And we will be learning today from the panel that we have here. Somebody should join us. Sore should join us from, is he online? In the meanwhile, we have Stephan Wan from SG and we have Louise Cole from ata. And I hope we have ssh.
Yes, ssh. There you are. All the way from Bangalore. I think I will keep standing up if that is okay with you, because then I can also keep an eye on Shresh. Hi. Hi. So very excited to have this panel here and I wanted to start with a very quick 32nd introduction of you all so we know who you are and especially why you're so important in the world of travel and digital identity. Stephan.
Okay, something about me. I'm Stephan Schwan, head of Digital Identity at msg, and here I represent the U Consortium, which is one of the largest pilots for the digital wallet and why it's important for this session. One main case of the digital wallet is digital travel and payment. So especially what, and it showed that somebody can identify himself, get the ticket for the airline, check in, in the hotel check, do get the ferry tickets and at the end pay it, but also to get the tax return in case I just see the data at the end of the room.
So that means we combine personal identity but also organizational wallets. So the, I identified the company itself and that somebody's allowed to act for a company. And this in the, to make this happen in the uhits just in Europe and consortium contains of nearly all states in Europe of European Union plus uk plus UK plus Aruba. In this case it's led by Sweden and it's coded by mg. If you want to have more information, please look@udigitalconsortium.org. Thanks a
Thank you Stephan. I will sit down because I see so here as well. So that's a bit, a bit less awkward.
Louise, would you tell us quickly who you are, but also what IA has to do with this? Yes,
Thank you. Hi everyone, and thank you Annette for including me on this panel. ATA is the International Air Transport Association, so a a trade industry association that's been around for 80 years in a couple of different formats and it sets the international standards for the aviation community, very wide ranging set of standards.
And in my role, I have the responsibility for the portfolio of standards that relate to passenger identity data, particularly in the points of what we call passenger facilitation. And that's the point at which data needs to be exchanged between, between stakeholders and the travel and the travel continuum. So governments, airlines, and airports.
And through that we are looking to reduce the, the double handling of identity data in the ecosystem through the standardization known as the one ID program, which is looking at digital identity and verifiable credentials and digital identity wallets as a solution and industry solution to this issue. Thank you.
Thank you.
We'll, we be talking a lot more about this and more in detail, so
Yes. And amk
Great. Good to have you here. Happy you can join. Yes.
Yeah, yeah. I would allow to be there in Berlin would be my third or the fourth visit. Yeah. But unfortunately lot of work pressure here. And just a quick introduction of myself, Ann, I'm Audible, right?
Sorry,
Am I audible?
I can't, yes,
You are.
Yes,
Yes. Yeah. Okay.
Oh, so, so quick introduction about myself. I'm the CEO of Dig DiGRA Foundation, which is a not-for-profit company. And this company is basically providing Pan India identity validation service to airports across India. Currently we have gone live with seven big airports in India and we are slowly going to ramp this up so that you know, all the airports across India are covered by this ecosystem. We do follow the same standards, which I have an ID is prescribing or would be prescribing the W3C standards with the UN wallet and self-sovereign identity.
I think you'll hear a lot about self-sovereign identity from all the panel members. This, this we believe is going to be the, the one sort of solution which will help us to enable travel one And second is to also protect passenger data. I think there is a lot of concern from passengers about data privacy, data theft, data loss data, pill phrase data leakage.
And I strongly believe in the team here strongly believes that, you know, W3C standards with cell sovereign identity has the, you know, base fundamental sort of infrastructure or foundational layer to make this happen.
And we are all trying to see how we can also enable international travel. So today in India we are serving nearly 800,000 users across seven airports. And hopefully we will be crossing at least three to 4 million by the end of this year.
And yes, we want to enable international travel and by say March next year, hopefully we do also a pilot with an EU destination or any other destination. That's something which I am targeting at. And there are of course multiple use cases like Annette mentioned, hotel id, ID, validation, stuff like that. We are also thinking of all that, so I'm really happy to be here. Would I have been more happier to be there in person?
