Digital ID: Between eSIM, 5G, Wi-Fi and Enterprise Systems
From eSIM to digital persona
+ show more
Business white paper
A Strategy Analytics white paper sponsored by Hewlett Packard Enterprise
Users today are forced to deal with a dizzying number of devices, applications, and subscriber identities (IDs) and multiple separate authentication mechanisms.
To make digital life possible, a new simpler approach is required.
Digital ID offers that approach.
Digital ID provides a mechanism for seamlessly mapping multiple devices, applications, and subscriber IDs to their relevant authorized applications and network services.
Making eSIM and other devices easy-to-activate and users easy-to-authenticate everywhere would create a truly personalized experience that will reinforce service brand loyalty across multiple access technologies and stimulate usage of new digital services.
Digital ID puts identity at the core of everything digital and the communications service provider (CSP) at the center of every user’s digital world.
CSPs should move now to join the race for new revenue from both wholesale and retail authentication services.
Introduction—Digital ID to simplify digital life
In 2020, the average user must deal not only with multiple devices and an ever-changing array of applications (apps) for both personal and work use but also with multiple cloud and third-party portals, for example, for banking and payments.
The user should also deal with multiple communications access networks from cable, fixed telco, Wi-Fi, and mobile service providers.
As a result, users have been forced to deal with a dizzying number of IDs and authentication mechanisms. To make digital life possible, a new simpler approach is required. Digital ID offers that approach.
Digital ID provides a mechanism for seamlessly mapping multiple device IDs and subscriber IDs to their relevant authorized applications and network services. As digital communications evolve from being network-centric to person-centric, digital ID becomes ever more important. Digital IDs need to be unique, verified, authenticated, assured, and managed with protection for user personal data and privacy.
As Figure 2 indicates, over 3.4 billion of the 7.6 billion people in the world have some type of digital ID but no digital trail, while 3.2 billion already have both an ID and a monitored environment or trail. 1
The total digital ID market has been estimated to grow to over $30 billion in the next five years, of which service providers could potentially capture $7 billion from authentication and related secure services. 2
Diversity of Digital IDs
Digital IDs have proliferated everywhere. Today’s digital systems often require unique digital IDs and authentication mechanisms for every device, application, service, and network access.
Some of these IDs may be limited to specific domains since most users operate in a home place and a workplace, each of which has a wide range of domain-specific device IDs, service IDs, and network IDs.
The coordinates of the digital landscape
The COVID-19 situation catalyzed the adoption of digital best practices for zero-touch interaction between humans and machines.
Today we’re observing an unstructured and rapid approach to remotization of services, in particular of fundamental public services (for example, school, healthcare, and so on). This will trigger the next step to a more structured solution approach, thus opening a big opportunity for communications service providers (CSPs) at the edge of digital life.
It is easy to envision that the CSPs would be pivotal in redefining the digital life space—a place where people, employees, and objects live when they are engaged online and interacting with others. CSPs would drive the evolution of the life space as an ultra-dense environment delimited by 3GPP (all generations) and non-3GPP (for example, Wi-Fi 6) areas through multiple devices, multi-ID and credentials, and online service providers where communication and interaction occur on a universal ID basis.
Such a space is characterized by the proliferation of devices (eSIM and non-eSIM) and platforms connected regardless of format, either by wireless type (Wi-Fi, 4G, 5G), location (workplace, home place), or purpose (working, leisure).
The digital life space can be subdivided into two subspaces—the digital workspace and the digital home space.
- The workspace comprises a wide range of connected products/services. Devices that support mobile or remote work (smartphones, tablets, wall and interactive desks, and wearable devices), mobile, and cloud enterprise applications, unified communication solutions and collaboration (UCC), security tools for managing identities and user access, networks, systems, and transmission infrastructures.
- The home space is more enriched, closely matching the wide array of leisure time activities tied to the personal sphere of the user. There are other tools besides mobile devices, such as smart TV and set top boxes, e-readers, and others that provide user access to smart Internet of Things (IoT) services in the domestic sphere (home automation and entertainment). It also caters to citizens (security, tourism, culture, and mobility) and education (interactive learning, and e-learning).
