This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Have you seen the movie Ex-Machina? It’s a fascinating journey through the life of a reclusive Silicon Valley billionaire, and examines artificial intelligence (“AI”) as manifested in a very engaging robot. The plot explores the 1950 Turing Test, in which Alan Turing – the father of modern computing –proposed that real AI will have been achieved when a human cannot detect they are talking to an AI bot; that is, in conversation, the AI bot passes as a real human partner in dialogue.
There is an interesting parallel between the Turing Test and where we are in digital identity today.
鲍勃·布莱克利,花旗集团信息安全的全球负责人,制定了对身份问题这个有趣的思维模式,他所谓的“表中设置为三”的问题,这是这样的:
有三人餐桌组:网上银行,客户和骗子。现在,想象一下你的银行和灯都灭了,你的任务是要确定谁是客户和骗子是由具有谈话。无论是客户和骗子都声称他们是约翰·史密斯,出生于7月2日,1960年你继续发问。但骗子和客户双方都同样有说服力的关于当前和过去的地址,出生日期,母亲的娘家姓,以往和当前的汽车贷款和抵押贷款的关系,学校出席并喜欢的颜色的答案。
This technique is known as knowledge-based authentication (“KBA”). The concept is to ask questions only a legitimate customer would know, in order to make it easy for the customer but difficult for the crook. However, the ironic truth today is that it’s hard for the customer but easy for the crook; the crook has a well curated set of identity information trolled from social media and the dark web. While the customer often can’t pass the test because they forgot who, say, they formed a recent lending relationship with. Worse, the legitimate person has no way to know about the crook mounting an identity theft takeover.
This is the state of digital identity today.
We need a way to do digital identity that is trustworthy and effective for service providers, while also being a method customers can accomplish and feel comfortable with. Above all, it needs to increase customer privacy, rather than reduce it.
The classic Turing Test was satisfied when an AI persona could fool a human. With digital identity, our goal is to create a parallel test that is satisfied when the dark web cannot fool a human. Rather, successful digital identity is met when a process has been established for enrolling a customer in a service where they have complete control over the information they share. Currently, when customers sign up for a service, they need to reveal something about themself in order to verify their identity and to gain access on subsequent visits. To move to a more secure digital identity, the trick is to make sure the volume and sensitivity of the information being shared is proportional to the value of the service being sought.
A good example of a successful authentication solution, and one that has contributed to keeping the global payment system safe, is use of EMV chip cards, which are clone-resistant, tamper-resistant and easy to operate with a four-digit pin code, and both the bank and user work in tandem to monitor and address issues. Banks use analytics and user behavior to quickly detect out-of-pattern transactions, and will take cards out of service when cards are lost or stolen.
这是围绕着动力恢复的想法。动机以回收围绕两个过程:首先,用户会注意到有一个问题;其次,他们会迅速采取行动,指出问题所在,以信任的服务(如银行)。客户驱动的报告和替代的重要项目作为一种防御机制,但往往忽视汇报较小的项目的任何不寻常的活动 - 提供一个机会,让坏人轻易破解或窃取信息。
那么如何才能将此数字身份?我们需要确定我们如何才能构建一个用户的仪式很简单的用户积极参与,但仍然受到保护,不被欺骗的流氓交易。
Identity services constructed from things users are motivated to recover – such as bank cards, mobile phones and driver’s license – will shut down the bad guys. Masquerading goes to zero when hackers 1) have to steal the user’s stuff, 2) have to break in to the user’s stuff and 3) have to keep the user from acting to deactivate the stuff they lost. An identity system constructed this way would pass the Turing Test for Identity.
One of the major buzzwords this year and a step in achieving secure digital identity is blockchain, as it has the potential to become a foundational element of a new approach to privacy, security and digital identity for consumers. Companies and governments around the world have begun to seriously look at the ways that distributed ledger methodologies can improve everything from payments to identity to security, and begin planning innovative new approaches to the ways we build products for the next generation of online services. This is a great first step in improving the state of digital identity today, and reinforces the notion that we’re not far from achieving a private and secure digital identity ecosystem.