The title agent-focused artificial Intelligence technology firm Alanna.ai has launched a digital signing capability to help title agents and companies comply with Financial Crimes Enforcement Network’s (FinCEN) new reporting requirements. The firm has made enhancements to its Smart Forms offering, which the company said will help users streamline the new data collection and reporting requirements needed to comply with FinCEN’s Anti-Money Laundering rule. The enhancements to Smart Forms, known as Alanna Sign, include a specialized form supporting the rule’s mandatory data-gathering process, which will be required of buyers and sellers. The specialized form will include automated reminders for form completion and completion of the digital signing process, according to Alanna.ai. Alanna.ai president and co-founder Hoyt Mann believes this tool will lessen the hassle many title professionals fear these new requirements create.
Microsoft launches an open‑source ZKP library that randomizes each credential presentation to ensure unlinkable, privacy‑preserving digital IDs
Microsoft has introduced Crescent, its cryptographic privacy library to address the growing privacy challenge posed by digital identities. Hidden identifiers in mobile driver’s licenses or JSON Web Tokens (a widely used app login authentication standard) can be exploited to compile detailed user profiles, even when only minimal data is shared, by linking separate activities together. Crescent is an open-source cryptographic library that integrates with existing identity formats without requiring issuers to change their infrastructure. It ensures that every presentation is randomized cryptographically so that no hidden data beyond what the user explicitly reveals can link one interaction to another, the company claims. “Zero-knowledge proofs are not as efficient as the cryptographic algorithms used in today’s credentials,” says the post. “Crescent addresses this computational challenge through preprocessing, performing the most complex calculations once in advance so that later proof generation is quick and efficient for mobile devices.” To make zero-knowledge proofs practical for mobile devices, Crescent splits proof generation into a one-time preparation stage and a fast per-presentation stage. The preparation stage computes reusable cryptographic values and stores them on the device; the presentation stage randomizes those values and produces a compact proof revealing only the necessary attributes. Crescent uses the Groth16 zero-knowledge SNARK system, which produces small proofs that can be verified quickly in a single step. Shared cryptographic parameters based on credential templates allow multiple issuers — for instance, different state motor vehicle departments — to interoperate as long as they adhere to compatible data formats and security standards.
Roblox restricts adult-minor contact by expanding selfie‑based facial age estimation to all users of voice and text chat, pairing it with ID checks and parental consent
Amid lawsuits alleging child safety concerns, online gaming service Roblox is expanding its age-estimation technology to all users and partnering with the International Age Rating Coalition (IARC) to provide age and content ratings for the games and apps on its platform. This involves scanning users’ selfies and analyzing facial features to estimate age. This age-estimation tech is combined with other systems, including ID age verification and verified parental consent, to provide a more accurate measure of a user’s age, Roblox says — especially when compared with simply having kids type in a birth year when they create an account. The company notes that it’s also planning to launch systems that will further limit communications between adults and minors on its platform. Meanwhile, the company’s partnership with IARC will see Roblox replacing its own content and maturity labels with those used by rating agencies worldwide. That means users in the U.S. will see ratings from the ESRB, while other countries will see those used by their own ratings authorities. Players in the Republic of Korea will see ratings from GRAC; players in Germany will see ratings from the USK; and players elsewhere in Europe and the United Kingdom will see ratings from the PEGI, for instance. This system is meant to help parents better understand what sort of games their kids are playing, based on factors that could raise concerns. Among its tools is Roblox Sentinel, an open source AI system designed to detect early signals of child endangerment. The company also offers parental controls, tools to restrict communications, and technology that detects when there are servers where a large number of users are breaking its rules, so it can take them down.
Strata Identity enables identity orchestration for AI agents providing identity guardrails and observability for AI agents without limiting identity provider (IDP) choice
Strata Identity has introduced a new product, Identity Orchestration for AI Agents. Built on Strata’s Maverics vendor-agnostic identity fabric and hybrid air-gap architecture, it provides identity guardrails and observability for AI agents without limiting identity provider (IDP) choice. Strata’s new product issues short-lived, scoped credentials at runtime; enforcing fine-grained, policy-as-code authorization, including human-in-the-loop approval for sensitive actions; and logging every agent decision and MCP-initiated API call for full auditability. Strata’s Maverics treats every AI agent as a first-class identity, governed by the same rigor as human users, to provide zero-trust governance for autonomous AI agents. This industry-first approach handles every agent action as a policy-enforced, observable, and auditable event in real time. Its identity-aware, MCP-native proxy enforces policy without requiring changes to existing apps or microservices. Key capabilities: Dynamic, runtime authentication for agents using delegated OAuth flows—supporting PKCE and SPIFFE/SVID to enable ephemeral, scoped trust without static credentials. Policy-driven, attribute- and context-aware authorization, through On-Behalf-Of (OBO) flows with optional human-in-the-loop verification to enforce step-up approvals for sensitive or high-risk actions. Just-in-time issuance/provisioning of agent identities into any cloud or on-premises IDP, including automatic credential rotation, lifecycle expiry, and ownership assignment. Full-stack observability through OpenTelemetry, providing near real-time, correlated traces of both human and agent interactions for forensic lineage, risk analysis, and audit through your existing reporting and analytics tools.
With Okta-powered SSO, DigitalOcean provides enterprise-grade authentication and streamlined cloud access with automated user management, role-based access, and centralized security for cloud-native teams
DigitalOcean announced support for Single Sign-On to provide digital native businesses with seamless and secure authentication to their DigitalOcean accounts. Built on the industry-standard OpenID Connect (OIDC) protocol, SSO connects your existing Identity Provider (IdP) to DigitalOcean, starting with Okta and expanding to other leading IdPs in the future. For growing, cloud-native teams, SSO provides secure, frictionless access without added complexity or cost. DigitalOcean includes enterprise-grade control and automated user management in every plan, so your team can focus on building, not managing logins. Features of Single Sign-on include: IdP integration & centralized access control: Direct DigitalOcean connection and enforcement of security policies (e.g., MFA, IP restrictions, password policies) through an organization’s existing IdP. Automated user provisioning: Automatically creates new user accounts and assigns roles within DigitalOcean based on IdP group membership upon first login. Role-based access: Aligns identity provider groups with DigitalOcean roles to simplify and automate permissions management. Automated offboarding: Supports real-time deprovisioning of user access from DigitalOcean when removed from the IdP. Enforcement options: Allows administrators to choose between enforcing SSO-only authentication or permitting a mix of SSO and traditional logins. Bratin Saha, Chief Product and Technology Officer, DigitalOcean. “Unlike other cloud providers that gate SSO and automated user management behind premium tiers, DigitalOcean includes these capabilities for every customer. By making secure authentication and frictionless onboarding a built-in part of our platform, we help growing teams spend less time managing access and more time innovating and scaling.”
University of Pittsburgh’s mobile ID system allows students, faculty, and staff to download credentials via mobile wallets while offering the option to choose between digital ID and physical card
The University of Pittsburgh has launched a new mobile credentials system for students, faculty, and staff, launched on July 15, 2025. The system, facilitated by Transact, allows users to download credentials via Apple Wallet, Google Wallet, and Samsung Wallet. Users will have the option to choose between the Mobile Panther ID and the current physical contactless Panther Card. The mobile ID is part of a larger effort to modernize campus life, enhance security, and reduce plastic waste. However, mobile ID users will need to use the Pittsburgh Regional Transit app for public transit access. The system also addresses concerns about using the credential if a phone battery dies, with iPhone users able to use Express Mode with power reserve for up to five hours after a phone shuts down due to low battery, and Samsung users able to make up to 15 transactions within 24 hours. Existing students, staff, and faculty who choose the mobile credential can keep their physical Panther Card as a souvenir. Once activated, it functions everywhere the physical card does: Doors and Building Access; Laundry; Libraries; Dining Hall Turnstiles; Bookstore; All Pitt Eats locations; Student Recreation; Residence Hall Gyms; Guest Check-in; Cart Sign-Out; Parking Access.
AONY Web3 on-chain identity solution integrates decentralized ID standards, AI-driven behavioral analytics that evolves with user activity, and reputation scoring to enable a trusted and transferable identity across multiple blockchains
AONY, an innovative blockchain identity protocol, is set to launch in Q3 2025. It integrates decentralized identity standards, AI-driven behavioral analytics, and reputation scoring into a unified on-chain identity solution. Unlike traditional DID systems, AONY introduces a multi-dimensional identity model that evolves with user activity. It enables users to build a trusted and transferable digital identity across multiple blockchains. The project, completed by experts from Microsoft, Binance Labs, and Tsinghua University, aims to become the foundational infrastructure provider for Web3 identity, AI-based credit scoring, and decentralized reputation systems. Key components of the AONY protocol include:
Protocol Layer: Built on the ERC-7484 DID standard with cross-chain bridge support.
