Ping Identity announced its new Just-in-time Privileged Access capabilities within the Ping Identity Platform, offering comprehensive capabilities across all three categories of identity: Access Management (AM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM). Using centralized identity controls in a single platform, this trifecta empowers customers with a more comprehensive suite of solutions to protect and manage their digital environments. These PAM capabilities enable more secure control over exploding cloud permissions by utilizing a Trusted Platform Module (TPM) to protect privileged sessions at the device-level, which can be both agentless and agent-based, depending on customer needs. With Ping’s privileged access offerings, customers benefit from: JIT Privileged Access: End-users can securely request and obtain time-bound access to cloud environments (AWS, GCP, Azure), as well as cloud or on-premises servers, databases, Kubernetes and other critical resources in a user-friendly portal, adhering to zero trust best practices. Passwordless Access: Authentication to all the resources (e.g. Server SSH, RDP, IAM) is handled in a passwordless manner, eliminating the need for static credentials (e.g. SSH Keys, RDP password). Ensured Compliance: Session recordings and audit logs for privileged access support compliance with regulations such as SOX, SOC2, GDPR, HIPAA, and PCI-DSS. Hybrid Infrastructure Support: JIT granular access to entitlements, roles and resources in AWS, Azure, GCP, and Kubernetes with context-aware policies and real time authorization.
Google Wallet adds support for eighth state ID: Montana; IDs can be read via NFC or by having the QR code scanned
Google Wallet for Android is now rolling out support for Montana state IDs. Open the Google Wallet app, tap the Add to Wallet FAB (floating action button) in the corner, and then Driver’s license or state ID. This reveals Montana as the eighth Google Wallet option. It joins Arizona, California, Colorado, Georgia, Iowa, Maryland, and New Mexico. In terms of card design, it’s “Montana” in the top-left with the Rocky Mountains and a mountain goat. Montana was first announced this April alongside Arkansas, Puerto Rico, and West Virginia. The set-up process involves taking photos of the front and back of your physical card, as well as a brief video of your face for verification that gets sent to the Montana MVD. It will take a few minutes (or longer) for it to be reviewed with a notification confirming once it’s available. You’ll also get an email confirmation from the agency. “Details” next to “Show code” lets you enable an “Activity history,” while “Driver’s License information” lists license number, date of expiry, address, and more. IDs can be read via NFC or by having the QR code scanned. It is accepted in some airports by the TSA. Officially, you still have to carry your ID card as the one on your phone “does not replace the requirement for individuals to carry a physical card.”
ALTA’s new title insurance endorsements set industry standards to combat forgery in property sales; offering long-term coverage to defend homeowners against costly seller impersonation and fraudulent document filings
The American Land Title Association (ALTA) has released two new title insurance policy endorsements aimed at protecting homeowners from seller impersonation fraud — in which criminals forge documents to sell property they do not own and keep the proceeds. The endorsements provide coverage for both new and existing homeowners, offering post-policy protection against forgery of a deed or mortgage. With the coverage, title insurers would cover legal costs needed to correct public records if fraudulent documents are filed against a property. Chris Morton, ALTA’s CEO. “These endorsements set the standards for forgery protection before and after closing, and build upon ALTA’s landmark Homeowner’s Policy of Title Insurance.” “EquityProtect supports the additional protections that are being introduced by the title industry,” said EquityProtect CEO Ryan Marshall. ALTA says the average title insurance fraud or forgery claim costs more than $143,000. In addition to the new endorsements, ALTA updated its Best Practices framework — recommending stronger identity verification in closings, additional training for staff, tighter controls over notary and signing agent selection and protocols for responding to suspected fraud. “These policy endorsements set a new bar for how to help consumers address these crimes,” said Elizabeth Blosser, ALTA’s chief strategy, communications and innovation officer. “If purchased, they should provide peace of mind to homeowners by offering long-term protection from a risk that is both real and increasing.”
Alanna.ai’s AI-driven digital signing capability supports title agents in meeting FinCEN’s updated AML reporting rule; reducing compliance burden with tailored e-forms and automated completion prompts.
The title agent-focused artificial Intelligence technology firm Alanna.ai has launched a digital signing capability to help title agents and companies comply with Financial Crimes Enforcement Network’s (FinCEN) new reporting requirements. The firm has made enhancements to its Smart Forms offering, which the company said will help users streamline the new data collection and reporting requirements needed to comply with FinCEN’s Anti-Money Laundering rule. The enhancements to Smart Forms, known as Alanna Sign, include a specialized form supporting the rule’s mandatory data-gathering process, which will be required of buyers and sellers. The specialized form will include automated reminders for form completion and completion of the digital signing process, according to Alanna.ai. Alanna.ai president and co-founder Hoyt Mann believes this tool will lessen the hassle many title professionals fear these new requirements create.
