SlideShare a Scribd company logo

Who am I Now?

David Schlesinger
David Schlesinger

A presentation I gave on behalf of OSDL in 2005.

Technology
1 of 28
Download to read offline
“Who Am I Now?”: Identity and Mobility David “Lefty” Schlesinger Director, Open Source Technologies OSDL NEPs and Carriers Face-to-Face © 2006, ACCESS Co. Ltd. All rights reserved. 10 Oct. 2006
Do you know me?   “How can you tell?”—Dorothy Parker, on being told that Pres. Calvin Coolidge had died   Identity in the literal village (c. 12th century) is fundamentally different than identity in the virtual village (c. 21st century)   When mobility is limited, establishing identity is relatively easy   As mobility increases, establishing identity becomes both more difficult, more important, and potentially more useful Copyright © 2006, PalmSource, Inc. All rights reserved. 2
How Is Identity Established?   First-hand Recognition •  This is the trivial case •  Limited utility outside of very constrained contexts, by its very nature   Second-Hand Recognition (aka “Introduction”) •  A mutually trusted third party is necessary to make the introduction •  Second-hand recognition becomes first-hand recognition   You know me, you know her, but does she know me? •  Identity relationships are not inherently transitive Copyright © 2006, PalmSource, Inc. All rights reserved.
Increased Mobility Requires Credentials   Reputation could be passed on, one hop at a time. Someone had to vouch for you, or give you a reference   As we travelled farther, we needed credentials   As we did more things, and needed to establish our identities for different purposes, we needed more credentials   Today, we travel farther than ever, both physically and virtually; we do more things than ever. Copyright © 2006, PalmSource, Inc. All rights reserved.
Third-Hand Recognition…   …otherwise known as “credentials” •  Again, a trusted third party (aka “an authority”) is required •  A business card is not a credential; lose your wallet and see for yourself! •  My driver’s license is not generally helpful in Nepal…   Credentials need to be authenticatable •  The authority can (hopefully) validate credentials, but this is not always practical… •  Challenges and responses… Copyright © 2006, PalmSource, Inc. All rights reserved.
Some Different Kinds of Credentials Copyright © 2006, PalmSource, Inc. All rights reserved.
A Quick Digression…   The GSM/SIM system is the most widespread identity management infrastucture ever created… •  More than 1.7 billion subscribers in over 200 countries at the end of 2005 •  There are more countries with GSM systems than there are in the United Nations! •  There are more countries with GSM systems than there are with McDonalds!   UMTS/USIM will make even greater functionality available Copyright © 2006, PalmSource, Inc. All rights reserved.
Who I Am Depends on What’s Going On   A particular “identity”, i.e. a given credential, is only meaningful in a given context and domain •  Driver’s license at the airport ticket counter…? Okay! •  Passport at the airport ticket counter…? Okay! •  Driver’s license at the roadside…? Okay! •  Passport at the roadside…? Not okay. •  Passport at immigration…? Okay! •  Driver’s license at immigration…? Not okay.   Potentially, my mobile device can encompass all these credentials and more… Copyright © 2006, PalmSource, Inc. All rights reserved.
Authentication   Authentication reliably associates an actual human being (i.e. a physical identity) with a digital identity •  Via something you know (e.g. a password) •  Via something you have (e.g. a token) •  Via something you are (e.g. biometrics)   Strong authentication requires multiple factors •  My passport functions as a two-factor authentication: a physical token with an embedded “biometric device”…   As we do more with our mobile devices—i.e. as our mobile devices hold more, and more sensitive information about us—the need to authenticate increases Copyright © 2006, PalmSource, Inc. All rights reserved.
Another Brief Digression •  The hanko: something you have… == •  Hanko design requires research; they need to be unique, even for common names –  430,000 people in Japan have the last name “Sato” •  This is why archaic scripts, such as tensho (i.e. “seal script”) are used for this sort of thing… •  Since the hanko is only a single-factor authentication scheme, and since there are no protections against copying, physical or digital, hanko counterfeit is a growing and serious problem in Japan Copyright © 2006, PalmSource, Inc. All rights reserved.
One Response…   Mitsubishi Pencil Co. introduced the “Dial Bank Hanko”…   Two eight-position dials alter the arrangement of the pattern on the outer rings •  64 possibilities… •  Acceptance has been…slow Copyright © 2006, PalmSource, Inc. All rights reserved.
Who I Am Depends on Who You Are   Identity is about relationship and access •  My work “identity”: access to my corporate network, servers, etc. •  My cellphone “identity”: access to my provider’s network •  My Google “identity”: access to email, etc. •  My Amazon “identity”: access to my recommendations, past orders, etc.   Managing a multiplicity of “identities” becomes increasingly difficult… Copyright © 2006, PalmSource, Inc. All rights reserved.
Multiple Identity Disorder…?   Even in a given context, one can have multiple identities. At work I have: •  An email “identity” •  A source code management system “identity” •  A bug tracking system “identity” •  A payroll system “identity” •  And several others… Copyright © 2006, PalmSource, Inc. All rights reserved.
