How to Achieve Privacy-Preserving Identity Verification and Federation While Reducing Costs
Friday, June 2nd, at Identiverse 2023 national security innovator and cybersecurity entrepreneur Dr. Srivastava discusses recent breakthroughs in applied cryptography and advancements in machine learning are enabling alternative authentication technologies and approaches to traditional honeypot models. This has enterprises rethinking their approach to identity stores and what the future of authentication looks like in a world where consumer privacy is paramount.
Abstract
There has been a great deal of promising new companies, technologies, initiatives, working groups and specifications for decentralized identity in recent years. However, the current state of digital identity is still very much stuck in a centralized model that relies on devices as the primary source of trust. This means that users have to store their identity data on their devices and use usernames and passwords to access different applications and services. While the security measure aims to reduce PII honey pots, it creates many challenges to achieving the goals of fast, secure and frictionless identity for everyone.
Overcoming device-based identity limitations
UX: Siloed and fragmented identity experience, users managing multiple accounts and credentials across different platforms.
Security: User security risks, such as phishing, credential theft, and account takeover.
Costs: High bur
den on enterprises, who have to provide costly and cumbersome account recovery mechanisms involving human verification and call centers.
To overcome these challenges, digital identity is evolving to where users have full control and ownership of their identity data and can share it across different applications and services without relying on intermediaries or centralized authorities. In these models, the user has a consistent and seamless identity experience across different devices and channels, as well as enhanced privacy and security. Moreover, it would reduce the operational costs and risks for enterprises, who would no longer need to store or manage user identity data or provide account recovery services. The latter point is critical in accelerating adoption at the enterprise level.
Promising new technologies are shifting the trust anchor
Transitioning to this new model of digital identity is not easy. It requires a paradigm shift from device-based trust anchors to human-based trust anchors. A trust anchor is a piece of information that establishes the authenticity and validity of an identity. In the device-based model, the trust anchor is usually a cryptographic key or a biometric feature that is stored on the device and has limitations, such as device loss, theft, or damage; device sharing; device switching; and device incompatibility. In these scenarios, users would lose access to their identity data or have to use usernames and passwords again, which introduce an entry point for fraud and added user friction.
In contrast, in the human-based model, the trust anchor is derived from the user's inherent attributes or behaviors that are unique and persistent across different devices and channels. For example, a human-based trust anchor could be a combination of biometric factors including face, keystroke and gait, along with other behavioral or contextual factors that are captured and verified by the user's device or by a trusted third party. This way, users would be able to access their identity data from any device or channel without relying on usernames and passwords or device-specific keys.