Microsoft launches an open‑source ZKP library that randomizes each credential presentation to ensure unlinkable, privacy‑preserving digital IDs
Microsoft has introduced Crescent, its cryptographic privacy library to address the growing privacy challenge posed by digital identities. Hidden identifiers in mobile driver’s licenses or JSON Web Tokens (a widely used app login authentication standard) can be exploited to compile detailed user profiles, even when only minimal data is shared, by linking separate activities together. Crescent is an open-source cryptographic library that integrates with existing identity formats without requiring issuers to change their infrastructure. It ensures that every presentation is randomized cryptographically so that no hidden data beyond what the user explicitly reveals can link one interaction to another, the company claims. “Zero-knowledge proofs are not as efficient as the cryptographic algorithms used in today’s credentials,” says the post. “Crescent addresses this computational challenge through preprocessing, performing the most complex calculations once in advance so that later proof generation is quick and efficient for mobile devices.” To make zero-knowledge proofs practical for mobile devices, Crescent splits proof generation into a one-time preparation stage and a fast per-presentation stage. The preparation stage computes reusable cryptographic values and stores them on the device; the presentation stage randomizes those values and produces a compact proof revealing only the necessary attributes. Crescent uses the Groth16 zero-knowledge SNARK system, which produces small proofs that can be verified quickly in a single step. Shared cryptographic parameters based on credential templates allow multiple issuers — for instance, different state motor vehicle departments — to interoperate as long as they adhere to compatible data formats and security standards.
Roblox restricts adult-minor contact by expanding selfie‑based facial age estimation to all users of voice and text chat, pairing it with ID checks and parental consent
Amid lawsuits alleging child safety concerns, online gaming service Roblox is expanding its age-estimation technology to all users and partnering with the International Age Rating Coalition (IARC) to provide age and content ratings for the games and apps on its platform. This involves scanning users’ selfies and analyzing facial features to estimate age. This age-estimation tech is combined with other systems, including ID age verification and verified parental consent, to provide a more accurate measure of a user’s age, Roblox says — especially when compared with simply having kids type in a birth year when they create an account. The company notes that it’s also planning to launch systems that will further limit communications between adults and minors on its platform. Meanwhile, the company’s partnership with IARC will see Roblox replacing its own content and maturity labels with those used by rating agencies worldwide. That means users in the U.S. will see ratings from the ESRB, while other countries will see those used by their own ratings authorities. Players in the Republic of Korea will see ratings from GRAC; players in Germany will see ratings from the USK; and players elsewhere in Europe and the United Kingdom will see ratings from the PEGI, for instance. This system is meant to help parents better understand what sort of games their kids are playing, based on factors that could raise concerns. Among its tools is Roblox Sentinel, an open source AI system designed to detect early signals of child endangerment. The company also offers parental controls, tools to restrict communications, and technology that detects when there are servers where a large number of users are breaking its rules, so it can take them down.
With Okta-powered SSO, DigitalOcean provides enterprise-grade authentication and streamlined cloud access with automated user management, role-based access, and centralized security for cloud-native teams
DigitalOcean announced support for Single Sign-On to provide digital native businesses with seamless and secure authentication to their DigitalOcean accounts. Built on the industry-standard OpenID Connect (OIDC) protocol, SSO connects your existing Identity Provider (IdP) to DigitalOcean, starting with Okta and expanding to other leading IdPs in the future. For growing, cloud-native teams, SSO provides secure, frictionless access without added complexity or cost. DigitalOcean includes enterprise-grade control and automated user management in every plan, so your team can focus on building, not managing logins. Features of Single Sign-on include: IdP integration & centralized access control: Direct DigitalOcean connection and enforcement of security policies (e.g., MFA, IP restrictions, password policies) through an organization’s existing IdP. Automated user provisioning: Automatically creates new user accounts and assigns roles within DigitalOcean based on IdP group membership upon first login. Role-based access: Aligns identity provider groups with DigitalOcean roles to simplify and automate permissions management. Automated offboarding: Supports real-time deprovisioning of user access from DigitalOcean when removed from the IdP. Enforcement options: Allows administrators to choose between enforcing SSO-only authentication or permitting a mix of SSO and traditional logins. Bratin Saha, Chief Product and Technology Officer, DigitalOcean. “Unlike other cloud providers that gate SSO and automated user management behind premium tiers, DigitalOcean includes these capabilities for every customer. By making secure authentication and frictionless onboarding a built-in part of our platform, we help growing teams spend less time managing access and more time innovating and scaling.”