Names   Names abstract multiple identities, multiple kinds of identity, and the attributes of identity •  My web page changes, but the URL remains the same…   Names simplify access to identity •  “www.google.com” or 72.14.205.99 or 72.14.205.104 or…?   For a name to be useful, you need access to the information it abstracts •  This is the function of “a directory” •  LDAP is one example: I can access all my work “identities” through a single password… Copyright © 2006, PalmSource, Inc. All rights reserved.
Partial Identities   Mary has   Boyfriend Bob sees •  A Social Security •  A Social Security number number •  An auto insurance •  An auto insurance policy policy number number •  A work phone •  A work phone •  A personal mobile •  A personal mobile phone phone •  A diary •  A diary Copyright © 2006, PalmSource, Inc. All rights reserved.
Partial Identities   Mary has   Mary’s employer sees •  A Social Security •  A Social Security number number •  An auto insurance •  An auto insurance policy policy number number •  A work phone •  A work phone •  A personal mobile •  A personal mobile phone phone •  A diary •  A diary Copyright © 2006, PalmSource, Inc. All rights reserved.
Why Partial Identities?   In a secure system, access to resources is based on the “principle of least privilege”   Similarly, in identity management, access to information should be based on the “principle of data economy”   Transactions should be •  Unobservable: they directly reveal no information about the parties involved •  Untraceable: no framing information is usable to identify the parties involved •  Unlinkable: no two transactions can be associated with one another   Anonymity should be the baseline… Copyright © 2006, PalmSource, Inc. All rights reserved.
“But wait, there’s more!”   As mobile devices, and the systems supporting them become more capable, the information which can be incorporated into one or more of our identities expands: •  Location •  Location history •  Friends and contacts •  Preferences •  Buying habits •  Etc… Copyright © 2006, PalmSource, Inc. All rights reserved.
Expanded Identities, Expanded Services   Based on my preferences, location and time of day, the content of my personal mobile “portal” can be customized… •  Most likely in coordination with service-providing partners   “I’m away from home, it’s lunch time in this time zone, and I like ramen…” •  I like places with counters better than places with tables… •  I especially like Sapporo-style miso ramen… •  Etc., etc… Copyright © 2006, PalmSource, Inc. All rights reserved.
A Sample Enhanced Transaction   I choose a participating restaurant from the selection on my phone’s customized portal…   A token (a credential) is transferred to my phone by the service provider…   When I go to the (physical) restaurant, my phone transfers the token back… •  I get a discount on my ramen •  The service provider is paid a “finder’s fee” by the ramen-ya •  The service provider pays a participation fee to the network operator Copyright © 2006, PalmSource, Inc. All rights reserved.
A Couple of Points…   My mobile operator doesn’t need to know I like ramen, only that I received a token (of some sort) that I might redeem…   The ramen-ya doesn’t need to know anything about me (other than that I’ve presented them with a verifiably valid discount token) Copyright © 2006, PalmSource, Inc. All rights reserved.
More Scenarios…   Based on my location and my DVD-buying habits… •  The service provider recommends a movie to me… •  I buy an “e-movie-ticket” through my mobile device… •  My mobile operator passes the payment to the theater… •  The theater pays the service provider…   The service provider is able to leverage the mobile operator’s billing infrastructure!   My phone can be my wallet—eCash experiments in Tokyo… Copyright © 2006, PalmSource, Inc. All rights reserved.
Some Proposed Definitions   Mobile Identity = Data + Policies regarding the use of that data   Mobile Identity is a set of claims a “digital subject” makes regarding itself Copyright © 2006, PalmSource, Inc. All rights reserved.
Challenges   Security is not generally a goal of users, they don’t view it as making them more productive…   Users underestimate the consequences of insufficient security •  Thus, they are not willing to invest a lot of effort in order to learn how to use security mechanisms… Copyright © 2006, PalmSource, Inc. All rights reserved.
What’s Needed Here…?   User-friendly interfaces need to be developed for the non- expert to prevent unintentional misuse •  Different “partial identities” for different purposes   Verifiable linkage between real and digital identity on user’s device is critical to prevent impersonation   Published identifying data—both personal and device characteristics—must be protected against misuse Copyright © 2006, PalmSource, Inc. All rights reserved.
What Are We Doing?   The ACCESS Linux Platform provides facilities which can be leveraged for on-device identity management •  A flexible, policy-driven security infrastructure •  Support for a variety of authentication schemes through Linux’s PAM infrastructure •  Certificate management services •  SIM tool kit •  Vaulting services Copyright © 2006, PalmSource, Inc. All rights reserved.
Some Recommended Reading   The Consortium of the Future of Identity in the Information Society (FIDIS): www.fidis.net •  D3.3: A Study on Mobile Identity Management •  D11.1: Towards a Taxonomy of Mobility and Identity   Digital Identity, J. Philip Windley, O’Reilly Books Copyright © 2006, PalmSource, Inc. All rights reserved.
That’s all, folks! Thanks! Copyright © 2006, PalmSource, Inc. All rights reserved. 28