But yeah, I think this is also good enough. I'm thankful to, to cover a call for, you know, allowing me to participate.
Thank you. Thank you Shresh. You touched on interoperability already expressing the wish to be interoperable with Europe, with the dtra Stephan, what is the EU Digital Wallet Consortium doing in regard to the travel use case and how do you see the interoperability?
What we are doing is like mentioned in the introduction that to injure that the natural entity or legal entity can identify itself.
So if a post identification for the legal entity or the national entity, including the possibility or the evidence that a person can act for a company in this case. And then just to get the tickets for an air, for an airplane, for for flight. But also to check into the, to the airport and also to board the airplane at the end of the day. The same then to check in in the hotel, to pay for the hotel and to pay for the whole travel and especially for the company at the end of the day. Also to do the documentation stuff like for example, tax return or anything else.
So to implement whole value chain and to implement whole user journey, but not only in Europe.
Also to be able to, our credentials are usable not only in Aruba but also in India, also in the US or anywhere else. So one main subject is the interoperability between the different VO providers within E wc but also with the other large scale pilots. And also to enter the different relying parties. So for example, airlines or airport airports, hotels, payment providers are able to use our wallet and or to use our stations and beyond Europe, I have to say that sky team is associated partner in ewc.
And this would mean if I use the KLM flight to India, we also have to enjoy that it's possible to, to that you can use it. So this would mean we plan in ewc also inability tests beyond Europe. So to ensure that you are also able to check the stations, the PIDs, et cetera.
That is great news because the world of aviation travel and tourism is per definition international and crossing borders. Of course there is domestic, but that is a very important aspect and well there is a lot happening already in the world of aviation setting standards.
And Louise, can you explain what ATA is doing with the one ID program in particular and how important it is for this global standard?
Yes, indeed. And the aviation is one of the critical industries that you can use to, to emphasize the importance of standardization. Even in domestic aviation, it has to work the same everywhere.
It has to, it has to be consistent right down to the, the tag on your bags or the, the, the classification of the doors in case of an emergency on a plane. All of these things are highly standardized. The cargo movement of of live animals or, or medicines and aviation works because of standardization between different parties and has done so for an incredibly long time.
When it comes to the standardization of identity, we've always looked to the IKO O and the work of the, the under the current IKO facilitation and security traveler identification program, which is responsible for the standards for the passport and the iko, the international civil aviation organization is the right regulatory authority to determine the standards for government issuance of documents.
And when the IKO made the moves to standardize a digital travel credential, it did so with the interests of border and border authorities in mind, which is very appropriate.
They have a responsibility for border security for their, for their, their own individual nations. And the role of aviation in that is an interesting one because currently airlines are required by regulation to take the passport of the passenger, extract the data from that passport, either from the chip or from the machine readable zone, which they're then required to store in their system and batch and send, you touched on it, I think the advanced passenger information batch that data and send that very sensitive personal information to the government of destination.
And there's not many industries we can sit in and feel comfortable with that in this day and age with, with privacies. But the, the airlines who neither want nor need that data are required to do so and face hefty penalties if they get it wrong.
So they have a very keen interest in making this as privacy protecting as possible and looking to see how can they have standards that enable them to meet their obligations to governments and and adhere to the regulations are required for border crossing without breaching the regulations on them from the other powerful regulators in the privacy space.
How can we have our business operate and not take data that we neither want nor need and instead focus on giving our customers a great safe flight. And this has led to the one ID program behind that the data contained often within these different credentials and one id, which is looking at the passport as a credential, including the IKO digital travel credential is an attribute of that. The biometric, the, the live proof biometric presentation, attack detection, still capture image as attributes or VCs in their own right.
We are looking at how to derive trust from other authority issued documents such as visas or digital travel authorizations that are set to replace EVs in, in many states to then provide these as proofs in advance to the airline in a digital and seamless manner, in a way that enables the airline to be able to check that a passenger has all of the correct documentation for travel without having to take all of the information that they don't require. And this is what one idea is doing. And we've released two standards.