Digital users oscillate between the two subspaces, depending on the time of the day and type of interactions.
Redefining customer segmentation on the digital life space
Addressing the needs and experience of such a user requires the newest definition of customer segmentation. Today’s common practice in the telecommunication industry is to segment the customer base on some attributes usually based on the type of services subscribed, for example, prepaid, post-paid, data only, and so on. So, none of the mentioned attributes is touching the digital dimension of the user, as it does not consider how and when people interact with each other and exchange content when both are electronically mediated.
From this perspective, we can consider two different category dimensions:
- Anthropological dimension: Digital native versus digital immigrant 3 versus digital agnostic categorization dimension—such categorization is based on user/generation attitude to use digital technology for getting engaged in online services with multiple devices (computers, mobile devices, wearable devices, handheld devices, and so on)
- Behavioral dimension: Digital resident versus digital visitors 4 dimension based on how they are projecting their digital identity onto digital space persistently or occasionally—more precisely, digital residents are members of the digital space, where they live, interact, open, and display social life on the web; whereas digital visitors are users, that get access to the digital space with a defined task and with the most appropriate tool to do it (laptop, smartphone, and so on), and are concerned about privacy and identity theft
For sure, digital behavioral categorization is a continuum as a user might take a resident approach in their private life but a visitor approach in their role as a professional and vice versa.
Non-native digital users have different requirements
In alignment with the said categorizations, we adopted the following simplified definition (blending some of the concepts mentioned in the previous section): Users can be classified based on time spent, proactive digital interactions, expansiveness, and attitudes to the use of digital technology in the digital life space. They are as follows:
- Digital natives are people who live, interact, display, and project their social life persistently as part of a digital ID.
- Digital visitors are people who do not project their profile due to concerns about privacy or identity theft and who use digital access for defined tasks.
Typically, digital natives are happy to deal with a wide variety of user interfaces (UIs) and many different IDs and authentication mechanisms, while digital visitors are intimidated by such complexity, and may even abandon their digital interaction, especially if they also do not feel secure. To become heavy users, digital visitors require experiences to be fast, seamless, and easy.
The objective of a digital ID solution is, therefore, to make the diverse digital IDs and the underlying system complexity sufficiently transparent to digital visitors that they can behave as if they were digital natives.
Identity and Digital ID
Figure 3 shows the complexity of today’s digital landscape and the myriad of required IDs, as it shows an additional dimension to the digital user experience. Here the innovation in access and connectivity technologies (5G and Wi‑Fi 6) is accompanied by a proliferation of new devices, wearables, objects/things, and proliferation of online services, which are sophisticated in its usage and uptake.
From a user perspective (both enterprises and individuals), uptake and usage can only take place if supported by an adequately simple, secure, and privacy-protected digital ecosystem. This ecosystem should be able to select and execute on the user’s behalf, the right digital entity to access the right resources, at the right time, and the right place. This is supported by a user-controlled level of privacy to be exposed/shared for the right reasons. It should be understood as a core concept of the digital native culture, as it will play an important part in most future use cases.
The proliferation of services and devices results in a proliferation of authentication mechanisms, thus complicating both the user experience, as well as their management at the service provider side. What the customer wants is all the IDs to work as a single universal digital ID across multiple devices, services, and access methods.
Digital ID has been defined as a collection of features and characteristics associated with a uniquely identifiable individual (or entity)—stored and authenticated in the digital sphere—and used for transactions, interactions, and representations online.
Four types of components are required to create a digital ID. They are as follows:
1. Permanent identity
This is the identity of an entity: person, object, or organization, which can be viewed as the essence of that specific entity. It is often linked to a key characteristic, such as a fingerprint, DNA, serial number, registration number, and so on.
