Google has given Android an OpenID upgrade to make handling digital credentials like virtual driving licences much easier and more secure. With native support for OpenID standards, Android apps and services can talk the same language when it comes to verifying who you are digitally. This update uses Android’s DigitalCredential API to bring in support for OpenID4VP (for showing your credentials) and OpenID4VCI (for getting new ones issued). It’s all part of Android’s push towards using open standards to ensure you’re not locked into one company’s way of doing things for your digital identity. The most obvious use people are talking about is digital identity documents like driving licences, passports, or national ID cards. But the potential goes way further. Google expects developers to get creative, using this tech for all sorts of things you might need to prove digitally. We’re talking education certificates, insurance details, gym memberships, event tickets, work permits – you name it. And it’s not just about official ‘wallet’ apps like Google Wallet or Samsung Wallet holding these credentials. Any app can potentially become a “credential holder.” Once you’ve picked, say, your digital driving licence, Android securely passes the request over to the wallet app that holds that specific licence. That app finishes the process, showing the credential to the verifier. This method also gives the wallet app a chance to “perform any additional due-diligence steps it needs to perform prior to releasing the credential to the verifier,” adding an extra layer of checks if needed. Receiving and storing new digital credentials is also getting standardised using the OpenID4VCI protocol. When someone needs to issue you a digital credential they can use this standard. To make sure Android knows what’s where when it’s time to show a credential, wallet apps need to tell the Credential Manager a bit about the credentials they hold. This info helps Android quickly find the right options for you when a request comes in.
The OpenID Foundation to demo a secure, privacy-preserving identity that supports cross-platform credential exchange, privacy-first architecture, and enterprise-grade securitycommunity to demo digital ID interoperability, DIF Labs taking proposals | Biometric Update
The OpenID Foundation is bringing together governments, standards bodies, technology vendors, end-user organizations and technical experts for a demonstration that “proves” a secure, privacy-preserving identity is “ready for prime time.” OpenID believes the single biggest barrier to seamless user experiences is interoperability, but in its upcoming showcase three specifications – the OpenID Verifiable Presentation (OID4VP), the High Assurance Interoperability Protocol (HAIP) and the Digital Credentials API (DC API) – are unified. “It’s a real-world demonstration of cross-platform credential exchange, privacy-first architecture, and enterprise-grade security,” the foundation said. Groups participating in the demo will include the NIST NCCoE, Mattr, Spruce, Animo, and 1Password among 10 teams developing digital wallets and verification solutions. They will work with credentials based on the ISO mDoc format widely utilized by mobile driver’s licenses, and Selective Disclosure JWTs (SD-JWTs). NIST NCCoE’s mDL architecture for opening a bank account, which uses the OID4VP, DC API and HAIP specifications, will also be demonstrated during the event.
Capgemini unveils perpetual ‘Know-Your-Customer’ real-time continuous compliance sandbox automatically alerting firms to changes in a customer’s circumstances that could affect their risk profile, enabling them to re-assess their risk exposure to the customer
Capgemini has launched a technology sandbox to help financial institutions transition from static Know-Your-Customer (KYC) processes to perpetual KYC (pKYC) and event-based reviews. The sandbox, a first of its kind, provides a secure environment for firms to test and demonstrate the effectiveness of pKYC processes. It allows firms to automatically alert firms to changes in a customer’s circumstances that could affect their risk profile, enabling them to re-assess their risk exposure to the customer. Capgemini’s sandbox model is flexible and modular, allowing organizations to implement it across their cloud platforms and technologies. The sandbox is designed to meet regulatory requirements and demonstrate how financial institutions are mitigating inherent risk exposure more effectively. It also demonstrates the industry’s ability to demonstrate excellence in achieving real-time KYC requirements. Key benefits of Capgemini’s new pKYC sandbox include: A safe testing environment: a secure environment where new KYC processes, policies, or technologies can be tested without risking real customer data leakage or compliance failures. Best-of-breed solutions: integration of key components from best-of-breed RegTech solutions and accelerators. Real-time visualization: ability to visualize pKYC in action to gauge benefits and showcase the framework to regulators. Quantifiable business impact: rapid end-to-end testing of the tech stack and processes leading to much faster feasibility of the pKYC operating model and creation of the associated business case. Operational readiness: identifies operational bottlenecks and optimizes workflows to enable full-scale deployment with confidence.