One is on that first that digitalization of admissibility and the other is on contactless travel. And this is on how to introduce a trusted biometric into the aviation system attached simply to the flight data to enable a passenger to have a contactless seamless journey through the airport. We are working to release the technical specifications or the credentials schema by the end of this month as alpha specifications.
And there are quite a few proof of concepts in planning to, to take place in the second quarter of this year.
And programs like that, which Cresh has led in dig are one of the ones as Aruba Happy flow are are the ones that we have learned significantly from. This has been a many year journey to get to this point of having the technical specifications and indeed it was a very long journey into landing on VCs as a solution to this issue. But we expect to see significant increase in the use of verifiable credentials and digital identity wallets in the travel industry this year.
And if I, if I don't wanna take too much time in it, but it goes beyond that point though. We understand that a passenger journey isn't simply checking in for the flight to boarding the flight.
Indeed a loyalty relationship can be multiple journeys and we want to see passengers being in control of their data and their digital identity wallet to purchase any flight from any airline in a way that protects its privacy protecting, but allows them to, to use their digital identity and, and be, be issued credentials, verifiable credentials to use in their, in their flight and and beyond their flight in into, into modal or or into rental cars and hotels, et cetera.
Yeah, and I'm, I think probably covers it Annette, you know, I could talk forever.
I know and you'll you'll I have more questions, don't worry. I wanted to deep dive a bit into the I K O digital travel credential cuz it is with the highest security, it's highest level of assurance. It is what governments recognize it is what you need to cross a border. Maybe it's good to say that you still need, cuz the official term is not DTC type one, as you corrected me earlier, it is the electronic machine readable travel document VC verifiable credentials. Did I now say it correctly? That's the official, please correct me.
Well the akao DTC is coming into three parts and there is three and they've be, they've become known as types, but it's it's not, it's not quite how, how they are. So you have the, the digital travel credential, the dtc, and it's a hybrid solution. It has a physical component and it has a virtual component. And when they talk dtc vc, unfortunately they're not talking verifiable credential in the way that we virtual components. Yes. It's a virtual component and all this is is simply the data extract from the chip and the passport. Yeah.
And in the first type, the physical component is the passport book itself, or more importantly the chip inside the passport book
And not the whole chip.
Right. And the virtual,
Not all the data on the chip,
Not all the data on the chip. There are some that are subject to extended access control, et cetera.
Yep. But it's an extract of the data. It's really a, it's an authorized clone of that information in a world where normally clones about or maybe a digital twin and it is bound, it is cryptographically bound as a, as a virtual component to that chip in that passport book.
Now the specifications have been out for that virtual component and it's known as an e emr, T d dtc emr, T D bound, DTC vc. Yes. Type one is easier to say. I'll give you that.
The, the second release which is yet to come is for a physical component that is bound both to the book and to another physical component. That physical component likely being the, the device secure element of the device of the, of the holder wallet and the worker's underway.
And, and there's a lot of energy going into this and there is a lot of work to be done because if we don't get alignment in the standardization, I think the presentations this morning touched on it.
Yep. And I think many in the room will, will know what I'm referring to, but there are some really critical issues coming where we could end up with different states with different implementations. Yes. Much like we saw in the pandemic with different states using different technical specifications and approaches for the vaccination certificates.
And we know the interoperability challenges that gave us in international aviation perhaps more than in other places. It hit us very hardly. And we need to learn from those lessons and make sure that, because anything we do in the digital identity or the passport space is going to last far longer than, than the pandemic did and the use of our vaccination certificates.
I see Stephan nodding and of course the eu, the E U D I wallet will have the pit as its core, the personal identifiable data. But how does it, how is that then, how should we see that in relation to travel crossing a border?
Is it like a DTC or will we have the DTC also as a component in the, as a separate credential?
It lets me a little bit to a legal question, which we might have currently here. The wallet is binded to P I D P I D for natural entity or legal entity typically for natural entity. This means the p i D here is similar to my I I D card. And then we have the situation, for example in Germany, but also in other countries there is no legal obligation that they have an e i D card. But there are many people who have a passport because they want to travel outside eu.