2. Unified digital ID (based on GSMA and FIDO definition)
The unified identity associates multiple devices, services, or account IDs with a single ID and access mechanism, to ensure all devices and IDs work as one. Universal ID is bound to the permanent entity that is entitled to use it, and in practice, is associated with a robust authentication mechanism, such as a public-private key pair where the private key is linked to only one permanent ID.
The unified ID provides the link between the physical and the virtual identities.
3. Virtual identity
This is the ID required for access to a network service, for example, a mobile station ISDN (MSISDN) for mobile communications or Passpoint ID for Wi-Fi. A virtual identity references a combination of network, service, OpenID, and device ID parameters to interact online with a digital network service.
All actual transactions on the network are conducted between virtual identities.
This describes the variable data or attributes associated with any identity and may contain information such as:
- Nature of the entity
- List of attributes on a virtual ID basis
- Subscribed online services
- Rules and/or policies to be executed for enforcing a transaction
- Network entities involved in an ID communication process, for example, device, application network function, and the authentication framework (for example, EAP-AKA) or database (for example, HLR/HSS)
- Service access credentials including password manager for lifecycle information
Mapping IDs to access services
To access a digital service as shown in Figure 4 the universal digital ID (U-ID) at service demand is mapped (resolved) to the unique physical ID and to the multiple virtual IDs, which in turn map to the metadata for the respective digital attributes. Finally, the requesting ID is authenticated for service access by the relevant service nodes using EAP-AKA, OAuth 2.0, AAA, and so on, as described in the other paper Digital ID – Functions and Building Blocks.
The universal ID requires an overarching authentication and authorization system for both 3GPP and non-3GPP access to digital services both on-net and off-net. That is what we refer to as the authentication hub.
Authentication hub allows digital visitors to operate like digital natives
The authentication hub is a distributed system that serves the universal ID scenario just described, by storing and resolving universal ID, the associated virtual IDs, and the metadata for the relying party, that is, device app, network app, and so on. The functional blueprint for the authentication hub is shown in Figure 5.
The functionality of the components for authentication, entitlement, and orchestration are described in detail in the earlier paper Digital ID: Functions and Building Blocks.
Reassembling into a universal ID use case
The proposed universal digital ID journey is an OpenID Connect-based approach, by allowing a user to select a universal ID to be used for their digital life-space experience by getting access to the service on a universal ID basis. Through OpenID Connect, universal ID-based services (such as digital passport for SSO, multidevice-multi-line TAS, universal ID provisioning, and more) get access, as relying parties, to universal ID resolution services. These are provided by means of Digital ID: Functions and Building Blocks that provide authentication, authorization, and identity services based on OpenID Connect, OAuth 2.0 , and other standards.
Universal ID would be a new service integrated in the CSP’s environment to be offered to the digital user for a universal log as shown in Figure 6.
Authentication hub in 5G environment
So how does the authentication hub fit into the 5G service-based architecture (SBA)?
Figure 7 shows the ID services as the top block, with TAS and IP Multimedia Subsystem (IMS), as well as other ID capable applications.
Typical service functions (SFs) and network functions (NFs) of the 5G SBA are shown in the bottom block, including the AUSF, UDSF, and UDR, which support mediation to pre-5G or non-3GPP authentication mechanisms using HSS, HLR, AAA, and so on.
The authentication hub in the middle provides SIM and eSIM management, resolves IDs, and controls access to the network, including access by non-3GPP applications coming from the cloud. Figure 7 shows the tuple request flow for application parameters that go from the authentication hub to the relevant ID services at the top.
The 5G network exposure function (NEF) uses OAuth 2.0 to communicate specific requests and responses to and from the authentication hub.
Note that the authentication hub uses the 3GPP TR 22.904 V16.1.0 (2018-09) standard, which will be part of 3GPP Release 16. This is an external TR that was designed to give visibility to GSMA, the prime customer.
Authentication hub anchors complete authentication solution for the digital world
As Figure 8 indicates, the authentication hub in conjunction with the universal ID delivers a complete authentication solution for validating identity and eligibility, and for providing subscription enrollment, activation and ID-based demand, consumption, and execution of services.
