ID Tech Digest – November 6, 2024

Welcome to ID Tech’s digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today:

TECH5 to Provide Livescan Tech to Virginia Police via $54M Contract

TECH5 has secured a $54 million, 15-year contract with the Virginia State Police to modernize the state’s biometric identification systems by deploying approximately 800 Livescan units. These systems will feature fingerprint, facial recognition, and tattoo capture capabilities integrated with Virginia’s Multi-Biometric Identification System (MBIS), enhancing data accuracy and cross-referencing across multiple databases. The Livescan deployment, set to roll out in phases, will include civilian and criminal processing kiosks using SaaS architecture for secure, cloud-based processing while adhering to criminal justice security standards. TECH5’s open architecture will allow integration with third-party biometric systems, facilitating adaptability in Virginia’s law enforcement infrastructure. The deployment is expected to reduce processing times at kiosks, benefiting both civilian and criminal applicants, and represents a major step in Virginia’s digital identity modernization, aligning with current standards in law enforcement technology.

IATA Demonstrates Fully Digital Air Travel in Hong Kong-Tokyo Pilot

The International Air Transport Association (IATA) has completed a proof-of-concept (PoC) for a fully digital travel experience, using digital wallets and biometric verification for a trial route between Hong Kong and Tokyo. This PoC integrates seven digital credentials, including ePassport, live biometric image, visa, and boarding pass, all stored and verified through blockchain technology to ensure secure, privacy-conscious verification across multiple jurisdictions. The trial, conducted at Hong Kong International and Tokyo Narita airports, involved technology providers such as NEC for biometric matching, and Branchspace and SICPA for credential management. The system leverages Verifiable Credentials (VCs), allowing airports and airlines to authenticate documents cryptographically without accessing personal data. IATA’s initiative aligns with broader digital identity trends, like the EU’s planned Digital Identity Wallets, and positions the aviation industry for a shift towards faster, paperless travel processes that enhance both security and convenience at international borders.

IDEMIA Public Security Names New Chief Technology Officer

IDEMIA Public Security has appointed Vincent Bouatou as Chief Technology Officer (CTO) and Head of the International CTO Office, effective November 5. With over 20 years of experience in identity and security technology, Bouatou previously held leadership roles in IDEMIA’s Research and Technology Unit, Global R&D, and Public Security & Identity divisions, and worked in Microsoft’s Higher Education and Academic Research Relations group. In his new role, Bouatou will lead IDEMIA’s technology strategy, technical governance, and artificial intelligence initiatives. This appointment follows IDEMIA’s recent recognition in NIST evaluations, where its facial recognition and fingerprint algorithms received high accuracy ratings.

Philippines Post Office Launches Digital ID System

The Philippine Postal Corporation (PHLPost) has introduced a biometric-enabled Postal ID system, integrating fingerprint and facial recognition to enhance the Philippines’ digital identity framework. Launched during PHLPost’s 257th Anniversary, the Postal ID features address verification technology that leverages a database of over 42 million Philippine addresses, ensuring accuracy in mail delivery and providing a reliable verification method for government and financial services. The ID includes a centralized address database, biometric security, QR code functionality, and integration with government databases. Mobile enrollment services have been deployed to extend access to remote areas, allowing on-site registration at community events. Future plans include adding digital payment functionality to the Postal ID, aligning with PHLPost’s modernization strategy to position the ID as a versatile tool for identity verification and digital transactions.

New Zealand Announces Digital ID Trust Framework

New Zealand is set to implement a Digital ID Trust Framework on November 8, 2024, establishing a structured, secure approach to digital identity services. Aligned with international standards like the EU’s eIDAS regulation, the framework mandates end-to-end encryption, secure data storage, and explicit user consent for data sharing, ensuring user control and privacy. Digital credentials will follow a decentralized architecture, stored on users’ devices rather than centralized databases, supporting self-sovereign identity principles. This model enables secure sharing of verified information for services like digital driver licenses and professional certifications. Minister for Digitising Government Judith Collins emphasized the framework’s role in securely managing personal information to reduce identity theft risk. The framework prohibits central databases or tracking systems, addressing privacy concerns and aligning with global best practices. Accredited service providers must pass security assessments to comply with privacy standards, supporting New Zealand’s broader digital transformation and online service initiatives.

Google Cloud to Get Mandatory MFA by 2025

Google Cloud will require mandatory multi-factor authentication (MFA) for all users by the end of 2025, aiming to strengthen security against phishing and credential theft. This phased rollout aligns with industry trends, following similar measures by Amazon Web Services and Microsoft Azure. CISA data shows that MFA can prevent 99 percent of automated attacks using stolen credentials. The rollout begins this month with notifications and resources for users without MFA. In early 2025, MFA will become mandatory for password-based logins on Google Cloud Console, Firebase Console, and gCloud platforms, requiring enrollment for continued access. By late 2025, this requirement will expand to all federated identity provider users, who can comply via their primary provider’s MFA or Google’s MFA layer.