They, I need a passport. And the question is a little bit, how do we solve this in the I two if we say you get an vol and you have to have a pid, in this case, an European law would set the, the natural legislation under pressure to change their, their laws, which is typically not doing.
So this is the, might be a, a small, there might be an issuer which should be solved as soon as possible in this this case because a passport as, as you, you said, is digital travel credentials.
It would mean from ida's point of view, it's an ation qualified or non-qualified, which gives additional information during the pid. So the PIDs, the cation of the person and then have at station qualified or non-qualified, which could be for example, to show have credential like the, the passport, which could be a ticket, which could be a, a payment credentials. But also if you don't go in, in the travel sector, it could be also my diploma. And this is something which we should solve in the e IDAs world as soon as possible.
Because in the existing world, I have my passport and I have, and I can can use this passport everywhere where it's, I'm allowed to to to, to go with my, with my passport and I'm not forced to have an E ID card.
No. So in this subject should be solved in E it's so in the bullet consortium, we also don't know how to solve it because it's, we can't always offer technically, but we can't, can't solve it legally.
And concerning the standardization, I only can agree we have to entere that the standardization work, which is already done in or other organizations is harmonized, which with the standardization, which is done in ETK or because implementing acts of the U typically reference European standards. Yeah.
Which means ETK and in this case it would be helpful to have a close collaboration in this subject of that we adopt those, those standards that they may be referenced by implementing X because in this case they will be the defacto legally compliant and we don't develop a supplement route. So it is should be, this should be injured and only a last word on the P I d. We should also just think about maybe it's also something for, for yata that we don't bind ourselves only on the mobile wallet because in company MSG we are 10,000 employees.
We want to give everybody an extra wallet in MSG Kate. It could be a good sales case for the, for the wallet provider, it might be a cloud wallet in this case. And also concerning the security to use the possibility which we have in the, that we also may rely on an external HSM because in this case we don't have to trust on non-European hardware. So it would enjoy the data serenity,
Exciting and crucial times.
And like you said, if we don't meet up and discuss and share insights and learn from one another, we're taking one may go to the left and the other may go to the right and you, we will not find each other. We will not be interoperable.
So Resh, I was with you and the whole ATA working group in Bangalore in 2019 where you showcased us, the dtra and so you have a lot of experience by now. So I have two questions for you.
Yes, please. How do you establish the identity in DiGRA? If you can go into a bit of detail there and a bit of the user experience and what are your lessons learned for us?
Yeah, I think interesting lessons, you know, that we have learned. Should I just make a presentation? I have a few slides which I can showcase. Should I do that now or should we just maybe just
Do if you yeah, if you have one or two slides that could help to showcase how the DGR try make it more visible, how the DiGRA works
And yes, of course there is a detailed slide which I'm going to share with all the audience as well. It could be downloaded later on, but I'll just quickly try to bring in the perspective why we began this journey.
And as you might be all knowing we are a market which is a growing aviation market and in the next couple of years we would be the third biggest aviation market and lot of traffic that our airports are seeing due to all the manual processes that we have at airports. We had various friction touchpoints at, at the airport and we began to think as to how we can make this whole journey through the airport checkpoints memorable process, right? And that's the vision of the Gira to give a complete walk in the park experience at airports and post pandemic.
We said yeah, this process does not require any, I would say interaction or exchange of documents.
So it becomes a completely health risk process. And obviously we also get a lot of data in terms of, you know, strategic planning, tactical planning, et cetera. So this is what our vision and objectives were and we took a long journey. I would say we started in 2015 with a concept in 2017, somewhere early 2017 in January we put a pilot together, we showcased it to our ministry of civil aviation.
And that's when the actual, the Gira process, you know, took a structured sort of an approach with, you know, a Pan India sort of a committee being formed with airport CEOs and a technical working committee. The whole initiative is led by the Ministry of Civil Aviation and we did various consultations over one and a half years and post that, you know, we came up with a policy as to how passengers get processed through airports in India.
And this is something which needed an entity to sort of, you know, build, operate and maintain this ecosystem.