Recommended

Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
From Pitch to Profit: Pitfalls to avoid when running creative businesses
From Pitch to Profit: Pitfalls to avoid when running creative businessesFrom Pitch to Profit: Pitfalls to avoid when running creative businesses
From Pitch to Profit: Pitfalls to avoid when running creative businessesJames Cotton
 
The Re- Return of Black and White SEO
The Re- Return of Black and White SEOThe Re- Return of Black and White SEO
The Re- Return of Black and White SEOPerformics.Convonix
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...Egyptian Engineers Association
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsOSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsAccenture the Netherlands
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 

Recommended

Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
From Pitch to Profit: Pitfalls to avoid when running creative businesses
From Pitch to Profit: Pitfalls to avoid when running creative businessesFrom Pitch to Profit: Pitfalls to avoid when running creative businesses
From Pitch to Profit: Pitfalls to avoid when running creative businessesJames Cotton
 
The Re- Return of Black and White SEO
The Re- Return of Black and White SEOThe Re- Return of Black and White SEO
The Re- Return of Black and White SEOPerformics.Convonix
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...Egyptian Engineers Association
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
OSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsOSC2012: Identity Analytics: Exploiting Digital Breadcrumbs
OSC2012: Identity Analytics: Exploiting Digital BreadcrumbsAccenture the Netherlands
 
CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CIS14: Identifying Things (and Things Identifying Us)
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Vivastream
 
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Vivastream
 
Startup Spotlight: OneID
Startup Spotlight: OneIDStartup Spotlight: OneID
Startup Spotlight: OneIDpii2011
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of DataMomina Mateen
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Nicholas Davis
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Nicholas Davis
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Digital Identity
Digital Identity Digital Identity
Digital Identity SanjaySharma1059
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
Evolution of identity Stoyan Kenderov - MAC 2014 conference
Evolution of identity Stoyan Kenderov - MAC 2014 conferenceEvolution of identity Stoyan Kenderov - MAC 2014 conference
Evolution of identity Stoyan Kenderov - MAC 2014 conferenceStoyan Kenderov
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!Identive
 
