IDENTOS Federated Privacy Exchange and Community Navigator

FPX connects the identity of people, organizations, and things to their data while respecting their privacy.

As an awardee of the Ontario Centres of Excellence’s Digital Identity Challenge, IDENTOS is recognized for its expertise in security, privacy, and identity solutions. Our open standards based products are built to provide easy and secure ways for people to consent to the use of their personal data.

To best illustrate our solutions, we use the example of Amare, a young woman growing up in West Africa. When Amare obtained her national identity card, she was asked for her biometrics and a photo was taken. Amare is due for vaccines so she goes to the local health clinic. The clinic has internet and she is able to identify herself using a fingerprint scanner. Her identity is confirmed through a secure IDENTOS-enabled connection to the government ID system. The nurse receives a green notification on her monitor confirming Amare’s identity and Amare receives her immunizations.

Next, Amare needs to go to the market to collect some rationed goods. The market’s internet connection is irregular, so before leaving the health clinic, Amare heads to a shared kiosk to print a temporary token. She puts her finger on the kiosk reader and scans her iris. The kiosk validates both biometric inputs and a QR code with a photo of her is printed. When picking up her rations, Amare simply allows the attendant to scan her code and verify that the photo is her and picks up her goods.

Our solution has two components. The first is enabling a digital identification system powered by our Federated Privacy Exchange (FPX). FPX is the secure backbone on which digital identification systems and communications operate. It’s designed to bring multiple parties to interact in a collaborative trust framework around the identities of individuals. It provides a scalable approach for digital identity while respecting privacy and requiring users to consent when sharing data. FPX is unique in that its open standard endpoints offer highly convenient integrations, even between organizations running their own identity systems.

Our Community Navigator is the second part of our solution and is the ultimate community tool. It’s a configurable application that enables organizations to confidently and easily curate a marketplace of internal and 3rd party apps. It can seamlessly authenticate users and has the power to safely exchange encrypted private data from multiple sources.

FPX and the Navigator work together to establish authenticated digital identities and enable users to access services and perform secure transactions. This extends to giving users direct control over their own data, giving them clear insight of who can see their information. The Navigator application is a nexus of services and applications where users can discover what their digital identity allows them to do.

ID4D is transforming the lives of billions by designing better, secure digital identification systems with a focus on privacy and empowering citizens to control their own data and have a voice in economic and social opportunities. IDENTOS is able to provide a solution that exceeds those needs, a solution that streamlines identification requirements and enables the exchange of services.

IDENTOS has revolutionized data interoperability with a user centric approach to enable federated trust amongst organizations, people and things with FPX. Evolving the Kantara UMA 2.0 standard, FPX accommodates for people’s consent in a new and elegant fashion to securely connect and quickly integrate otherwise disconnected data sources and digital experiences. Built to interface with FPX, the Community Navigator is a convenient, secure, privacy-respecting “wallet” that enables citizens and their community to interact. IDENTOS has reduced integration efforts by more than 90% by eliminating usernames and passwords, leveraging established federated identity while respecting and protecting privacy.

Our solution accounts for the Seven Foundational Principles of Privacy by Design. We have taken a proactive approach to privacy by developing a platform that places user privacy at the centre. Personal data is never centrally stored with our solution. To verify identity and protect privacy, we’ve accommodated for decentralized access and distributed ledger technologies. A full, but strictly controlled transaction history of data access allows for scalable logging and auditing.

Unlike traditional identification methods, citizens can use their biometrics instead of a pin, signature or password to confirm identity and confirmation of identity can happen without releasing unnecessary private information. Only the pieces of information necessary to perform the service required is granted . For example, at a health clinic, an address may not be required so this is hidden from the healthcare provider. At the market with low connectivity, the name of the citizen is not required for rationed goods so that is not released and a pre-printed printout/token can be used to verify identity instead of a biometric reader that requires internet connection to validate.

Our solution is built to truly enable digital identification (DID) system adoption. This is done by taking a Privacy by Design engineering approach and then layering on a commitment to interoperability and open standards. This enables both new and existing DID systems to come on board, work and communicate with each other in new ways. This openness extends to incorporating paper-based workflows or low-tech methods for interacting with users. In developing countries, where literacy rates and connectivity need to be considered, our solution offers a flexible model for engaging with the population in any number of innovative ways.

Federated Privacy Exchange is able to seamlessly establish connections between multiple data sources for reliable and safe data exchange and integration. We do this by capitalizing on open standards such as UMA, SAML, OAuth, OIDC, and FIDO to easily integrate with existing network resources with minimal effort. Our Navigator can act as one of many front ends to enable a user to understand, utilize, and manipulate their digital identity and associated data.