So we found the, we formed the DiGRA Foundation, which is a not-for-profit company and it has partnership or shareholding of five public-private partnership airports and one government run airports authority of India. With this we began and then we were going to implement something which was a centralized architecture.
However, what also happened is the pandemic hit us and at that time airports were not very keen to spend too much money and due to which we had to sort of, you know, go back to the drawing board I was part of, I am part of the ATA one ID earlier, the advisory committee and also the now the task force.
And ATA was discussing or motting the self-sovereign identity piece and which we immediately took up and we said that okay, there is no need to build a central ecosystem thereby there is no risk of storing data centrally and also not having the risk of, you know, data loss half leakage or pill fridge.
And what we did was we ran a startup challenge to build this ecosystem and one of the Indian startups has actually built this ecosystem now on W three C standards and using the wallet we use hyperledge.
And from 1st of December we launched at three airports, which are the three big or two big airports, bangal and Delhi and Varanasi. So these three airports launched and then now from March 31st onwards, we have also launched at four other airports, hasta and Pune. So with this seven big airports across India have actually started using Vira. We are saying we are seeing, you know, in the smaller airports we are seeing nearly 40 to 50% adoption in the bigger airports we are seeing close to 10% sometimes touching, you know, 12, 13% of adoption. And these are early days.
And as the whole ecosystem evolves, we hope to see, you know, at least by another year we hope to see at least 30 to 40% of adoption levels.
Sorry, I just take a minute or two more. And the process, I think like Annette mentioned, it's mobile app based process. You have on the I app store and the Android play store, download the app. What we do is we connect with a central, what we can say, government repository, which is called as aha, where you got 1.3 billion biometrically authentic database.
We use that as the starting point and we create the verifiable credentials and all the data sits in the passenger zone smartphone in a smart wallet, which is as per the unison wallet standards. Once the identity credential is created.
This is, this happens with the use of a selfie, which is matched with the government issued identity reference phase. We also have the option of creating the health credentials in case it is required right now, of course not of any use, but then it's an optional thing today.
But health credentials also can be added. And then whenever you travel, you upload your identity or other the travel credentials, which is your boarding pass and that's where your journey begins.
And then post that from intricate to boarding gate, we have a completely sort of a seamless process where, you know, your face gets captured by the eGate and matched with, you know, whatever data you have shared. And then going to what we want to actually achieve in the future. And as also panelists have already spoken, Stefan especially was speaking about how do we make the whole economy work for not just our travel at the airport but also for the other segments, which is the hospitality industry where, you know, at, at the hotel you might want an identity validation to happen.
So we want to create the central ecosystem as the travel stack of India where all identity validation requirements of the passenger or the customer happen in a seamless manner with minimal, you know, data being shared.
And we can actually move towards something which has been doing the rounds in terms of discussions of a zero new knowledge proof validation. We could do that.
But yeah, I think these are early days for zero knowledge proof validation. But yes, I think the ecosystem is built so that, you know, it can adapt to that as well. So we want this to be the travel stack of India and eventually of course payment gateway, everything can actually get integrated to this.
And we are working closely with ATA to see that, you know, there is this piece of interoperability where we are able to, maybe in the future there will be a governance framework that will be created where onboarding of verifiers issuers and interoperability between various countries happens in a seamless manner, in a controlled manner. So this is what I would like to leave on the table. Thank you for, you know, letting me indulge into our journey.
Thank you Cresh, with quite a few years of experience.
You've learned a lot and the aha is the foundation nice that you see the AHA being used now for a national travel credential and we, these past few days, in the next few days, we are talking about wallets. Is there there, Louise, if we talk about wallets and everybody, is there going to be several wallets? How many wallets a hand back with wallets in it we just talked about?
Are there any wishes you have from a aviation industry perspective, from the one ID perspective that you have, what the, what should the wallet look like for you to be ideal to be used if I travel from Bangalore via Paris to New York?
That's a, that's a great question. And you know, I'm not gonna answer from the industry perspective.
