Supply chains are dealing with a new kind of traffic jam – a digital one. Constantly, countless users, systems, and devices try to access their networks. Hence, verifying their digital identity isn’t as simple as checking an ID badge. Indeed, your tracking systems need to connect. Also, your AI agents want access. Even the smart containers arriving at your warehouse want to join the network. While security teams can handle the technical side, they need business leaders to make the big calls: Which of these digital visitors get keys to the network? How much access should they have? And how do we verify who they are? These aren’t just IT problems. Indeed just like physical security, digital security requires business decisions to assure modern supply chains are not compromised.
In this digital identity primer for supply chain managers, I’ll look at the fundamentals of digital identity verification and authentication. With this knowledge, you can be actively engaged in creating secure, efficient, and usable digital supply chain policies. Specifically, I‘ll discuss the three types of digital identity systems, identity standards for legal entities, and methods for verifying an identity. Also, I’ll show you proven techniques for authenticating digital identities, and various approaches for establishing a secure digital identity system.
- 1. Three Types Of Digital Identity System Architectures.
- 2. Corporate Legal Entity Systems.
- 3. Verification Methods for Individuals: What Countries Do Today For Identity Verification.
- 4. Authentication: Methods Of Challenging Digital Identities.
- 5. Authentication Approaches For A Secure Digital Identity System.
1. Three Types Of Digital Identity System Architectures.
There are really only three types of digital identity system architectures: centralized, federated, or decentralized. Since the dawn of the computer age and the need to share digital resources, IT departments have had to deploy digital identity systems. At first these systems were centralized. Then over time more businesses and organizations, small and large, have started using a federated model. Recently, decentralized models have emerged that show promise. To detail, below is a description with examples of the 3 types of digital identity system architectures.
a. Centralized.
For example, a company like Facebook operates a centralized digital identity system where the user’s identity and access to services are controlled solely by Facebook. In this case, all user information is stored on Facebook’s servers. Indeed, in the early years of computers, a centralized digital identity system was the only type of security available.
b. Federated.
For instance, Google’s “Sign in with Google” feature is an example of a federated digital identity system. Here, Google authenticates the user, allowing them to log into various third-party apps and services without creating new accounts. Today, this type of system is now quite common. This is because of its high level of interoperability which increases efficiency for businesses and ease of use for end-users.
c. Decentralized.
This type of architecture is normally referred to as a digital wallet. This decentralized approach empowers users to control their own identity information across different platforms without relying on a central authority. Further, these systems often use blockchain technology for secure, peer-to-peer interactions. Currently, these types of systems are not in wide use due to several challenges such as interoperability, regulatory, and privacy concerns.
2. Corporate Legal Entity Systems.
Over the years, corporations have adopted a wide range of digital identity standards and systems. Some have come and gone, others are still in wide use. For digital supply chains, identifying legal entities are the most critical for gaining trust between trading partners. This is because legal identities are needed to officially recognize organizations that digitally exchange supply chain transactions. More specifically, these supply chain transactions can include procurement, transport, invoicing, and payment to name a few. Furthermore, it is a legal entity that either delegates their authority or is associated with other entities in the supply chain such as employees, systems, AI agents, assets, and products.
Surprisingly or maybe not surprisingly, there are several legal entity systems in use today by supply chains and trading partner organizations. Below are the most commonly accepted legal entity standards that are in wide use today.
Top Legal Entity Systems
- DUNS – Data Universal Numbering System. The DUNS number is a nine-digit identifier for businesses used to establish a company’s D&B file and is provided by Dun & Bradstreet. It is recognized, recommended, or required by more than 200 global, industry, and trade associations.
- GLN – Global Location Number. The GLN is a unique 13-digit number used to identify the legal entity and physical location of a business. This ensures accurate and efficient data synchronization within supply chains, and is powered by GS1 Standards.
- LEI – Legal Entity Identifier. The LEI is a 20-character code used across markets and jurisdictions to uniquely identify legally distinct entities that engage in financial transactions. It connects to key reference information that enables clear identification of legal entities participating in financial transactions. Global Legal Entity Identifier Foundation (GLEIF) is the developer of LEI.
- International Business Registration Number (IBRN). ECCMA governs the legal identifier, IBRN (formally ALEI). This identifier originates from a government registry at a company’s formation. The company’s registration number serves as the suffix of the IBRN. The IBRN conforms to ISO 80000-116, creating a digital legal identity by adding a ISO predefined ALEI prefix. This legal identity standard holds great promise since it utilizes the established legal status of government bodies and is cost-free.
For more details on international digital identity practices, see WTO’s Global Digital Identity and U.S. Customs And Border Protection’s Global Business Identifier Initiative. Also, see Identity’s The Importance of Interoperability in Digital Identity for more information on digital identity standards and systems.
3. Verification Methods for Individuals: What Countries Do Today For Identity Verification.
To better understand the process of digital identification, let’s examine how various countries approach this task. Indeed, countries serve as excellent examples, as they are the primary public authorities responsible for issuing digital identities. Furthermore, the methods and informational elements used to verify an individual’s identity can vary significantly from country to country. As a result of a country successfully verifying the information about the identity of an individual, they issue a national digital identity to those individuals. Specifically, these informational elements include:
Examples of Information to Verify an Individual’s Identity
- Textual information such as name and date of birth
- Audio information in the form of a voice sample
- Biometric data such as blood samples, iris scans, fingerprints and hair samples
- Descriptive information such as physical traits, including weight and height
- Personal identifiers such as a US Social Security number (SSN) or any government-issued identifying number
- Tokenized representations such as an ID chip card or passport
For more details on national digital identity systems, see ISACA’ article, The Importance of a National Digital Identity System. This article highlights current practices of select countries such as Estonia, China, UK, Canada, and Singapore. Also, see DigitalBenefitsHub’s Logging In and Providing Proof: A Guide to U.S. Government Actions on Digital Identity for details on NIST‘s role in setting digital identity guidelines and Login.gov, the federal shared digital infrastructure for authentication and identity proofing.
