protocol you used. You may use the a blockchainbased system or you may do something that's completely web- based like did web or um other mechanisms like that that are nonblockchain but they still implement the same basics of verifiable credentials.

[00:43:20]>> Yeah. Um here's here's one. I'm curious what your pulse is on adoption of verifiable cred credentials digital documents such as which industries or regions you're seeing demand.

[00:43:34]>> From where we sit, we see demand worldwide. There are some regions that are more aggressive and and moving faster than others. Europe is moving to pro provide um this uh verifiable credential mechanism to all of its citizens hopefully in 2026.

[00:43:53]So they're moving very rapidly. Other organizations are catching up and u implementing this but all regions are seeing this. We've seen uh we don't have any customers in Antarctica but every other region of the of the world is deploying these types of credentials in their various sectors are adopting depending on their needs. So um travel has need for high um levels of assurance financial services is right there with them. uh but educational credentials other industries it's very flexible and then the suitability for this for many industries is is the driver and you're seeing a widespread adoption >> I very much agree with that um I think Europe is probably leading the charge at the moment um and um it seems to be driven a lot by use in regulated in highly regulated industries um because they seem to have a higher need and therefore the higher need creates the demand and the source. Um there are quite a few more questions but I'm just being conscious of time so I think we will definitely answer the rest of the questions but they'll be answered in our returning um emails that we send out. So all of the questions will get answered.

[00:45:19]There are quite a few more but um in the interest of time I will leave the questions there and um that's really all for today and we will follow up on those questions that were unanswered. I would like to thank you all for your great participation in our webinar. Please do not hesitate to contact us after the webinar in case you have any additional questions because we will certainly be happy to assist. Thank you very much Ken and thank you all for participating.

[00:45:49]Thank you. Uh, it's been a pleasure to be here today.

[00:45:55][Music]