Lessons from IATA led Digital Identity Pilot with Cathay Pacific, Hong Kong Airport, Narita Airport 

The aviation industry is undergoing a significant digital transformation, with digital identity technology playing a crucial role in streamlining passenger experiences, enhancing security, and improving operational efficiency. Recently, a Pilot was conducted to assess the feasibility of integrating digital identity solutions into air travel. This initiative aimed to evaluate the effectiveness of trusted verifiable credentials bound to biometric authentication, minimize reliance on physical documents, and enhance security protocols. 

Here we unpack Neoke’s role in the pilot, key findings, challenges, and future opportunities that we uncovered, providing a comprehensive roadmap for future implementation.

Objectives of the Digital Identity Pilot

The primary goal of the pilot was to assess if the interoperability standards proposed by IATA OneID are performing. In addition, how digital identity technology could improve various facets of the passenger journey while maintaining stringent security measures. The specific objectives included:

• Seamless Passenger Authentication – Enabling frictionless identity verification at different airport checkpoints, reducing wait times and passenger inconvenience.
• Reduction in Physical Document Dependency – Allowing travelers to move through the airport ecosystem using biometric credentials instead of traditional passports and boarding passes.
• Enhanced Security Measures – Strengthening identity verification through facial recognition, fingerprint scanning, and other biometric technologies to mitigate risks of identity fraud.
• Operational Efficiency Improvement – Streamlining airport operations by automating identity verification processes and reducing the burden on staff.

Neoke’s role‍

Neoke played a critical role in the pilot program by providing the core technology that enabled the seamless and secure travel experience.

1. Secure Identity Wallet: Neoke's identity wallet served as the central hub for passengers to manage their digital identity and verifiable credentials. The wallet securely encrypted and stored sensitive information of the user, such as passport data, visa details, boarding pass, corporate ID, airline loyalty data ensuring privacy and control with consent and selective disclosure of data, accessible only via biometric authentication.

2. ePassport & Biometric Verification: Neoke's ePassport and biometric verification solution enabled secure and efficient authentication at various touch points throughout the passenger journey including,

• Identity Proofing: Passengers used the Neoke wallet to verify their identity by comparing their selfie with their passport photo and validating their passport chip data using NFC  
• Liveness Detection: Neoke's solution ensured that the person presenting the credential was a real, live individual, preventing spoofing and fraud.
• Image Quality Assessment: The wallet assessed the quality of the selfie to ensure it met ICAO standards for biometric verification, minimising errors and ensuring smooth processing.

3. Credential Management: Neoke's wallet enabled passengers to selectively share their verifiable credentials with relevant parties, such as airlines, airports, and border control, ensuring data privacy and compliance with regulations.   

4. Integration and Interoperability: Neoke's technology seamlessly integrated with existing systems and processes at Cathay Pacific, Hong Kong Airport, Narita Airport and NEC, demonstrating the interoperability of its solutions and enabling a smooth transition to a digital identity-driven travel experience.   

5. User Experience: Neoke's wallet is designed to promote trust by providing a user-friendly interface for passengers to manage their digital identity and credentials. This ensures a positive and intuitive experience, while keeping users in control of their data. 

Implementation and Execution‍

The pilot was deployed within a controlled airport environment, incorporating biometric and digital identity verification systems at critical touchpoints, including check-in, baggage drop off, security screening, boarding gates, and immigration control. Participating passengers pre-enrolled their biometric data via secure digital platforms, linking it to their travel credentials. Upon arrival at the airport, they could authenticate their identities seamlessly at various checkpoints using facial recognition.

To ensure a robust evaluation, the pilot integrated:

• Facial recognition systems equipped with AI-driven matching algorithms to verify passenger identities against stored biometric templates.
• Secure data encryption protocols to safeguard sensitive passenger information from potential cyber threats.
• Real-time identity validation using airport and airline databases to cross-check passenger details and flag discrepancies.
• Multi-stakeholder collaboration, involving airlines, airport authorities, and government regulators to ensure interoperability with existing systems and compliance with global standards such as IATA OneID, GDPR and ICAO guidelines.