4. Authentication: Methods Of Challenging Digital Identities.
Authenticating a digital identity is just important as the initial verification process to assign a digital identity. Indeed, a hacker or other bad actor only needs to breach a system once to cause undue harm. Further, a digital identity system will authenticate a digital identity countless times. Specifically, it is a prudent practice for a digital identity system to authenticate an user every time a user assesses the system’s online resources. To detail, below are authentication methods used most often to affirm that a digital identity is not being falsely used.
a. Memorized Or Look-Up Secret (Password).
A security method where users must remember or look up information like passwords or PINs to gain access.
b. Out-of-band Device.
An authentication process that requires a secondary device, often a mobile phone, to verify identity through a separate communication channel.
c. Single-Factor One-Time Password (OTP) Device.
A device that generates a unique, one-time-use code as a standalone authentication method for each login attempt. Also, can use cryptographic keys for further enhanced security.
d. Multi-Factor OTP Device.
A device that uses an additional layer of security by generating time-sensitive, one-time-use codes used in conjunction with other authentication factors. Also, can use cryptographic keys for further enhanced security.
For more details on authentication methods, see NIST publication SP 800-63B.
5. Authentication Approaches For A Secure Digital Identity System.
Lastly, there are several authentication approaches that digital identity systems use in terms of securing the digital identity process. Each of these approaches have both pros and cons. Specifically, all digital identity systems make tradeoffs between security and usability. For example, if a digital identity system has too many security checks, then they are harder to use. Worse, users will not or cannot use the system due to it being too cumbersome. To detail, below is a brief description of different approaches to securing digital identities and their major drawbacks.
“… all digital identity systems make tradeoffs between security and usability.”
Digital Identification Authentication Approaches
a. Multi-Factor Security.
While multi-factor authentication significantly enhances security, it can introduce inconvenience for users. This is due to additional verification steps that may cause delays and complicate the login process.
b. Biometric System.
Biometric systems offer a high level of security but raise privacy concerns, as biometric data, if compromised, is immutable and could lead to permanent identity theft risks.
c. Scoring Systems for ID and Likelihood of Fraudulent Events.
Scoring systems help detect fraud but may sometimes lead to false positives. As a result, this can lead to wrongfully flagging legitimate activities as fraudulent and potentially blocking access for genuine users.
d. Decentralized System Using Blockchain.
Decentralized identity systems using blockchain offer robust security and privacy. However, they face scalability challenges and can be complex for users to understand and adopt. Additionally, there are major interoperability challenges in getting these types of digital identity systems working together.
e. Zero Trust Architecture.
Zero trust architecture minimizes insider threats by not trusting anyone by default. On the other hand, it can be resource-intensive to implement and may disrupt user workflows with its continuous verification requirements.
For more information on different approaches to a secure digital identity system, see IdentityManagementInstutute’s EVOLUTION OF DIGITAL IDENTIFICATION, LexisNexis’ Digital Identity Network: Harness the power of global shared intelligence, TSA’s PreCheck Touchless Identity Solution, InformationWeek’s Digital ID Technology Promises Stronger Security, and Zscaler’s What Is Zero Trust Architecture?
Final Thoughts on Digital Identity For Supply Chains.
In the final analysis, it is up to supply chain leaders to determine how secure to make their digital supply chain. Digital security is no different from physical security. It is a continuous process for managers to stay informed of potential threats and update appropriate policies to ensure business continuity. Indeed, digital identity technology and methodologies continue to evolve. Further, security risks continue to evolve to include bad actors using better technology and methods to compromise digital resources.
For more information on digital identity in logistics, see my article, Digital Identity In Logistics And What To Know – The Best Security, Scary Risks. This article goes into details on the unique nature of digital identity within supply chains to include the challenges and risks.
Need help with an innovative solution to make your supply chain systems work together? I’m Randy McClure, and I’ve spent many years solving data interoperability and visibility problems. As a supply chain tech advisor, I’ve implemented hundreds of successful projects across all transportation modes, working with the data of thousands of shippers, carriers, and 3rd party logistics (3PL) providers. I specialize in ?proof-of-concept and operational pilot projects for emerging technologies. If you’re ready to modernize your data infrastructure or if you are a solution provider, let’s talk. To reach me, click here to access my contact form or you can find me on LinkedIn.
For more like this from SC Tech Insights, see the latest topics on Interoperability and Information Technology.
Greetings! As a supply chain tech advisor with 30+ years of hands-on experience, I take great pleasure in providing actionable insights and solutions to logistics leaders. My focus is to drive transformation within the logistics industry by leveraging emerging LogTech, applying data-centric solutions, and increasing interoperability within supply chains. I have a wide range of experience to include successfully leading the development of 100s of innovative software solutions across supply chains and delivering business intelligence (BI) solutions to 1,000s of shippers. Click here for more info.