Capgemini unveils perpetual ‘Know-Your-Customer’ real-time continuous compliance sandbox automatically alerting firms to changes in a customer’s circumstances that could affect their risk profile, enabling them to re-assess their risk exposure to the customer
Capgemini has launched a technology sandbox to help financial institutions transition from static Know-Your-Customer (KYC) processes to perpetual KYC (pKYC) and event-based reviews. The sandbox, a first of its kind, provides a secure environment for firms to test and demonstrate the effectiveness of pKYC processes. It allows firms to automatically alert firms to changes in a customer’s circumstances that could affect their risk profile, enabling them to re-assess their risk exposure to the customer. Capgemini’s sandbox model is flexible and modular, allowing organizations to implement it across their cloud platforms and technologies. The sandbox is designed to meet regulatory requirements and demonstrate how financial institutions are mitigating inherent risk exposure more effectively. It also demonstrates the industry’s ability to demonstrate excellence in achieving real-time KYC requirements. Key benefits of Capgemini’s new pKYC sandbox include: A safe testing environment: a secure environment where new KYC processes, policies, or technologies can be tested without risking real customer data leakage or compliance failures. Best-of-breed solutions: integration of key components from best-of-breed RegTech solutions and accelerators. Real-time visualization: ability to visualize pKYC in action to gauge benefits and showcase the framework to regulators. Quantifiable business impact: rapid end-to-end testing of the tech stack and processes leading to much faster feasibility of the pKYC operating model and creation of the associated business case. Operational readiness: identifies operational bottlenecks and optimizes workflows to enable full-scale deployment with confidence.
Google Wallet deploys Zero-Knowledge Proof age verification technology uses blockchain to process the condition (age) in encrypted form, generating a proof that can be verified by an external service through public keys
Google has introduced Zero-Knowledge Proof (ZKP) technology to its Google Wallet service, allowing users to verify their age without sharing personal information. This cryptographic technology is a significant turning point for online privacy protection, as it eliminates the risk of privacy violations and identity theft. The system uses blockchain technology to process the condition (age) in encrypted form, generating a proof that can be verified by an external service through public keys. Unlike traditional methods, the ZKP system maintains total control over users’ information. Bumble, a popular dating app, will use digital IDs issued through Google Wallet to verify their age, while the confirmation will be managed through the ZKP system. This will improve the user experience and increase trust in the platform. The adoption of ZKP technology by Google could mark a decisive turning point, attracting attention from developers, companies, and investors in the decentralized privacy sector. The future of age verification and digital identity could be marked by a greater balance between security and privacy. If successful, the adoption of systems based on ZKP could lead to a safer and more respectful internet for individuals.
Meta detects underage Instagram users with AI tools that analyze contextual clues, such as birthday wishes or tip-offs from other users
Meta is using artificial intelligence tools to identify underage Instagram users who may have lied about their age to bypass platform safeguards. The company has announced that suspected underage users will be automatically placed into restricted “Teen Accounts” even if their account lists them as adults. Teen Accounts offer a controlled experience tailored for users under 16, limiting who can interact with them and restricting certain types of content. Meta claims the shift is designed to protect younger users and promote safe online behavior. Techniques include analyzing contextual clues, such as birthday wishes or tip-offs from other users, and comparing them with the stated age. Users will have the option to contest the AI’s decision and adjust their settings if misclassified. Meta will begin notifying parents directly, offering guidance on how to talk to teens about providing accurate age information online and encouraging them to verify their child’s listed birthday on Instagram.
