CIS14: Persistent Trusted Identity
0 likes362 views
The document discusses improving authentication methods by moving away from frequent authentication interactions. It proposes using wearable devices and persistent sensing to establish trust and maintain that trust seamlessly without requiring ongoing user interaction. This would decouple authentication from transactions by leveraging trusted devices to serve credentials asynchronously. However, it stresses the importance of privacy by design to ensure user control over data and context in this new paradigm.
CIS14: Persistent Trusted Identity
- 2. Thank You 2 Consumer Authentication Today Things You Know - Passwords - PINs - Passphrases - Inane security questions Things You Have - Keys - Cards - Electronic tokens Who you are - Fingerprint - Face - Voice - Iris
- 3. Thank You 3 Biometrics are the Silver Bullet? The security world has been looking to biometrics to solve its security vs. convenience problem But, fundamental technological limitations are quickly reached The problem is further exacerbated by fickle consumers and uncontrolled operating environments
- 4. Thank You 4 Reframing the Problem We cannot completely eliminate the friction associated with fundamental human authentication processes The problem lies not just in the friction, but in the frequency: burden = friction x frequency How can we instead reduce the frequency?
- 5. Thank You 5 Changing the Authentication Paradigm The fundamental problem is now with the forced synchronicity: authentication at the point of transaction How can we decouple action required for authentication from the transaction that uses it? Redesign the system to achieve asynchronicity
- 6. Thank You 6 Seamless, persistent sensing Wearable Technology – Distilled Low power, wireless communication Fitness and health? Asynchronicity of: signals – insight – action
- 7. Thank You The Redesigned Authentication System Establish a high level of trust using multiple factors Leverage persistent sensing to maintain that trust without further user interaction Use a trusted device to seamlessly serve credentials without requiring any user interaction
- 8. Thank You 8 Identity Is Now Easy – So Now What? Authentication is not just a security problem, it’s a general identity problem By making identity easy, the scope of identity-focused applications significantly broadens Smart devices have a new context in which to operate
- 9. Thank You 9 New Context for Internet of Things The Internet of Things is about persistent connectivity and sensing Sensing can provide situational context to make smart things smarter But, where user interaction is involved, identity is the ultimate context
- 10. Thank You 10 Privacy Must Be At the Forefront Privacy is not about secrecy: Privacy = Control By decoupling human action from authentication, greater trust us placed upon the system Privacy by Design (www.privacybydesign.ca)
- 11. Thank You 11 The Context for Internet of Things Identity has been the missing context for IoT devices The prospect is profound: if every device, environment, and service provider knew the identities of those nearby, how would they behave differently We are entering the era of hyper-personalization