WOL White Paper: Better Safety & Security
WOL White Paper: Better Safety & SecurityWOL White Paper: Better Safety & Security
WOL White Paper: Better Safety & SecurityVictoria Armstrong
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentationfranbodh
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Management Insights LLC
 
Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordNicholas Davis
 
Electronic authentication more than just a password
Electronic authentication more than just a passwordElectronic authentication more than just a password
Electronic authentication more than just a passwordNicholas Davis
 
Biometric authentication methods
Biometric authentication methodsBiometric authentication methods
Biometric authentication methodsFelixTaelemans
 
Internet of Things (2015)
Internet of Things (2015)Internet of Things (2015)
Internet of Things (2015)Patrice Kerremans
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

More Related Content

Similar to Who am I Now?

CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Vivastream
 
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Vivastream
 
Startup Spotlight: OneID
Startup Spotlight: OneIDStartup Spotlight: OneID
Startup Spotlight: OneIDpii2011
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of DataMomina Mateen
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Nicholas Davis
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Nicholas Davis
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentDinesh O Bareja
 
Evolution of identity Stoyan Kenderov - MAC 2014 conference
Evolution of identity Stoyan Kenderov - MAC 2014 conferenceEvolution of identity Stoyan Kenderov - MAC 2014 conference
Evolution of identity Stoyan Kenderov - MAC 2014 conferenceStoyan Kenderov
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!Identive
 
WOL White Paper: Better Safety & Security
WOL White Paper: Better Safety & SecurityWOL White Paper: Better Safety & Security
WOL White Paper: Better Safety & SecurityVictoria Armstrong
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentationfranbodh
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Management Insights LLC
 
Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordNicholas Davis
 
Electronic authentication more than just a password
Electronic authentication more than just a passwordElectronic authentication more than just a password
Electronic authentication more than just a passwordNicholas Davis
 
Biometric authentication methods
Biometric authentication methodsBiometric authentication methods
Biometric authentication methodsFelixTaelemans
 

Similar to Who am I Now? (20)

CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
 
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
Notes Version: Is More Data Always Better The Legal Risks of Data Collection,...
 
Startup Spotlight: OneID
Startup Spotlight: OneIDStartup Spotlight: OneID
Startup Spotlight: OneID
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
 
Bug Bounty Programs : Good for Government
Bug Bounty Programs : Good for GovernmentBug Bounty Programs : Good for Government
Bug Bounty Programs : Good for Government
 
Digital Identity
Digital Identity Digital Identity
Digital Identity
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
 
Evolution of identity Stoyan Kenderov - MAC 2014 conference
Evolution of identity Stoyan Kenderov - MAC 2014 conferenceEvolution of identity Stoyan Kenderov - MAC 2014 conference
Evolution of identity Stoyan Kenderov - MAC 2014 conference
 
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
idOnDemand | Article | Looking For An ID Solution? Get It From idOnDemand!
 
WOL White Paper: Better Safety & Security
WOL White Paper: Better Safety & SecurityWOL White Paper: Better Safety & Security
WOL White Paper: Better Safety & Security
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentation
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2
 
Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A Password
 
Electronic authentication more than just a password
Electronic authentication more than just a passwordElectronic authentication more than just a password
Electronic authentication more than just a password
 
Biometric authentication methods
Biometric authentication methodsBiometric authentication methods
Biometric authentication methods
 
Internet of Things (2015)
Internet of Things (2015)Internet of Things (2015)
Internet of Things (2015)
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Who am I Now?