I'm, I'm gonna answer from, from the traveler perspective, from Louise. I know I'm not every customer, but certainly I think about it for myself. I I often say I'm in this, I'm in this business because I love traveling and I hate cues, so I wanna make it as quick as possible to get from get onto that plane. And for me it would be the, the, to me, I, I think the best way as regular consumer would be to perhaps not even realize there was a wallet at all.
That it was something intuitive.
If we look at how quickly contactless payment came into being at the early stages of the pandemic, how quickly we went cashless. And most people didn't give an awful lot of thought to the technology and the security and the implications and the standardization that go behind contactless payment. They just accepted it as more convenient and they trusted it because the government seemed to be saying it was okay too.
And I, I think that this is where digital identity wallets will end as well is at the moment, the people who care about them, many of them are at this conference right now for the, for the traveler and the traveler and me, I want to just be able to do my business where I do my business and whether I manage my booking through my travel agent app like a Expedia or something like that. Whether I manage my booking through an Alliance, star alliance or someone like that, or whether I manage it directly in the airline app, air New Zealand app, not that I've applied in much in Geneva.
The I want to, I want to be able to do it from there. I want to be able to manage my travel
Check in online. We'll actually check in is something we're doing away with. So I won't say check in online. I wanna prepare for and manage my flight and every step of my journey and the app that I'm most comfortable using in a clean and intuitive way.
And knowing that that can, the app can automagically pull what it needs at different points and I can see what it is, I can see that, oh, okay, I'm in the airline app, but the airline's saying I can collect with Bangalore airport in advance in order to enroll my, my biometric and, and some of my boarding pass credential data so that when I arrive I can just have a, an expediated process through arrivals or for when I'm departing again, et cetera. And, and, and for me as a consumer, I think that would be what's best because ultimately I think the most people don't think about the wallet.
They think about the interface, they think about the app. Yeah, I will say that nobody wants another app and I think most airports know Cresh, my my good friend that airport apps are are one of those ones that have been tried over the years. Yep.
Nope, nope. Nobody wants another app.
No, yeah, no, exactly.
They, they want the app that they're comfortable using for the transaction that they need to engage in and,
And yeah, but how do you, so we feel comfortable using to pay payment right now. We don't even think about it.
It's just, it's just comforting, comfortable. But Stephan, how do we create the trust because then we will be sharing biometrics and passport data and how do we, will we convey, we will ask consent.
If you, if you look at the EU wallet, of course it's a gdpr, it has to be GDPR compliant data privacy, data protection standards. How do you see that in, what is the ideal for this? How do you get, because that means that the uptake of usage will be high.
Yeah. Yes. Can't speak for India. So maybe then other click can, can can, can take over afterwards. But inside the European Union, the trust due the fact that the is issued by member state on behalf of member state or certified by member state.
And it will be certified against European standards by and authorized conform here, assessment body. So at the end of the day you have a little bit like a trust chain. So I can trust in the water because it was issued by a member state, it's certified by, by a cap. And it's based on European standards and it's based on a European law. This is the first one. The same for the P i d, it has to be based on an A notified E I D scheme. There we have this peer review that is really secure, et cetera. They have another trust chain.
And for the stations and signatures, et cetera, we have to qualify trust service providers to, they will be certified by a certain conformity assessment party against European standards. And according to 13 of they are fully liable. And the evidence that it didn't do any mistake is on the side of the, of the QTS TSPs. Yep. So this means as long as we look as we are binding on the Q TSPs, on TSPs a little bit lower, we have this trust chain within within Europe, which gives us the possibility to shift to risk a little bit to the TSPs and to the bullet providers in this case.
And to make evidence that this ation is really coming from this organiz from this organization. And it would be helpful if we could enter this for the rest of the world to maybe using same standards as worldwide.
And there might be one open question, which is not really, I think not relevant for the digital travel, but for the rural success of the digital wallet, how do we injure that? We can verify our ations, ours in 10, 20, 30, 40 years. We know how to do this with the PDFs. We know how to do this with the signatures.