From a system administrator's perspective, the roll-out can be simple. Our OIDC and UMA compatible plugin interfaces make connecting to the network a simple exercise, based on open standard interfaces. This evident user-friendliness and simplicity of integration is the result of user experience engineering conducted by our in-house usability team and customer co-design.

From an end user’s perspective, our Community Navigator app is specifically designed to make interacting with digital identity and the various business applications/services that leverage the DID an easy and great user experience. Further, it can be a mobile or desktop experience and easily integrates with other applications.

FPX and Community Navigator were designed to bring multiple parties together to interact collaboratively. They are built using only open standards for non-proprietary delivery and to avoid vendor lock-in. They are designed evolving on the principles and specifications of the Kantara UMA 2.0 standard and PAN-Canadian Trust Framework (PCTF). FPX has been written as an open standard that we plan to donate to DIACC and similar organizations like the Kantara Initiative once the spec has cleared validation stage. Our vision is to enable organizations and developers globally to work on building their own solutions/applications of FPX.

Our solution allows for biometric identification, eliminating the need for a signature, mobile, or pin. Once the primary identification and metrics (eg. fingerprints) are available, the citizen’s biometrics can be used to verify their identity each time they need to access a service connected to FPX. Without providing their identity card, the citizen’s privacy is preserved. Connectivity is only required at designated places such as healthcare providers where citizens would be able to validate their identity via FPX. Where a connection is not available, printouts with metrics such as a photo of the citizen can be obtained from kiosks.

We will continue to grow and invest in our technology while rolling it out to specific markets globally over the coming years. This includes completing our scale out in healthcare and bringing the solution to new sectors, such as border security, refugee migration, educational institutions, smart cities, and unique private entities, as well as new markets in the USA, EU, and emerging nations.

Some of the organizations IDENTOS is currently working with include:

-Office of the Privacy Commissioner of Canada (Subject Matter Expertise/Advisory Services),

-TELUS Global Solutions (providing technology powering a global health platform geared to developing and developed nations outside of North America),

-TELUS Health/Canada Health Infoway (providing 2FA solution for national ePrescribing service)

-North York General Hospital (Patient facing mobile / security roadmap)

-Niagara Health System (Niagara Health is launching a patient facing ecosystem of digital healthcare services for their entire region (1.5M citizens) based on FPX trust platform and Community Health Navigator supported by Ontario Government).

The IDENTOS team is the right combination of mission-driven, innovation inspired, yet delivery focused to succeed in scaling out our solution. We have strong in-house engineering and R&D talent, including a recognized leader in cryptography as our full-time Chief Scientist. We have recently invested in professional product and marketing talent. Our executive team brings decades of leadership experience from large telcom, government and technology enterprises. Finally, we are strong contributors/members of broader communities of practice/networks of partners and collaborators on a global scale that span across NFPs, healthcare, government and the private sector.

Having evolved from security hardware device sales and custom app development, IDENTOS is now focused on maturing and scaling our suite of innovative technologies, products and solutions.  We create revenue from sales of our software licences (licences and SaaS services), complemented by professional service fees where appropriate. All of our technology is based on open standards yet we monetize the value of being able to provide customers with a) off the shelf productized applications/services, b) support and maintenance, c) customization and implementation services.

As our products offer flexibility and functionality for our customers, IDENTOS is often involved in planning and executing unique customization requests. While we enable our customers to do integration work on their own, we also provide the necessary resources when requested to perform the work.

As a self-financed scale up company, we value the importance of non-dilutive funding and have thus been awarded a number of grants and non-dilutive funding through private and public programs or competitions. We reinvest all such funding directly into R&D which has helped contribute to 4x annual customer revenue growth the past two years.  Our sales strategy is international and largely tied to leveraging channel partners and communities of practice.

We're applying because we're aligned with the MBC objectives. Our technology is fundamentally designed to provide the level of data privacy and digital identity enablement the MBC is addressing. Our solution can be a platform leveraged by numerous communities, use cases and other innovators also working to address the MBC objectives. The MBC aligns to our vision of a world where people don't need to compromise their privacy to access services, such as healthcare and education. We want to enable individuals to participate in the digital economy and build confidence that their data is being used only as they intended.

A key barrier is the need for partner buy-in with a fundamental understanding of what FPX can enable. Service providers must acknowledge that their user’s data will be kept private and individually managed, meaning they cannot profit or benefit from selling or manipulating this information. To compensate for this, we provide opportunities to integrate and share access to users, giving them the ability to collaborate digitally in new ways. Users will quickly see the benefit of interacting with FPX endpoints and the digital identity system as they will feel empowered and trust how their data is being used.