Modern supply chains are encountering a new kind of congestion: a digital one. We now have countless users, systems, AI agents, and even smart containers now demanding network access. Without a doubt, verifying the digital identity of who or what gets in—and with what privileges—is a momentous challenge for both IT departments and business leaders. Indeed, for corporate leadership, this is a strategic imperative. Just as with physical security, digital security requires comprehensive oversight to ensure optimal efficiency and prevent compromise across the supply chain.

In this digital identity primer for supply chain managers, I’ll look at the fundamentals of digital identity verification and authentication. With this knowledge, you can be actively engaged in creating secure, efficient, and usable digital supply chain policies. Specifically, I‘ll discuss the three types of digital identity systems, identity standards for legal entities, and methods for verifying an identity. Also, I’ll show you proven techniques for authenticating digital identities, and various approaches for establishing a secure digital identity system.

5-Minute Supply Chain Tech Brief

1. Three Types Of Digital Identity System Architectures.

First, there are really only three types of digital identity system architectures: centralized, federated, or decentralized. Since the dawn of the computer age and the need to share digital resources. As a result, IT departments have had to deploy digital identity systems to protect corporate networks. At first these systems were centralized. Then over time more businesses and organizations, small and large, have started using a federated model. Recently, decentralized models have emerged that show promise. To detail, below is a description with examples of the 3 types of digital identity system architectures.

a. Centralized.

For example, a company like Facebook operates a centralized digital identity system where the user’s identity and access to services are controlled solely by Facebook. In this case, all user information is stored on Facebook’s servers. Indeed, in the early years of computers, a centralized digital identity system was the only type of security available.

b. Federated.

For instance, Google’s “Sign in with Google” feature is an example of a federated digital identity system. In this case, Google authenticates the user, allowing them to log into various third-party apps and services without creating new accounts. Today, this type of system is now quite common. This is because of its high level of interoperability which increases efficiency for businesses and ease of use for end-users.

c. Decentralized.

This type of architecture is normally referred to as a digital wallet. Specifically, this decentralized approach empowers users to control their own identity information across different platforms without relying on a central authority. Further, these systems often use blockchain technology for secure, peer-to-peer interactions. Currently, these types of systems are not in wide use due to several challenges such as interoperability, regulatory, and privacy concerns.

To summarize, see chart below depicting the 3 Types of Digital Identity Architectures with examples:

“Since the dawn of the computer age and the need to share digital resources … IT departments have had to deploy digital identity systems to protect corporate networks.”

2. Types of Corporate Legal Entity Systems.

Without a doubt, it is paramount that corporations have a verifiable legal identity to conduct commerce. In fact, a legal identity is what establishes trust and official recognition among trading partners. In particular for supply chains, a legal identity is essential for validating organizations exchanging critical transactions like procurement, transport, invoicing, and payment. Moreover, corporate legal entity systems serve as the foundation for delegating authority to other entities such as employees, systems, AI agents, assets, and products. Surprisingly, despite this critical need, there is not a single legal entity methodology in use today, there are many. Below are the most commonly accepted legal entity systems in use today.

Top Legal Entity Systems

• DUNS – Data Universal Numbering System. The DUNS number is a nine-digit identifier for businesses used to establish a company’s D&B file and is provided by Dun & Bradstreet. It is recognized, recommended, or required by more than 200 global, industry, and trade associations.
• GLN – Global Location Number. The GLN is a unique 13-digit number used to identify the legal entity and physical location of a business. This ensures accurate and efficient data synchronization within supply chains, and is powered by GS1 Standards.
• LEI – Legal Entity Identifier. The LEI is a 20-character code used across markets and jurisdictions to uniquely identify legally distinct entities that engage in financial transactions. It connects to key reference information that enables clear identification of legal entities participating in financial transactions. Global Legal Entity Identifier Foundation (GLEIF) is the developer of LEI.
• International Business Registration Number (IBRN). ECCMA governs the legal identifier, IBRN (formally ALEI). This identifier originates from a government registry at a company’s formation. The company’s registration number serves as the suffix of the IBRN. The IBRN conforms to ISO 80000-116, creating a digital legal identity by adding a ISO predefined ALEI prefix. This legal identity standard holds great promise since it utilizes the established legal status of government bodies and is cost-free.

For more details on international digital identity practices, see WTO’s Global Digital Identity and U.S. Customs And Border Protection’s Global Business Identifier Initiative. Also, see Identity’s The Importance of Interoperability in Digital Identity for more information on digital identity standards and systems. Lastly, the chart below summarizes the Top Legal Entity Systems to include example formats and primary use.

“… corporate legal entity systems serve as the foundation for delegating authority to other entities such as employees, systems, AI agents, assets, and products.”

3. Digital Identity Verification: Informational Elements Used to Verify Individuals.

To better understand the process of digital identification, let’s examine how various countries verify the identity of individuals. Without a doubt, countries serve as excellent examples, as they are the primary public authority that is responsible for issuing digital identities. At the same time, the methods and informational elements used to verify an individual’s identity can vary significantly from country to country. See below, for common types of information elements that countries use to verify an individual’s identity.