AONY Web3 on-chain identity solution integrates decentralized ID standards, AI-driven behavioral analytics that evolves with user activity, and reputation scoring to enable a trusted and transferable identity across multiple blockchains
AONY, an innovative blockchain identity protocol, is set to launch in Q3 2025. It integrates decentralized identity standards, AI-driven behavioral analytics, and reputation scoring into a unified on-chain identity solution. Unlike traditional DID systems, AONY introduces a multi-dimensional identity model that evolves with user activity. It enables users to build a trusted and transferable digital identity across multiple blockchains. The project, completed by experts from Microsoft, Binance Labs, and Tsinghua University, aims to become the foundational infrastructure provider for Web3 identity, AI-based credit scoring, and decentralized reputation systems. Key components of the AONY protocol include:
Protocol Layer: Built on the ERC-7484 DID standard with cross-chain bridge support.
AI Analytics Engine: Leveraging large language models (LLMs) and graph neural networks (GNNs) to analyze user behavior and interactions.
NFT/SBT Identity Layer: Each identity is represented by a unique non-transferable Soulbound Token (SBT).
Reputation Score System: Evaluating users across governance, trading, and social participation dimensions.
Biometric checkout is gaining momentum: forecasts see 3.5B biometric payment users by 2030 as friction‑free, phishing‑resistant login meets checkout; PayPal expands passkeys
Biometric authentication for e-commerce could be poised for growth, especially given significant security concerns about SMS and one-time passwords for identity confirmation. Federal Bank, a private sector bank in India, recently began a phased rollout, allowing users who shop online with certain merchants to authenticate their transactions using fingerprint or facial recognition. Users who have enrolled in a biometric setup process can use fingerprint on Android devices and their face on iOS devices to authenticate themselves and checkout. “Say goodbye to traditional passwords and OTPs—biometrics offer a faster, more secure alternative that significantly reduces the risk of fraud,” the bank wrote on its website describing the new offering. On the checkout screen of the partner merchant app, users choose the tokenized card from the available options and receive the biometric authentication page directly. From there, they can authenticate the payment using fingerprint or Face ID. Typical banking transactions take around 45 to 60 seconds; using biometric authentication, transactions can be completed within three to four seconds, according to the bank. Although consumers are repeatedly warned not to share one-time codes with anyone, they often disregard this advice. Making matters worse, Sando said she has been asked twice in the past few years by legitimate banks she’s doing business with for her one-time password, which is a big no-no, and has the potential to confuse customers. Employing biometrics for e-commerce transactions would make online shopping more secure, Sando said, adding that she hopes it will become the norm for e-commerce authentication within the next few years. “There are far more secure options out there” than SMS and one-time passwords, Sando said. Getting to that step is another matter entirely, however. Goode Intelligence predicts there will be almost 3.5 billion biometric payment users by 2030, but it remains unclear how quickly biometrics will be widely adopted for e-commerce authentication. In many instances today, customers aren’t required to authenticate themselves when making an online purchase, while some payment methods, like Early Warning System’s Paze require a one-time code. In other cases, customers pay with digital wallets like Apple Pay or PayPal, which already have extra security built into the process.
TruSources unveils on-device KYC platform with custom ML models performing liveness detection and deepfake identification in under 400 milliseconds without server uploads
A new startup called TruSources aims to solve some of the privacy and security challenges by performing age-verification and identity checks on a person’s device, without the person’s sensitive information ever leaving their phone. TruSources’ founder and chief technology officer, Sanjay Krishnamurthy said, his company developed a deepfake-detection app and a “know your customer” (KYC) app, which can be used to verify a user’s liveness on-device in a few seconds. Krishnamurthy says that when a user verifies their identity with TruSources, none of their information is uploaded to its servers like most age- and identity-checking companies do. Instead, TruSources’ technology relies on a custom machine learning model baked into its apps that detects patterns from an existing dataset that the company developed to spot deepfakes and false identity cards. TruSources’ technology can be integrated with other apps and websites that have to comply with age-verification laws. The technology can also be integrated into corporate single-sign-on services, which allow employees to access multiple work apps with just one set of credentials. The apps can also produce a QR code for use in the real world, such as when proving a person’s age to enter a bar without having to give over a physical copy of their identity documents. Krishnamurthy said his technology will help companies that are subject to age-verification and identity checks to be compliant with KYC rules, while both protecting those companies from having to collect people’s government-issued identity documents and preserving users’ privacy. A handful of countries have mandated that all apps need to know your age, and they’ve made a huge problem because they don’t want to take the IDs from all over the world and there’s all kinds of legal implications.