  • 1. “Who Am I Now?”: Identity and Mobility David “Lefty” Schlesinger Director, Open Source Technologies OSDL NEPs and Carriers Face-to-Face © 2006, ACCESS Co. Ltd. All rights reserved. 10 Oct. 2006
  • 2. Do you know me?   “How can you tell?”—Dorothy Parker, on being told that Pres. Calvin Coolidge had died   Identity in the literal village (c. 12th century) is fundamentally different than identity in the virtual village (c. 21st century)   When mobility is limited, establishing identity is relatively easy   As mobility increases, establishing identity becomes both more difficult, more important, and potentially more useful Copyright © 2006, PalmSource, Inc. All rights reserved. 2
  • 3. How Is Identity Established?   First-hand Recognition •  This is the trivial case •  Limited utility outside of very constrained contexts, by its very nature   Second-Hand Recognition (aka “Introduction”) •  A mutually trusted third party is necessary to make the introduction •  Second-hand recognition becomes first-hand recognition   You know me, you know her, but does she know me? •  Identity relationships are not inherently transitive Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 4. Increased Mobility Requires Credentials   Reputation could be passed on, one hop at a time. Someone had to vouch for you, or give you a reference   As we travelled farther, we needed credentials   As we did more things, and needed to establish our identities for different purposes, we needed more credentials   Today, we travel farther than ever, both physically and virtually; we do more things than ever. Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 5. Third-Hand Recognition…   …otherwise known as “credentials” •  Again, a trusted third party (aka “an authority”) is required •  A business card is not a credential; lose your wallet and see for yourself! •  My driver’s license is not generally helpful in Nepal…   Credentials need to be authenticatable •  The authority can (hopefully) validate credentials, but this is not always practical… •  Challenges and responses… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 6. Some Different Kinds of Credentials Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 7. A Quick Digression…   The GSM/SIM system is the most widespread identity management infrastucture ever created… •  More than 1.7 billion subscribers in over 200 countries at the end of 2005 •  There are more countries with GSM systems than there are in the United Nations! •  There are more countries with GSM systems than there are with McDonalds!   UMTS/USIM will make even greater functionality available Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 8. Who I Am Depends on What’s Going On   A particular “identity”, i.e. a given credential, is only meaningful in a given context and domain •  Driver’s license at the airport ticket counter…? Okay! •  Passport at the airport ticket counter…? Okay! •  Driver’s license at the roadside…? Okay! •  Passport at the roadside…? Not okay. •  Passport at immigration…? Okay! •  Driver’s license at immigration…? Not okay.   Potentially, my mobile device can encompass all these credentials and more… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 9. Authentication   Authentication reliably associates an actual human being (i.e. a physical identity) with a digital identity •  Via something you know (e.g. a password) •  Via something you have (e.g. a token) •  Via something you are (e.g. biometrics)   Strong authentication requires multiple factors •  My passport functions as a two-factor authentication: a physical token with an embedded “biometric device”…   As we do more with our mobile devices—i.e. as our mobile devices hold more, and more sensitive information about us—the need to authenticate increases Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 10. Another Brief Digression •  The hanko: something you have… == •  Hanko design requires research; they need to be unique, even for common names –  430,000 people in Japan have the last name “Sato” •  This is why archaic scripts, such as tensho (i.e. “seal script”) are used for this sort of thing… •  Since the hanko is only a single-factor authentication scheme, and since there are no protections against copying, physical or digital, hanko counterfeit is a growing and serious problem in Japan Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 11. One Response…   Mitsubishi Pencil Co. introduced the “Dial Bank Hanko”…   Two eight-position dials alter the arrangement of the pattern on the outer rings •  64 possibilities… •  Acceptance has been…slow Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 12. Who I Am Depends on Who You Are   Identity is about relationship and access •  My work “identity”: access to my corporate network, servers, etc. •  My cellphone “identity”: access to my provider’s network •  My Google “identity”: access to email, etc. •  My Amazon “identity”: access to my recommendations, past orders, etc.   Managing a multiplicity of “identities” becomes increasingly difficult… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 13. Multiple Identity Disorder…?   Even in a given context, one can have multiple identities. At work I have: •  An email “identity” •  A source code management system “identity” •  A bug tracking system “identity” •  A payroll system “identity” •  And several others… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 14. Names   Names abstract multiple identities, multiple kinds of identity, and the attributes of identity •  My web page changes, but the URL remains the same…   Names simplify access to identity •  “www.google.com” or 72.14.205.99 or 72.14.205.104 or…?   