Examples of Information Elements to Verify an Individual’s Identity

• Textual information such as name and date of birth
• Audio information in the form of a voice sample
• Biometric data such as blood samples, iris scans, fingerprints and hair samples
• Descriptive information such as physical traits, including weight and height
• Personal identifiers such as a US Social Security number (SSN) or any government-issued identifying number
• Tokenized representations such as an ID chip card or passport

For more details on national digital identity systems, see ISACA’ article, The Importance of a National Digital Identity System. This article highlights current practices of select countries such as Estonia, China, UK, Canada, and Singapore. Also, see DigitalBenefitsHub’s Logging In and Providing Proof: A Guide to U.S. Government Actions on Digital Identity for details on NIST‘s role in setting digital identity guidelines and Login.gov, the federal shared digital infrastructure for authentication and identity proofing. 

“… methods and informational elements used to verify an individual’s identity can vary significantly …”

4. Authentication: Techniques For Challenging Digital Identities.

Unquestionably, authenticating a digital identity is just as important as the initial verification process when initially assigning a digital identity. Indeed, a hacker or other bad actor only needs to breach a system once to cause undue harm. Moreover, a digital identity system will not just authenticate a digital identity once, it will do it countless times. Without a doubt, it is a prudent practice for a digital identity system to authenticate an user every time a user assesses the system’s online resources. To detail, below are authentication methods used most often to affirm that a digital identity is not being falsely used.

a. Memorized Or Look-Up Secret (Password).

A security method where users must remember or look up information like passwords or PINs to gain access.

b. Out-of-band Device.

An authentication process that requires a secondary device, often a mobile phone, to verify identity through a separate communication channel.

c. Single-Factor One-Time Password (OTP) Device.

A device that generates a unique, one-time-use code as a standalone authentication method for each login attempt. Also, can use cryptographic keys for further enhanced security.

d. Multi-Factor OTP Device.

A device that uses an additional layer of security by generating time-sensitive, one-time-use codes used in conjunction with other authentication factors.  Also, can use cryptographic keys for further enhanced security.

For more details on authentication methods, see NIST publication SP 800-63B. Also, see below is graphic summarizes Top Authentication Techniques.

“… authenticating a digital identity is just as important as the initial verification process when initially assigning a digital identity.”

5. Authentication Approaches For A Secure Digital Identity System.

Lastly, there are several authentication approaches that digital identity systems use in terms of securing the digital identity process. Each of these approaches have both pros and cons. Specifically, all digital identity systems make tradeoffs between security and usability. For example, if a digital identity system has too many security checks, then they are harder to use. Worse, users will not or cannot use the system due to it being too cumbersome. To detail, below is a brief description of different approaches to securing digital identities and their major drawbacks.

Digital Identification Authentication Approaches

a. Multi-Factor Security.

While multi-factor authentication significantly enhances security, it can introduce inconvenience for users. This is due to additional verification steps that may cause delays and complicate the login process.

b. Biometric System.

Biometric systems offer a high level of security but raise privacy concerns, as biometric data, if compromised, is immutable and could lead to permanent identity theft risks.

c. Scoring Systems for ID and Likelihood of Fraudulent Events.

Scoring systems help detect fraud but may sometimes lead to false positives. As a result, this can lead to wrongfully flagging legitimate activities as fraudulent and potentially blocking access for genuine users.

d. Decentralized System Using Blockchain.

Decentralized identity systems using blockchain offer robust security and privacy. However, they face scalability challenges and can be complex for users to understand and adopt. Additionally, there are major interoperability challenges in getting these types of digital identity systems working together.

e. Zero Trust Architecture.

Zero trust architecture minimizes insider threats by not trusting anyone by default. On the other hand, it can be resource-intensive to implement and may disrupt user workflows with its continuous verification requirements.

To summarize, see chart below that depicts the Pros and Cons of Top Authentication Approaches.

“… all digital identity systems make tradeoffs between security and usability.”

Final Thoughts on Digital Identity For Supply Chains.

In the final analysis, it is up to supply chain leaders to determine how secure to make their digital supply chain. Digital security is no different from physical security. It is a continuous process for managers to stay informed of potential threats and update appropriate policies to ensure business continuity. Indeed, digital identity technology and methodologies continue to evolve. Further, security risks continue to evolve to include bad actors using better technology and methods to compromise digital resources.  

For more information on digital identity in logistics, see my article, Digital Identity In Logistics And What To Know – The Best Security, Scary Risks. This article goes into details on the unique nature of digital identity within supply chains to include the challenges and risks.

Digital Identity In Logistics And What To Know – The Best Security, Scary Risks

More References.

• IdentityManagementInstutute’s EVOLUTION OF DIGITAL IDENTIFICATION
• LexisNexis’ Digital Identity Network: Harness the power of global shared intelligence
• TSA’s PreCheck Touchless Identity Solution
• InformationWeek’s Digital ID Technology Promises Stronger Security
• Zscaler’s What Is Zero Trust Architecture?
• SC Tech Insights’ Data Sensitivity: What You Need to Know For Your Business

Need help with an innovative solution to make your supply chain systems work together? I’m Randy McClure, and I’ve spent many years solving data interoperability and visibility problems. As a supply chain tech advisor, I’ve implemented hundreds of successful projects across all transportation modes, working with the data of thousands of shippers, carriers, and 3rd party logistics (3PL) providers. I specialize in proof-of-concept and operational pilot projects for emerging technologies. If you’re ready to modernize your data infrastructure or if you are a solution provider, let’s talk. To reach me, click here to access my contact form or you can find me on LinkedIn.

For more like this from SC Tech Insights, see the latest topics on Interoperability and Information Technology.