Key Findings

1. Enhanced Passenger Experience
   
   • Digital identity verification reduced processing times at key touchpoints by up to 40%, significantly minimising congestion and improving overall passenger satisfaction.
   • The transition to contactless authentication eliminated the need for physical document handling, making the travel experience smoother and more hygienic, especially in post-pandemic scenarios.
2. Operational Efficiency Gains
   
   • The use of trusted Verifiable Credentials and biometric verification reduced the reliance on manual document checks, allowing airport personnel to allocate resources to higher-value security and customer service tasks.
   • Self-service biometric kiosks and e-gates improved throughput, particularly during peak hours, reducing bottlenecks at security and boarding.
3. Security Advancements
   
   • Decentralised Identity: Verifiable credentials are based on decentralised identity principles, meaning that individuals control their own data and choose what to share with whom. This eliminates the risks associated with centralised data storage and reduces the potential for data breaches.
   • Cryptographic Security: Verifiable credentials are cryptographically signed and tamper-proof, ensuring their authenticity and integrity. This makes them extremely difficult to forge or alter, significantly reducing the risk of fraud and identity theft.
   • Biometric Verification: The use of biometrics, such as facial recognition, adds an extra layer of security to the authentication process. Biometric data is unique to each individual and difficult to replicate, making it a strong defense against unauthorized access.
   • Secure Storage: Digital identity wallets store credentials in a secure enclave on the user's device, protecting them from unauthorized access.
4. Interoperability Advancements
   
   • IATA OneID, Interoperable profile Standards: Verifiable credentials adhere to open standards, such as the W3C Verifiable Credentials, OpenID standards, ensuring interoperability across different systems and organizations. This allows credentials to be used seamlessly across various contexts, including airport check-in, border control, and hotel check-in.
   • Decentralised Verification: Verifiable credentials can be verified by any authorised party without the need for centralised databases or intermediaries. This enables efficient and secure data sharing across different stakeholders in the travel ecosystem.
5. Regulatory Advancements
   
   • Compliance with eIDAS: Verifiable credentials align with the requirements of the eIDAS regulation, providing a strong legal foundation for their use in electronic transactions. This ensures that digital signatures and identity verification processes meet the highest standards of security and legal validity.
   • GDPR and CCPA Compliance: The decentralised nature of verifiable credentials and digital identity wallets supports compliance with data privacy regulations like GDPR and CCPA. Users control their data and can selectively disclose information, minimising the risk of unauthorised access and ensuring compliance.
   • Data Sovereignty: Verifiable credentials can be designed to comply with data sovereignty laws by allowing individuals to store their data in their preferred location. This enables compliance with regulations that require data to be stored within specific geographic boundaries.

Challenges and Considerations

1. Ensuring Biometric Quality While Maintaining User Experience : Downstream integrations to live systems was fairly straightforward, however strict ICAO standards for biometric images posed challenges. To improve user experience, we provided clear instructions, real-time feedback, image enhancement using AI, and user guidance. This helped mitigate issues with lower-quality phone cameras and ensure smoother verification.
2. Improving UX: Embedding wallet functionality directly into airline apps can prevent users from switching between apps. Secure cloud storage could provide offline access and backup.
3. Wallet vs. App Functionality: Clearer guidelines and consistent content are needed on which functions should be handled by wallets versus airline apps, especially for elements not yet covered by standards (e.g., terms and conditions).
4. Scalability and Interoperability: The wallet solution is designed to be scalable and interoperable, requiring no customisation for different airports and working with any issuer or verifier that follows standards like credential-interoperability frameworks and OneID. 

Opportunities for Future Implementation

To maximise the benefits of digital identity solutions and address current challenges, the following strategies should be prioritised:

• Industry-Wide Standardisation: WIth the current IATA OneID collaboration among airports, airlines, technology providers, and regulatory agencies provides continuous momentum to provide universal digital identity frameworks that facilitate interoperability across different jurisdictions.
• Enhanced Cybersecurity Measures: Implementing zero-trust security models, advanced encryption techniques, and decentralised identity management solutions can mitigate cybersecurity risks and strengthen passenger data protection.
• Scalability for Global Adoption: Extending digital identity solutions beyond single-airport implementations to multi-airport ecosystems and international travel corridors will further streamline cross-border travel and security screening processes.
• Public Awareness and Engagement: Educating passengers on the security, convenience, and privacy safeguards associated with digital identity solutions can foster trust and increase adoption rates.
• AI-Driven System Enhancements: Leveraging artificial intelligence and machine learning for real-time threat detection, adaptive biometric recognition, and anomaly detection can improve the accuracy and reliability of digital identity verification systems.

A New Era of Seamless, Secure Travel

The pilot proved that verifiable credentials and biometrics can streamline air travel, reducing friction while enhancing security and compliance. For airlines, airports, and regulators, the path forward is clear—embracing decentralized identity solutions to drive efficiency, compliance, and a superior passenger experience. Neoke is at the forefront of this shift, delivering scalable, interoperable digital identity solutions for the travel industry. Let’s collaborate to make seamless, secure travel a reality. Book a call to learn more about how Neoke can support your digital identity strategy.