How do we enter this with our bio fiber credentials in 10, 20 or more years? It's not really for, for the passport. I change after every 10 years. So it's not really for the, for the traveler, but if we come from travel to documentation requirements and payments, there might be some issues we have to solve.
Yeah, but I hear you saying if it's issued by the member state, so being that government issuing it, that will help give trust. Of course it's not only going to be government
Should be always from a European point of view, I have to say European, yeah should be always a government governmental trust anchor because a private company may decide you don't get the wallet or you don't get this PI idea. A government is binded on the law.
And I think the example of Switzerland some years ago, where had they had this referendum on the, on the road, on the E I D and in the first step it was not a governmental trust anchor and we all know the result. Now it's a governmental trust anchor. Yeah. So from a European point of view, have to say it should be always a, a governmental trust anchor.
Yeah, that's a very clear and clear, clear idea of how to gain the trust. I'll get to you, but I wanted to ask, don't worry, Sosh, ADHAR is the basis, so, and adhar is, is how, how old is AHA now?
10, 15 years? I'm not sure. So is that, and as that is the basis for the dtra, what is your experience? Is that automatically that your passengers trust the DTRA and the Yes,
It is. So that's the only way we allow people to enroll into our ecosystem. And Adhar can actually, so we have in India, we have actually created an economy, an API economy I would say, where lot of services you know, are tagged onto the adhar. So your income tax certificate for example, everything goes, even your passport issuance, you know, in one way it gets tagged to aha, your AHA number itself.
And this API ecosystem has been helping a lot of, you know, or preventing a lot of leakage of funds, you know, which are, for example, even farmers, they are able to get funds directly into their bank account rather than, you know, a manual process where, you know, there could be potential revenue leakage. So for us, I think the trust player or the, I would say we, we are completely building it with ADHA as our starting point.
And as we build into the rest of the ecosystem, the airports are ones which we are controlling.
So the DiGRA foundation decides as to who are the airports who want to get enrolled and you can't have any other verifier just like that. So there is a process which has been set up, there's a committee which reviews these requests and then on boards verifiers, and of course when it comes to interoperability, obviously we will bank upon ATA to sort of, you know, start setting those standards so that we can start to do this interoperability with, you know, other nations as well. So that would be a global sort of a governance framework that would have to be created.
Yeah, so for us, I think it's been going really well. We have a controlled ecosystem as we speak, but as we expand, I think I would agree with Stefan here because as we expand the realm of, you know, utilizing DiGRA credentials, it would actually mean that, you know, I will allow a hotel to become a verifier or I would allow a two operator to become a verifier. And that's where, you know, you need to be very sure as to how you have these entities onboarded.
Yeah, it's it's expanding. Yeah. Because it is everybody's used to, used to using it and there is the trust.
Yes, yes. Louise, you wanted to respond?
Yeah, of
Course. A couple, a couple of points. I think one, just on, on the trust anchor, I'd say industry would agree the the anchor of trust should always be an authority issued identity token, be it the passport, a driver's license or the pit or the dtc, that that is absolutely required.
However, there are less risk use cases where a digital identity could be created, enrolled and used based on a other, and, and I say this for domestic travel use cases, that there can be the opportunity to enroll. So you can have all of the benefits of the seamless service at different touchpoints that are not as high risk throughout the travel process. And that is an important aspect here too.
So the risk of crossing a border or entering from landside to airside through the security access gates are much greater than biometrically entering the first class lounge when you are on a, on an economy class ticket.
These are, these are use, there is some tolerance for risk and the use of the biometric data in, in, depending on the, the transaction involved. The second, the second point that I think you are a little bit alluding to in the question, but I might be wrong, and it's around the trust and biometrics.
I think the use of biometrics within the, the digital wallet use cases that we have for travel and tourism are significantly more secure than those that exist without that.
In centralized databases and biometric hubs that are used in, in persistent centralized identity information, persistent biometric databases in industry, this is a very alarming and concerning situation and one that we are trying to ensure we protect the industry from going down that path and, and, and prevent the, the collection of mass amounts of biometrical other sensitive data by industry in an attempt to, to streamline things. Because this technology allows us to not do that. In terms of the customers themselves, the ATA global passenger survey, it happens every year.
