The document discusses improving authentication methods by moving away from frequent authentication interactions. It proposes using wearable devices and persistent sensing to establish trust and maintain that trust seamlessly without requiring ongoing user interaction. This would decouple authentication from transactions by leveraging trusted devices to serve credentials asynchronously. However, it stresses the importance of privacy by design to ensure user control over data and context in this new paradigm.
2. Thank You
2
Consumer Authentication Today
Things You Know
- Passwords
- PINs
- Passphrases
- Inane security
questions
Things You Have
- Keys
- Cards
- Electronic tokens
Who you are
- Fingerprint
- Face
- Voice
- Iris
3. Thank You
3
Biometrics are the Silver Bullet?
The security world has been looking to biometrics to solve
its security vs. convenience problem
But, fundamental technological limitations are quickly
reached
The problem is further exacerbated by fickle consumers and
uncontrolled operating environments
4. Thank You
4
Reframing the Problem
We cannot completely eliminate the friction associated with
fundamental human authentication processes
The problem lies not just in the friction, but in the frequency:
burden = friction x frequency
How can we instead reduce the frequency?
5. Thank You
5
Changing the Authentication Paradigm
The fundamental problem is now with the forced
synchronicity: authentication at the point of transaction
How can we decouple action required for authentication
from the transaction that uses it?
Redesign the system to achieve asynchronicity
7. Thank You
The Redesigned Authentication System
Establish a high level of trust using multiple factors
Leverage persistent sensing to maintain that trust without
further user interaction
Use a trusted device to seamlessly serve credentials
without requiring any user interaction
8. Thank You
8
Identity Is Now Easy – So Now What?
Authentication is not just a security problem, it’s a general
identity problem
By making identity easy, the scope of identity-focused
applications significantly broadens
Smart devices have a new context in which to operate
9. Thank You
9
New Context for Internet of Things
The Internet of Things is about persistent connectivity and
sensing
Sensing can provide situational context to make smart
things smarter
But, where user interaction is involved, identity is the
ultimate context
10. Thank You
10
Privacy Must Be At the Forefront
Privacy is not about secrecy:
Privacy = Control
By decoupling human action from authentication, greater
trust us placed upon the system
Privacy by Design (www.privacybydesign.ca)
11. Thank You
11
The Context for Internet of Things
Identity has been the missing context for IoT devices
The prospect is profound: if every device, environment, and
service provider knew the identities of those nearby, how
would they behave differently
We are entering the era of hyper-personalization