For a name to be useful, you need access to the information it abstracts •  This is the function of “a directory” •  LDAP is one example: I can access all my work “identities” through a single password… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 15. Partial Identities   Mary has   Boyfriend Bob sees •  A Social Security •  A Social Security number number •  An auto insurance •  An auto insurance policy policy number number •  A work phone •  A work phone •  A personal mobile •  A personal mobile phone phone •  A diary •  A diary Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 16. Partial Identities   Mary has   Mary’s employer sees •  A Social Security •  A Social Security number number •  An auto insurance •  An auto insurance policy policy number number •  A work phone •  A work phone •  A personal mobile •  A personal mobile phone phone •  A diary •  A diary Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 17. Why Partial Identities?   In a secure system, access to resources is based on the “principle of least privilege”   Similarly, in identity management, access to information should be based on the “principle of data economy”   Transactions should be •  Unobservable: they directly reveal no information about the parties involved •  Untraceable: no framing information is usable to identify the parties involved •  Unlinkable: no two transactions can be associated with one another   Anonymity should be the baseline… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 18. “But wait, there’s more!”   As mobile devices, and the systems supporting them become more capable, the information which can be incorporated into one or more of our identities expands: •  Location •  Location history •  Friends and contacts •  Preferences •  Buying habits •  Etc… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 19. Expanded Identities, Expanded Services   Based on my preferences, location and time of day, the content of my personal mobile “portal” can be customized… •  Most likely in coordination with service-providing partners   “I’m away from home, it’s lunch time in this time zone, and I like ramen…” •  I like places with counters better than places with tables… •  I especially like Sapporo-style miso ramen… •  Etc., etc… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 20. A Sample Enhanced Transaction   I choose a participating restaurant from the selection on my phone’s customized portal…   A token (a credential) is transferred to my phone by the service provider…   When I go to the (physical) restaurant, my phone transfers the token back… •  I get a discount on my ramen •  The service provider is paid a “finder’s fee” by the ramen-ya •  The service provider pays a participation fee to the network operator Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 21. A Couple of Points…   My mobile operator doesn’t need to know I like ramen, only that I received a token (of some sort) that I might redeem…   The ramen-ya doesn’t need to know anything about me (other than that I’ve presented them with a verifiably valid discount token) Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 22. More Scenarios…   Based on my location and my DVD-buying habits… •  The service provider recommends a movie to me… •  I buy an “e-movie-ticket” through my mobile device… •  My mobile operator passes the payment to the theater… •  The theater pays the service provider…   The service provider is able to leverage the mobile operator’s billing infrastructure!   My phone can be my wallet—eCash experiments in Tokyo… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 23. Some Proposed Definitions   Mobile Identity = Data + Policies regarding the use of that data   Mobile Identity is a set of claims a “digital subject” makes regarding itself Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 24. Challenges   Security is not generally a goal of users, they don’t view it as making them more productive…   Users underestimate the consequences of insufficient security •  Thus, they are not willing to invest a lot of effort in order to learn how to use security mechanisms… Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 25. What’s Needed Here…?   User-friendly interfaces need to be developed for the non- expert to prevent unintentional misuse •  Different “partial identities” for different purposes   Verifiable linkage between real and digital identity on user’s device is critical to prevent impersonation   Published identifying data—both personal and device characteristics—must be protected against misuse Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 26. What Are We Doing?   The ACCESS Linux Platform provides facilities which can be leveraged for on-device identity management •  A flexible, policy-driven security infrastructure •  Support for a variety of authentication schemes through Linux’s PAM infrastructure •  Certificate management services •  SIM tool kit •  Vaulting services Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 27. Some Recommended Reading   The Consortium of the Future of Identity in the Information Society (FIDIS): www.fidis.net •  D3.3: A Study on Mobile Identity Management •  D11.1: Towards a Taxonomy of Mobility and Identity   Digital Identity, J. Philip Windley, O’Reilly Books Copyright © 2006, PalmSource, Inc. All rights reserved.
  • 28. That’s all, folks! Thanks! Copyright © 2006, PalmSource, Inc. All rights reserved. 28