Proposition on How to Build Sustainable Digital Identity Platform
This article is a copy of the proposition shortlisted in the category of “Best innovation in security management – Who has done the most to protect consumer data” for “FDATA Global Open Finance Summit & Awards 2019” https://fdata.global/summit/awards-2019/
On 18/Oct/2019 we were suddenly invited to present our proposition even though we are not a FDATA member nor related with them in any way. The proposition was submitted on 24/Oct and I was at the Edinburgh summit on 4-5/Dec to receive the honor of being selected as one of the three finalists. It was a dazzlingly rapid development..
Click the link for the full text of the proposition - https://www.linkedin.com/pulse/proposition-how-build-sustainable-digital-identity-platform-kokumai/
< Abstract of Proposition >
The subject of this article is a fragile digital identity built with a weak password, which makes a grave choke point of the cyber age.
Secret credentials are absolutely necessary for digital identity in democratic societies. The text password, which is a section of the secret credentials, is known to be too hard to manage. We could look for something other than the text password as the valid secret credential.
Three big myths are rampant in the sphere of digital identity. These are ‘Higher security to be achieved by removal of password’, ‘Passwords to be killed by the biometrics that is dependent on passwords' and ‘Passwords to be displaced by PIN that is no more than a weak form of numbers-only password’.
Unraveling these myths, we come to the conclusions that we must look for something really valid in the sphere of ‘Non-Text Password’ and that the identity of 'citizens' cannot be separated from their volition and memory while the identity of 'things' can be handled only technologically.
Our own autobiographic memory, especially episodic memory, enables us to come up with the most reliable digital identity platform, bidding farewell to the unsafe and torturous identity authentication.
< Conclusion >
Expanded Password System that drastically alleviates the password fatigue is supportive of
– Two/multi-factor authentications that require passwords as one of the factors
– ID federations such as password managers and single-sign-on services that require passwords as the master-password
– Biometrics that require passwords as a fallback means against false rejection (on the assumption that users are correctly informed that it is better convenience, not higher security, that the use of biometrics brings.)
– Simple pictorial/emoji-passwords and patterns-on-grid that can all be deployed on our platform
* All with the effects that handling memorable images makes us feel pleasant and relaxed
– Nothing would be lost for the people who want to keep using textual passwords
– It enables us to turn a low-entropy password into a high-entropy authentication data
– It is easy to manage the relation between accounts and the corresponding passwords
– It helps deter various phishing attacks
– It helps to build practicable Brain-Machine/Computer-Interface
– It helps with Self-Sovereign Identity and Bring Your Own Identity
Lastly but not the least, it is democracy-compatible by way of providing the chances and means to get our own volition confirmed in our identity assurance.
Expanded Password System is now at the stage of Draft Proposal’ for OASIS Open Projects.
< Footnote >
Unraveling the myths of biometrics is an integral part of our proposition. I have also posted a comprehensive myth-debunking article titled ‘Negative Security Effects of Biometrics Deployed in Cyberspace’ – https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/
< Related Article >
#identity #authentication #password #security #biometrics #ethic #privacy #democracy #finance #fintech