Category: Uncategorized

Making you you – A question of Identity

The Economist | Making you you https://www.economist.com/node/21755427?frsc=dg%7Ce

An intriguing question, who defines our identity. Is it the certificate we may or may not have been issued to our parents at Birth, assuming some entity has that role? Who is this entity with the right to guarantee you are you or I am Philip?

When we hear of the challenges some must deal with in order to vote, we quickly realize it is others who hold the ability to define our identity or for that matter alter or erase our identity.

This article explores the history of systems developed to create means of linking an individual to the assets, obligations and rights they possess. What is clear, it is another who defines and establishes societies means of establishing your identity.

As we move into the world of virtual identity there are those who are and have sought to assume what often was the role of the village elders, the church or most often the government.

Are we the people comfortable with these technocrats, in it for profit, becoming the ordinators of our identity? Clearly advertisers and those seeking to take advantage, happily collect data about us and will happily use this data to push us to buy what they want to sell or take advantage of us in ways we may not be able to recover from.

For those of you incline to think about the question of identity, I recommend reading what The Economist has to say.

of Identity and Authentication in a Connected World of things.

Various engagement and conversations pull me into thinking about the realities and the necessities, of this emerging world of connected people, objects and thoughts.

Looking back, this topic has been part of my life since 1982 when I was first introduced to the concept of a smart card. At that time we spoke of using the smart card to securely configure a trading deck on Wall Street and in the City of London. The goal securely and automatically configure the voice, video and digital support a particular market trader.

In 1993 to when I was tasked to drive the development of EMV, we could have talked about the fact we were creating a means of secure digital identity. A trusted Identity document based on the trust that existed between the cardholder and the financial institution.

Instead We talked about:

  • Card Authentication “the CAM” now Data Authentication to assure the card was unique and genuine.
  • Cardholder Verification “the CVM” to verify the right user was presenting the card.
  • Card risk management to allow the issuer to support authorization in a offline world.
  • Should we include an electronic purse to support low value transactions?

Today the Debit card could easily be enabled as a secure means of digital identification, with the Financial Institution being the trusted party. Simply knowing the public key of the international or domestic debit card payment scheme allows the party reading the card will know the person was issued this card by that financial institution.

While we in financial services focused on our requirements, the telecom industry was working on the SIM & GSM specifications under ETSI leadership. They created another form of Secure Digital Identity. They focused on securing the identity of the communications channel and were less worried about making sure the right consumer was present, although there is the ability to allow the user to lock the SIM and now even the mobile phone.

2013 I had the opportunity to join the FIDO Board. Within that body, the objective was to separate the concept of identity from the act of authentication. It works from the premise that as digital relationships expanded, the use of passwords and PINs are becomes an issue. The FIDO Alliance also recognized that the only way to secure our digital world, like we secured payments and mobile communications was with the introduction of multi-factor authentication rooted in the belief that the first factor had to be “what You Have” a secure element / enclave, TEE, TPM … capable of generating and or storing secret (symmetric) and private (Asymmetric) keys unique to the object and more importantly unique to the relationship.

Clearly identity and authentication are essential to secure relationships. And, in a digital world, communication is the mechanism that connects people and things together.

Helping consumers manage their relationships assuring privacy is an interesting angle. If I am understanding your platform, at least at the level of the subscription for telecommunications services this you are helping to manage.

Anyway. Back to the pitch. I would like to see about scheduling another conversation and figure out if there is anything I can do to earn an income and create revenue for you.