In the first two articles of this series, we outlined a future where trust is built directly into the digital ecosystem as a Layered Trust Stack, where identity, attestation, and verification form the trust-fabric of the network. But architecture, for all its elegance, does not by itself change how the world works. People do. The true measure of a trust fabric is not just whether it satisfies a cryptographer’s rigor, but whether it is not overly invasive, and makes the digital world feel natural, intuitive, and safe.

This final chapter explores the experience of inhabiting a world where the network is aware of who is who, and where trust is no longer a burden of extreme caution we carry, but a property of the environment itself.

When security becomes ambient

Today’s digital life forces the average citizen into the role of a part-time forensic analyst. We are expected to scrutinize URLs for random misspellings, sniff out phishing attempts in our sleep, and manage a large, ever-expanding library of passwords. It is an unreasonable expectation -- the equivalent of asking airline passengers to inspect the jet engines before boarding their flight.

In the future, we envision that the burden shifts. Security becomes ambient, like electricity or clean water in that it is always present yet rarely noticed. By moving the heavy lifting of verification to the Layered Trust Stack, trust becomes automatic and identity becomes verifiable rather than assumed. We shift from a world defined by "more security" to one defined by "less anxiety."

The end of second-guessing

Consider the phone call, a medium currently mired in a crisis of legitimacy. Today, even "verified" caller IDs are exploited by fraudsters. But in trust-fabric-enabled architecture, the network verifies the caller’s Decentralized Identifier (DID) and the device’s hardware attestation before your screen flickers to life. You are presented not with a string of suspicious digits, but a human-readable assurance:

Verified by: Trust source with hardware-backed identity.

If an attacker attempts to spoof the call, the network silently discards it. Your phone never rings.

This logic extends to the "Internet of Things." Currently, we trust devices based on brand reputation or a hope for the best. In the future, every device -- from a heart monitor to a smart thermostat – could present a digital "health certificate" via the Remote Attestation Service before it is allowed to communicate. If a device has been tampered with, the system isolates it in near real-time, alerting clinicians before the patient even senses a glitch. Security operates continuously, quietly, and proactively.

The telco blueprint: Building the backbone

For the Layered Trust Stack to function successfully at scale, telecommunications providers must move from being bandwidth providers, to assume the responsibility as orchestrators of digital trust. Such a transition requires a significant retrofitting of the global communication stack.

First, carriers, or telcos, must bridge the gap between mobile identity and the broader Internet by integrating eSIM and SIM-based identities with decentralized identity frameworks. Then, carriers can act as a root of trust that follows the user across every app and service.

Second, the core telephony infrastructure, specifically the aging IMS/SIP layers, must be upgraded to support cryptographic identity and attestation. This ensures that "Verified" caller status is a globally signed certificate that remains valid even as a call hops across international carriers.

Finally, by deploying Network-as-a-Service (NaaS) APIs, Telcos can enable enterprises to enforce security policies directly at the network edge, ensuring that an unverified device is blocked before its first packet can reach the cloud.

A world without passwords

Passwords are the fossils of a pre-attestation era, persisting only because we haven't finished building their universal replacement. That alternative now exists.

In the new ecosystem, authentication is rooted in FIDO2 passkeys and Verifiable Credential (VC) wallets. Logging in becomes as simple as a biometric glance. Inside the enterprise, the transformation is even more stark. Employees no longer juggle VPN clients or SMS codes; they authenticate via their DID. Onboarding a new hire -- a process that currently takes days -- shrinks to minutes. Security, long the "Department of Thou Shalt Not," becomes an enabler for productivity.

The most profound change, however, is not technical, but psychological. We currently operate in a climate of persistent suspicion and fear. The promise of a secure-by-design internet is the ability to flip this default mindset. The new mantra becomes:

If it has reached me, it is trustworthy.

Our perspective: A vision for 2030

The secure user experience is not about adding security steps and friction; it is about removing them. We propose three actionable steps to achieve this goal:

  • Zero-touch provisioning: Reduce employee and device onboarding time by 90% by replacing manual credentialing with automated DID and hardware attestation syncing via carrier-integrated eSIMs.
  • "Silent" perimeter: Achieve a near complete elimination of user-facing password prompts by transitioning to FIDO2 and VC-based authentication as the universal global standard.
  • Authenticated interoperability: Ensure that 100% of IoT and API traffic is backed by cryptographic certificates rooted in hardware, making impersonation and spoofing technically impossible within the network fabric.

This is the world we must build: a digital ecosystem where trust is not something users must evaluate, but something they can assume.

CGI's communications and media expertise

CGI brings deep telecommunications, security, and systems-integration expertise to help service providers and large enterprises build high-assurance digital networks that reduce fraud, strengthen identity, and increase user trust across every channel.

About the authors

Dave Richards: Dave is a visionary in the field of communications and technology, currently serving as CGI Vice-President and global industry leader in the communications and media industry. In recognition of his vast contributions, CGI honored Dave as a CGI Builder Award in 2019, a testament to his dedication and commitment to excellence. His passion for driving innovation and transformation in the industry continues to inspire those around him, to this day.

Yajnavalkya Bhattacharya (external author): Yaj Bhattacharya is an Enterprise Solutions Architect and Cybersecurity Strategist with 30+ years of experience. He helps organizations modernize enterprise architecture by aligning integration, managing risk, and ensuring compliance to build secure, resilient digital ecosystems.

For more information on CGI’s security services, contact us.

 

References

  • W3C. Decentralized Identifiers (DIDs) v1.0. World Wide Web Consortium, 2022.
  • W3C. Verifiable Credentials Data Model v1.1. World Wide Web Consortium, 2022.
  • FIDO Alliance. FIDO2: Moving the World Beyond Passwords, 2023.
  • NIST. Digital Identity Guidelines (SP 800-63), U.S. National Institute of Standards and Technology.
  • GSMA. eSIM Security and Remote Provisioning Architecture, GSMA Specifications.