AI Analytics Engine: Leveraging large language models (LLMs) and graph neural networks (GNNs) to analyze user behavior and interactions.
NFT/SBT Identity Layer: Each identity is represented by a unique non-transferable Soulbound Token (SBT).
Reputation Score System: Evaluating users across governance, trading, and social participation dimensions.
Trulioo suggests “digital agent passport” to keep bots honest at checkout- a tamper-proof credential showing who built the agent, who it represents, and what permissions it has
Trulioo and PayOS recently published a white paper that advances the concept of Know Your Agent (KYA). At its core is the “Digital Agent Passport,” a tamper-proof credential showing who built the agent, who it represents, and what permissions it has. The passport includes five checkpoints: provenance, user binding, permission scope, real-time behavior telemetry, and continuous risk scoring—creating a verifiable chain of trust at machine speed. The white paper proposes independent Digital Passport Authorities to issue, sign, and revoke passports, much like SSL certificate authorities. A federated directory would ensure interoperability across borders and marketplaces, with real-time revocation lists. KYA would combine Trulioo’s identity graph and fraud detection with agent behavior monitoring. If an agent exceeds its permissions or behaves suspiciously, its passport could be flagged or revoked instantly. For merchants, KYA offers tighter audit trails and fewer manual exceptions. For FinTechs and retailers, it enables higher straight-through processing while guarding against fraud. Trulioo urges support for a federated directory of “white list agents,” ensuring payloads are signed and trusted. Each passport includes cryptographic proof of the developer’s identity and a hash of the latest code commit, giving merchants real-time visibility into agent behavior.
Proton’s open-source authenticator app lets users log in to services using dynamically generated two-factor authentication codes, automatically backs up codes, allows syncing codes and accounts across devices and can work in offline mode
Privacy-focused productivity tool company Proton released a new authenticator app today, allowing users to log in to services using dynamically generated two-factor authentication codes. The free app is available on all platforms starting today, including iOS, Android, Windows, macOS, and Linux. The app allows users to sync codes and accounts across devices. The company said that just like its other products, Proton Authenticator is open source and uses end-to-end encryption to protect user data. Users can easily import login codes from other authentication apps. Plus, the app automatically backs up codes and also works without any internet connection. “Two-factor authentication is essential for everyone – not just those who care about their privacy. Proton Authenticator is built for anyone who wants a secure, transparent, and convenient way to protect their accounts,” Eamonn Maguire, head of Account Security at Proton, said. “We believe strong security should never come at the cost of your convenience or privacy. That’s why we’ve developed Proton Authenticator: to give users peace of mind that their 2FA codes are available wherever they need them, without relying on Google or Microsoft. We’re putting users firmly in control not only over their data, but the way they access their online accounts,” he added.
Handwave’s tech uses a combination of surface palm imaging and near-infrared vein mapping to enable secure, frictionless authentication of payments, age verification and loyalty programs “with one wave of a hand” and without the need for devices, apps or wallets
Handwave has raised $4.2 million in a seed round to launch its palm-based authentication method across Europe and the United States. The company’s technology enables payments, age verification and loyalty programs to be done “with one wave of a hand.” “Using a combination of surface palm imaging and near-infrared vein mapping, Handwave creates an encrypted biometric template that never leaves your control,” Handwave said. “The result? Secure, frictionless authentication with a single gesture — no devices, apps or wallets required.” Handwave said palm biometrics provides users with greater control than facial recognition and greater security than face scans or fingerprints. While facial recognition can be triggered passively, palm biometrics requires users to extend their hand and confirm the action. Plus, the palm’s “unique network of veins, geometry and motion” is difficult to replicate and can be verified with liveness detection. The early-stage venture capital firm focused on Baltic founders said Handwave’s biometric payments and identification platform “is redefining how we pay and prove who we are — with just a palm.” “The idea that you can securely pay or verify your identity with nothing but your palm—without even taking out a phone—is not just futuristic, it’s imminently practical,” Practica Capital Partner Arvydas Bloze said.