Do I Know You? Identity on the Internet and the Question of Trust
0 likes590 views
The document discusses the concept of digital identity, its evolution, and its implications for security and privacy. It highlights the challenges associated with identity verification and the need for businesses to protect user identities while ensuring consumer consent and control over personal data. It also emphasizes the importance of responsible digital identity management across various industries to combat identity crises and fraud.
Do I Know You? Identity on the Internet and the Question of Trust
- 1. Kevin Goldsmith⨠Chief Technology Officer Do I Know You?⨠Identity on the Internet
- 12. @kevingoldsmith#doiknowyou The internet has an identity problem
- 13. @kevingoldsmith#doiknowyou 143 Million Americans were affected by the Equifax data breach
- 14. @kevingoldsmith#doiknowyou 16.8 Billion dollars were stolen by fraudsters in the US in 2017
- 15. @kevingoldsmith#doiknowyou β What is digital identity? β How has digital identity evolved? β How can we use Identity in our products? β Protecting our customersβ identity Do I Know You?
- 17. @kevingoldsmith#doiknowyou Digital Identity is the sum of your characteristics and your interactions. The Internet Society
- 18. @kevingoldsmith#doiknowyou Browser Cookies IP Address Reverse Geo IP e-mail/pass User details Federated Acct Validated ID Biometric auth continuous auth Certainty Difficulty Linked Accts tracking pixel/script 2FA
- 19. @kevingoldsmith#doiknowyou Browser Cookies IP Address Reverse Geo IP e-mail/pass User details Federated Acct Validated ID Biometric auth continuous auth Linked Accts tracking pixel/script Validated ID You look familiar I think I know you If that is you, I know you I know that it is you 2FA
- 20. @kevingoldsmith#doiknowyou Good digital ID is identification that is verified and authenticated to a high degree of assurance over digital channels, is unique, is established with individual consent, and protects user privacy and ensures control over personal data. McKinsey Global Institute - April 2019 Report on Digital Identity
- 21. @kevingoldsmith#doiknowyou Identity Proofing Do you have a genuine ID? 1 Does your face match your ID? 2 Are you a real-life human? 3
- 22. @kevingoldsmith#doiknowyou Itβs not easy! Original Font Verification Pixel Tampering Invalid ID Number Security Feature Image Editing
- 24. @kevingoldsmith#doiknowyou Understand how well you need to know your customer based on what they want to do.
- 26. @kevingoldsmith#doiknowyou Evolution of Digital Identity β 1960 Time-sharing systems: Fernando CorbatΓ³ at MIT creates passwords for logins to protect sensitive documents on a shared filesystem β 1969 Arpanet: Your identity could now be a unique identifier in a network of systems β 1993 PKI: establishment of the X.509 certificate standard with RFC 1422. Created first βsecureβ Digital ID. β 2000 Estonian e-ID: One of the first large-scale government digital ID launches β 2003 Swedish BankID: Private-sector federated solution, now with government support β 2005 OpenID: First broadly successful federated identity solution β 2006 OAuth: Authentication protocol to support OpenID β 2009 Aadhaar: Indian government biometric ID extended to 90% of Indian population (currently 1.2B people) β 2012 FIDO Alliance: Establishing biometric-based authentication protocols β 2017 Decentralized Identity Foundation: Leading effort to create distributed identity solutions
- 28. @kevingoldsmith#doiknowyou Federated Identity Management Service Provider / Relying Party (RP) Identity Provider (IdP) / Credential Service Provider (CSP) Relies upon AuthenticatesAccesses
- 29. @kevingoldsmith#doiknowyou Distributed Identity Management β Users get attestations of identity from various trusted organizations (trust anchors) β These attestations are kept on a distributed ledger and are referenced by Decentralized Identifiers (DIDs) and stored in DID Documents β If a user controls access to the attestations (usually stored in a digital wallet), this is a self-sovereign identity β A self-sovereign identity is a lifetime portable digital identity for any person, organization, or thing that does not depend on any centralized authority and can never be taken away.
- 30. How can you use digital identity?
- 31. @kevingoldsmith#doiknowyou Industries that use identity today Transportation Hotels Airlines Financial Services Gaming Cryptocurrencies Telecoms Healthcare Marketplaces E-commerce Government
- 35. @kevingoldsmith#doiknowyou Store as little as you need for a short a time period as you can
- 36. @kevingoldsmith#doiknowyou Control access to personal data and log when it happens
- 40. @kevingoldsmith#doiknowyou consider where to store your data
- 41. @kevingoldsmith#doiknowyou Be aware of legislation
- 42. Conclusion
- 43. @kevingoldsmith#doiknowyou The internet has an identity crisis
- 44. @kevingoldsmith#doiknowyou Make sure you know who you are talking to and when you need to validate them.
- 45. @kevingoldsmith#doiknowyou Be responsible about how your product uses and protects identity.