New methods for assuring digital identity and authenticity

Digital photo editing tools and computer-generated imagery have been used for years to render realistic but artificial visuals in movie-making, advertising and science. High-end tools used by talented individuals entertain and educate us, as we know and accept that what we are seeing is an artistic creation. 

The proliferation of generative artificial intelligence changes the landscape. Synthetic visual and audio content is now being created by anyone and showing up anywhere. With deepfakes, bots and scammers, digital identities and information are increasingly easy to falsify. The growing challenges in proving someone online is who they claim to be ​are driving escalating demand for foolproof identity verification. Quietly, a new layer of defense is taking shape — anchored in hardware-enforced trust, content validation and system-level assurance to ensure authenticity where it matters most.

The request is coming not just from average people who fear being tricked, but from legitimate content creators who want the public to trust their work’s authenticity. Whether it’s a video on social media published by a well-known journalist or a fraud alert from a bank, businesses must be able to ensure their content is legitimate and trustworthy. There are a few emerging ways to approach that.

An evolution for app stores

A primary source of suspect content comes from apps. Millions of them are available through app stores. While users tend to trust what they download from these platforms, such blind trust is increasingly unwarranted. Persistent threats from sophisticated malicious apps and identity fraudsters using fake developer and/or user accounts are compounded by the sheer scale of app submissions to big platforms like the Apple App Store and Google Play Store. While Apple and Google want to control what software runs on their devices, there is both an economic need for app developers to avoid or minimize ‘friction’ and increasing regulatory pressure around protecting users’ data security and privacy.

For instance, the European Commission is already imposing regulatory change through its Digital Markets Act. The Act requires smart phone manufacturers to allow users multiple sources for downloading software onto their devices, paving the way for alternative app stores. We have long been doing that on laptops and desktops, and living with all the associated dangers and malware. Smart phones have been the anomaly of a ‘walled-garden’ that is now disappearing. 

As new app stores proliferate, there will likely be some with a greater focus on security, privacy and trust. Of course, giants like Google and Apple may also strengthen their app provisioning security. Greater transparency into how apps are sourced and distributed is needed ― for example, to verify how app developers handle user data and how users can be sure they are downloading the most current legitimate app version vs. one that is heavily modified. 

Strengthening the digital watermark

That is driving a modern twist on a traditional practice. Both visible and digital watermarking have long been used to claim ownership of print, audio and video media. However, digital watermarks can be changed, removed or even copied by those who know or can figure out the algorithm used to create them. Stronger digital signatures are now needed to validate who generated content or if it has been modified. Those signatures are only effective when anchored to the most powerful cryptographic foundations, such as those traditionally used in military or financial transactions. 

Advanced verification technology already used in passkeys and a few leading social apps enables military-grade, quantum-safe encryption and digital signatures to protect user data. Implementing such new capabilities more broadly will provide assurance to help users know which apps and content they can trust. For example, the Coalition for Content Provenance and Authenticity (C2PA) publishes Content Credentials that provide an open technical standard for publishers, creators and consumers to establish the origin and edits of digital content. This open-source mechanism brings watermarking to digital content, to indicate ownership, prevent unauthorized use and establish authenticity. 

The most accurate form of authenticity

Finally, behavioral biometrics is gaining ground as a way to definitively anchor identity to devices. This technology continuously monitors an individual’s actions in the background to build a profile of the way each person interacts with a device or machine -- for example, how someone types on a keyboard, holds a phone, swipes a screen and more. All of this provides a unique biometric footprint for every individual that cannot be impersonated by a cyber adversary. Because authorization is continuous, behavioral biometrics constantly checks the known footprint to ensure the same user is interacting through a complete session. The technology is moving toward mass adoption, especially with finance and e-commerce enterprises that are integrating it into zero trust and other security models. 

All of these innovations reinforce a clear imperative: as identity assurance intersects with system assurance, secure, trusted pathways between users and the services they rely on are no longer optional. Authenticity and provenance must be enforced both at the application level and at the system level so agencies can be confident that user identity and the identity mechanisms themselves are genuine and trustworthy. The future of digital trust won’t be secured through policy alone; it will depend on systems architected for assurance from the ground up, where hardware-enforced integrity and verifiable authenticity are not features, but foundations.

Ralph J. Spada is a 20+ year veteran in designing and deploying DoD-grade security solutions. He has architected four generations of secure processing products across the Defense Industrial Base, from low-SWaP systems to enterprise-class platforms requiring high-level Anti-Tamper and Cybersecurity. His multidisciplinary leadership spans the full product lifecycle—from system architecture, secure SoC/ASIC design and applied cryptography to full-system hardware and software qualification.