CSPs are uniquely positioned to offer Digital-ID service
CSPs—unlike cloud service providers—are considered trusted neutral third parties, who can operate under strict regulatory and privacy controls. Therefore, they are uniquely positioned to offer digital ID as a secure zero-trust service for:
- User device and app validation
- Authenticated access
- Service entitlement
- Instantaneous orchestration
Digital ID from a CSP allows users to operate completely independent of any single vendor or cloud portal. Figure 9 summarizes how CSPs can dramatically simplify multidevice ID, unified secure access, and ID-based communications.
CSPs can uniquely bring freedom of choice back to users by enabling them to control all of their own:
- Device selections
- Access locations
- Private third-party services
- Cloud apps
Digital world has recognized the critical importance of Digital ID
There has been a flurry of recent initiatives from diverse players and service operators that have recognized the value and the importance of supporting a unified digital ID.
Making eSIM and other devices easy to activate and users easy to authenticate everywhere can create a truly personalized experience that will reinforce brand loyalty across multiple access technologies and stimulate the usage of new digital services.
Three active players in the race to define and offer global digital ID service include:
- Linux® Foundation that is now hosting a digital identity project called Trust over IP (ToIP) to fix the web’s missing identity layer to improve how we use digital credentials to prove online identity.
- ZenKey, a joint venture of AT&T, T-Mobile, and Verizon Wireless, that focused on a frictionless trust and identity solution.
- Wireless Broadband Alliance (WBA), which has finally assumed control of open roaming for Wi-Fi with authentication options at any Wi-Fi hotspot, based on federated global Wi-Fi authentication and Passpoint.
The digital ID solutions described in this and earlier papers in the series are expected to be able to work with any of these or other emerging initiatives based on industry-standard interfaces.
The momentum for digital ID to enable multidomain authentication services across public and private mobile, fixed, and cloud services is accelerating
Implication—Digital ID creates customer value that
Digital ID puts identity at the core of everything digital and the CSP at the center of the user’s digital world. The CSP can, therefore, become not just the custodian of the personal identity, but also the anchor for all of a user’s devices, applications access, and secure services.
Digital ID represents a major opportunity for CSPs to become the neutral third parties for all ID management and everyone’s secure authentication broker.
About communications and media solutions, Hewlett Packard Enterprise
HPE has over 30 years of experience in the telecoms industry, with more than 300 telco customers across 160 countries. In the core, more than 700 million subscribers across more than 80 carriers depend on HPE Mobile Core software. HPE’s open telco solutions help operators evolve their networks and services to a 5G ready, cloud native, service-based architecture. As the edge-to-cloud platform-as-a-service company, our experience in hybrid cloud allows us to bring the cloud transformation and secure, carrier-grade, standards-based infrastructure to telecommunications networks. HPE was recognized by Frost & Sullivan with the 2019 Leadership award for Global 5G Infrastructure Enabling Technology.
Hewlett Packard Enterprise is the global edge-to-cloud platform-as-a-service company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open, and intelligent technology solutions, with a consistent experience across all clouds and edges, to help customers develop new business models, engage in new ways, and increase operational performance.
About Strategy Analytics
Strategy Analytics provides strategic and tactical support to global clients across the market and product lifecycle including consulting projects and white papers. Feel free to contact the author email@example.com with any questions on this report or for further details on how we can assist you.
Our solution partner
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. All third-party marks are property of their respective owners.
- 1 Digital identification: A key to inclusive growth, McKinsey Global Institute, April 2019
- 2 Source: Strategy Analytics research, February, 2020
- 3 Categorization dimension coined by Marc Prensky in 2001, to describe the generation of people born after the advent of widespread use of digital technology; by contrast, digital immigrants—those pre-dating 1985—are destined to be locked in a struggle to adapt to this new digital world order
- 4 Categorization coined in 2011 by David S. White, Alison Le Cornu in contrast to the anthropological approach of Marc Prensky.