Guyana Completes Feasibility Study for Biometric Voter Registration

The Guyana Elections Commission (GECOM) has completed a feasibility study on adopting digital biometric voter registration, estimating $20 million in equipment costs. Conducted over six months in 2024, the study examined the transition from Guyana’s long-standing paper-based system to a digital platform. Key benefits identified include reduced registration times and enhanced accuracy in voter identification, with immediate fingerprint verification aimed at preventing duplicate registrations. However, the study also notes challenges such as the need for reliable infrastructure, including power and internet connectivity across diverse regions, extensive staff training in all 10 administrative areas, and strong data security measures. Public education campaigns are also highlighted as essential for garnering support. GECOM plans to present the findings to Parliament in early 2025, with phased implementation potentially starting in 2026, an effort aligning with regional trends toward reducing voter fraud by up to 85 percent.

Tencent, Visa to Pilot Palm-based Payments in Singapore

Tencent and Visa have launched a partnership to pilot palm recognition payment technology in Singapore, an initiative unveiled at the Singapore FinTech Festival 2024. This biometric payment method allows users to pay by scanning their palm at terminals, eliminating the need for cards or mobile devices. Visa cardholders from DBS, OCBC, and UOB can register for the service at participating locations, with Alchemist café as the initial site. The system combines palm print patterns with vein recognition for dual-layer verification, enhancing security by requiring the presence of living tissue. Managed by Tencent’s Singapore subsidiary, Tencent SenseTech Pte. Ltd., the technology complies with Singapore’s Personal Data Protection Act, storing biometric data locally. The move mirrors similar biometric payment trends in Southeast Asia, with Mastercard and NEC recently partnering on related technology.

Mastercard Looks to Streamline e-Commerce with Payment Passkey Service

Mastercard has introduced its Payment Passkey Service, a biometric authentication system that removes the need for one-time passwords (OTPs) by using device-native biometric capabilities. Unveiled at the Singapore Fintech Festival, this service combines tokenization with biometric authentication, allowing users to confirm online purchases through their device’s biometric sensors rather than manually entering OTPs. The system adheres to EMVCo Secure Remote Commerce standards and FIDO Alliance protocols for passwordless authentication, ensuring compatibility across devices. Sensitive biometric and payment data are stored locally on users’ devices, following a decentralized model that prioritizes privacy by keeping data secure and device-bound. The service has already launched with several Asia Pacific banks, including DBS Bank and United Overseas Bank (UOB), which are integrating it into their digital banking platforms. Mastercard plans a global rollout of Payment Passkey throughout 2024, extending collaborations with banks, merchants, and digital wallet providers to promote widespread adoption of this streamlined authentication solution.

Microsoft Authenticator to Get Native Passkey Support in January

Microsoft will introduce native passkey support in Microsoft Authenticator in mid-January 2025, advancing its passwordless, phishing-resistant authentication solutions. Passkeys use cryptographic key pairs, with a public key stored by the service and a private key secured on the user’s device, accessed using biometrics or a PIN for secure login without transmitting credentials online. New features in the latest public preview include mandatory attestation for passkey registration and Android native app compatibility. Microsoft Authenticator’s updated version 6.2408.5807 for Android now meets FIPS 140-3 compliance for Microsoft Entra authentications, supporting secure passkeys, push multi-factor authentication, passwordless phone sign-ins, and time-based one-time codes. By January, passkeys will offer phishing resistance equivalent to physical keys, with organizations able to manage passkey access through FIDO2 policy restrictions if necessary.

Kenya to Require Importers, Travelers to Declare Mobile Device Identifiers

The Kenya Revenue Authority (KRA) has announced new regulations requiring travelers and importers to declare the International Mobile Equipment Identity (IMEI) numbers of mobile devices when entering Kenya. This measure aims to address Kenya’s high rate of counterfeit mobile devices, estimated at 30-40 percent of phones in circulation. Under the new rules, travelers must declare device IMEIs on the F88 passenger declaration form, and commercial importers must document devices through KRA’s Customs portal. Local manufacturers and assemblers must also register with the KRA and obtain permits from the Communications Authority of Kenya (CA), which will enforce compliance. Mobile network operators are required to restrict access to compliant devices only, with a verification system allowing consumers to check device authenticity. The regulations, effective January 1, 2025, come amid privacy concerns, though the CA asserts the system is limited to device verification and tax compliance.

Alibaba Cuts Metaverse Ambitions in Pivot to AI

Alibaba Group has reduced its metaverse operations by laying off dozens of employees from its Yuanjing unit, as the company pivots toward artificial intelligence development. Originally launched in 2021 with substantial investment, Yuanjing had planned features like biometric authentication and digital identity verification for virtual access, but these initiatives are now deprioritized. The layoffs impact staff in Shanghai and Hangzhou, with Yuanjing’s workforce significantly reduced, though the unit will still focus on metaverse tools and applications. Alibaba’s decision aligns with a broader tech industry trend, where companies like Meta Platforms and Baidu are similarly refocusing on AI over metaverse projects. Yuanjing’s narrower scope reflects a realignment toward AI, which has become a priority across the tech sector.

–

November 6, 2024 – by Tony Bitzionis and Alex Perala