It's about to be released in a few weeks. I'll share it on all my socials, please fill it in. I have direct KPIs connected to how many survey responses we get. So looking at everyone in the room, shameless plug.
And then we asked the same questions with a few tweaks pretty much year on year in and out. And we saw pre covid, post covid a massive increase in the amount of people that are prepared to use their biometric in order to, to facilitate processes have contactless processes was 83% last year. And that is quite a significant uptick.
Same with using digital identity technology to facilitate the mundane transactions that happen at an airport in advance. The, the pandemic and the use of the verifiable credentials that were around for the covid certificates and for the contactless payment, we believe have significantly increased the trust of customers. And more than that, our customers are going to soon start demanding the industry, make this easier.
And that is absolutely, I've been following the, the passenger survey for a number of years now, and this is just increasing however we get to these difficult different jurisdictions in the eu, proportionality is, I see Stephan laughing. Yes, yes, sir. Is a very important topic. You have to comply there.
It's, it's a bit of a gray area. So whether it's for the first class lounge, you can use biometrics or border crossing, there is quite a difference. But if we talk about a global ecosystem to use credentials, verifiable credentials in aviation for travel, for tourism in other jurisdictions, there is maybe a very low threshold for proportionality. So how would you, how would you see, we have three minutes but Stefan, how I saw you reacting it is from a European perspective, it's very, it's, it's a hot topic.
It's really hot topics of, from European perspective, I look because biometrics is special personal data according to our ticket 29 and 35 of gdpr, which is always difficult if I, if I kept, if, if I get such data, if I submit such data. So if we could have the authentication in another way, then biometrics will make it much easier to adopt the digital wallet and to to, to implement it. Because in this case I don't have this big GDPR issue. So install customer authentication, we also could do with an two factor and it depends on which two factors you use to that.
We don't have the, the, the, the hurdle for the, for the, for the, for the user. So just to use maybe, maybe a bin and the one-time password or in lower cases, why not? But in this case, I don't have the biometrics. If I use biometrics
Looking
At our clients in hack related industries, it's a no.
Yeah, because we have special personal data according to gdpr, end of the story.
No, it's a very, and this is very,
So it depends a little bit on the jurisdiction. Yeah. Which means the U bullet should be able to provide biometrics if possible in the jurisdiction and use other authentication measures if the biometrics are not possible. And in this case it's possible to use it in more cases.
Yeah, very. You wanted to respond Luis, very quickly. We have a minute and a half and I want to, we'll, we'll fight it out over a beer. This is an interesting topic that for sure is not yet concluded here. I see. Are there any questions from the audience?
Have question, a question from the audience. The question is, how will contactless travel be affected by the one on remote biometric identification that is being discussed in the panel, in the contact of the artificial intelligent act at the moment?
Ooh, who wants to take it?
It's an interesting one. It
Would say, yeah,
If you speak about the, the identification using artificial in intelligence, we come to the security issues and the security risks of such identification processes. And in this case, I just refer to a session of Anisa, especially on attack scenarios, on such identification procedures. And I just recommend to look in the procedure, in the proceedings of this conference, there are the, the person will get as much or as many information as the person wants to clarify the question.
Thank you, Stephen, is there any question here in the room to close the session?
I might just add add.
Oh, I'm sorry. I'm sorry.
No, no, that's okay. I I I think that there's a, a lot of areas of risk cuz this is still very new technology and I think everyone needs to be aware of that and as, as I'm moving through into implementation and that the same could be p asked around post quantum cryptography and, and what are the, the risks are in, in the, in the public key infrastructure in a, in a post quantum world. So there's, there's certainly not without things and it is important for the community to continue to make sure that work is being done to look at these risks even if they're not a current reality. Thank you.
I think, oh,
If there, is there any question in the room to close the session before we close? No, thank you so much for your participation. This panel was great. Thanks a lot. A round of applause for the panelists. Thanks to our speakers.