No-code IAM platform offers developers a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissionsNo-code IAM platform offers developers a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissions
Descope, the drag & drop external IAM platform, launched the Agentic Identity Hub, an industry-first platform that helps organizations solve authentication and authorization challenges for AI agents, systems, and workflows. The Descope no / low code external IAM platform helps organizations easily create, modify, and manage journeys for their consumers, business customers, partners, and APIs / AI agents using visual workflows. Capabilities announced include: 1) Inbound Apps, which provide every application an easy way to become its own identity provider using the OAuth standard. This allows AI agents to securely authenticate, access authorized user data, and take scoped actions on behalf of users with their explicit consent. 2) Outbound Apps, which provide every AI agent builder a secure, scalable way to connect AI agents to external tools without having to manually manage and store tokens, scopes, and permissions. Developers can choose from over 50 out-of-the-box tool integration templates including Gmail, HubSpot, GitHub, Snowflake, Slack, Notion, and Shopify. 3) MCP Auth SDKs and APIs that help developers building and managing remote MCP servers secure their systems with robust authorization controls as well as extend the MCP servers’ functionality by connecting them with multiple OAuth-based services.
BlackCloak’s ID verification tech combats deepfake-powered phishing and other impersonation attacks targeted at high-profile executives by enabling users to verify the authenticity of suspicious communications
BlackCloak has launched an industry-first Identity Verification solution to combat deepfake-powered and other impersonation attacks, targeting high-profile executives and individuals. BlackCloak’s new Identity Verification offering is the first to address this rapidly emerging cybersecurity issue by enabling customers who receive a suspicious email to verify the sender’s identity and ensure the message is authentic. Integrated into its Digital Executive Protection platform, this feature enables users to verify the authenticity of suspicious communications, providing vital protection for executives, families, and businesses. BlackCloak’s new Identity Verification feature targets phishing campaigns, such as deepfakes, by allowing the user to prompt the sender to validate that they are who they claim to be through the BlackCloak mobile app. The new feature can combat the impact of deepfakes containing the following attributes: Synthetic Media, Facial Manipulation, Voice Cloning:, and Behavioral Mimicry.
Veza’s platform can automatically scan a company’s applications to determine which user has access to what resources and visualize this information in a graph to aid administrators spot misconfigured access permissions
Veza Inc., a startup that helps enterprises regulate employee access to business applications, has raised $108 million from investors to enhance its technology. It provides a platform that can automatically scan a company’s applications to determine which user has access to what resources. Veza visualizes this information in a graph that helps administrators spot misconfigured access permissions. Using Veza, administrators could find accounts that have permission to change database settings but don’t belong to cybersecurity staff. The platform includes a search bar that makes it possible to browse user accounts with natural language prompts. In a large organization, access permissions are regularly added and removed. Administrators can configure Veza to generate an alert if an account receives access to a system in breach of internal rules. The platform likewise spots accounts that have correct access permissions, but aren’t actively used and therefore represent an unnecessary cybersecurity risk. Companies create accounts for not only employees but also applications. A revenue forecasting tool, for example, might require an account in a sales database to access the transaction logs it holds. Administrators can use Veza to find such accounts in the corporate network and remove them when they’re no longer needed.
New open-source, interoperability protocol LOKA assigns agents a unique and verifiable identity enabling them to communicate with other agents and operate autonomously across different systems
A group of researchers from Carnegie Mellon University proposed a new interoperability protocol governing autonomous AI agents’ identity, accountability and ethics. Layered Orchestration for Knowledgeful Agents, or LOKA, could join other proposed standards like Google’s Agent2Agent (A2A) and Model Context Protocol (MCP) from Anthropic. The open-source LOKA, which would enable agents to prove their identity, “exchange semantically rich, ethically annotated messages,” add accountability, and establish ethical governance throughout the agent’s decision-making process. LOKA builds on what the researchers refer to as a Universal Agent Identity Layer, a framework that assigns agents a unique and verifiable identity. The researchers said LOKA stands out because it establishes crucial information for agents to communicate with other agents and operate autonomously across different systems. LOKA could be helpful for enterprises to ensure the safety of agents they deploy in the world and provide a traceable way to understand how the agent made decisions. A fear many enterprises have is that an agent will tap into another system or access private data and make a mistake. LOKA will have to compete with other agentic protocols and standards that are now emerging. Protocols like MCP and A2A have found a large audience, not just because of the technical solutions they provide, but because these projects are backed by organizations people know. Anthropic started MCP, while Google backs A2A, and both protocols have gathered many companies open to use — and improve — these standards.