Archive for the ‘Security’ category

Protecting Digital Identities, Part 1

January 31, 2011

A Digital Identity is the mechanism used to identify an individual to computers, networks, the internet, and social media. In a general case, digital identity is the digital fingerprint of an individual – or of an entity other than an individual – in either case, it is generically called the Digital Subject. But whatever it is, it consists of properties, relationships, attributes and authentication.

Properties are the characteristics of the digital subject. Within Facebook, properties may include name, age, marital status. Within a corporate network, the properties may include employment date, withholding exemptions, supervisor.

Relationships are the correlation between digital subjects. Within Facebook, relationships include friends, family, schools, employers, and special interests. Within the corporate environment, relationships refer to directory access rights, functional groups, etc.

Attributes are special characteristics of the digital subject and are not too different from properties. An attribute includes login name, password, home server. Generally, attributes are not shared outside the digital authority.

Authentication is the process for verifying the legitimacy of the digital subject. Generally username and password is the first line of defense. But authentication includes:

  • what you know (password)
  • what you have (passkey)
  • who you are (fingerprint, retina)
  • what you can do (this is relatively new and is generally seen in the form of captcha)

The protection of digital identity must address many facets. And the laws, ethics, and policies surrounding these protections do not encompass all aspects nor do they form a seamless shield.

As the digital identity becomes more and more integral to the existence of people in moderns societies, the protection and reliability of the digital identity becomes paramount.

Protecting the authentication. Authentication protection is the responsibility of both the digital subject and the central account store. And this responsibility is frequently substandard. Obviously the digital subject has shown laziness and disregard toward passwords in numerous scenarios. People tend to only use a couple passwords making their entire digital life accessible once a single account store has been violated. But within the central account store passwords may be kept in unencrypted form, they may be encrypted in a breakable two-direction cypher, or they may be broken through simple, brute-force dictionary comparisons. By far, the best solution is many passwords that use a combination of lowercase, uppercase, numbers, and symbols. But these are nearly impossible to remember.

Protecting the data. All of the protection of the authentication is meaningless if the digital data itself is unprotected. Unencrypted social security numbers, addresses, credit card numbers remain pervasive throughout the commercial industries. Remarkably, the medical community is making significant progress toward true information security. This progress is accomplished through the disappearance of paper records and the integration of digital-only records. The significance of this is that any view of the records requires 1) and authenticated user and 2) tracking of all access. (Three hospital employees were fired for improperly accessing the shooting victims in Arizona.)

Ensuring reliability. Safe and authenticated data is meaningless if not accurate. And accuracy has not received the level of attention as authentication and protection. Mistyped court records, un-updated address and employment records are the examples. Invalid properties, relationships, and attributes will cost money, cost jobs, cost relationships, cost productivity, etc. And typically, no one is held responsible. But the inaccuracies affect all of us.

Summary. Digital identities require a multifaceted oversight. failure of any level of protection, accountability, of reliability will render the records useless and affect the lives of many people. As the inventiveness of the nefarious groups improve, so must the determination of the shepherds of the data.

Advertisements

%d bloggers like this: