In my previous blog post I talked about the new initiative in the USA. My friend Jussi pointed me to ENISA who have been working on proposals for Europe wide eID cards. I plan to read these documents and work on a proposal for international wide identity assurance system that will fight cybercrime.
As a teaser what is coming, image:
"It is year 2021.
Case 1:Janet starts her work day with her computer. She logs in to the computer with her phone and then accesses the project website. Her phone contains an identity from her government, something like ePasspport, and she uses that to authenticate herself everywhere. When she fires up a web browser and accesses www.facebook2020.com site, all her IP packets (IPv6) are signed with her identity. Hence she does not need to authenticate to the Facebook separately. When she sends an email, it is signed automatically. She has no worries about privacy as the system automatically send the bare minimum of information necessary for her to prove who she is or what she is".
Case 2:Nick, a cyber criminal, has tough times these days. He is desperately trying to find an ISP that will not block IPv6 packets that are not signed with his digital identity. Yes, he could steal someone else's identity, possibly, but the system would quickly discovery that that identity is used elsewhere and shut it down.
He finally finds a roque ISP that charges him $1500 for an hour of un-athenticated session. To his horror, all his packets are blocked by upstream ISPs and the roque ISP is disabled in the Internets' BGP peering tables. Nick has just lost $1500 and gained nothing. He better find some normal job to make living.
Case 3: Claire, bored business executive, wants to create new profile on Facebook2020. She would like to pretend she is 16 and chat with teenage boys. When she start filling her new profile data, the age is automatically selected and she cannot change it. It is part of Facebook2020 policies that users cannot modify their age. The age is provided as an attribute by her ePassport identity. "
Far fetched? Not if we design a system that will deliver right level of privacy, identity assurance and automated protection.
Watch the space
The semantic web (or web 3.0 as some call it) is loosely defined as machine generated and consumed content. The If This Than That (IFTTT) is...
I have had my new Nexus 7 for 2 weeks now. It's now been updates to Android 4.2 after which I enabled the full disk encryption. Unlike i...
Introduction I am passionate about information risk security management. It is an area that is like shifting sands, constantly moving wi...
I have been using 1Password on my Mac since the version. Then with the arrival of iPhone and later iPad 1Password folks were quick to introd...
Yesterday I wrote about DigiNotar incident . And today another Certificate authority announced the incident as well. Apparently the same hac...
I have attended many interviews over last 10 months, all of them on the right side of the table though. I will never forget one particular c...
Today was certainly very busy in the security world. Security researches and analysis commented on #ShadyRAT report from McAfee. Just try...
Yet again, I have stumbled on a company that limits maximum password length. This time it is a giant software vendor, Adobe. I simply wa...
(c) Vladimir Jirasek. Powered by Blogger.
- ► 2012 (13)
- ► 2011 (23)
- ▼ July 2010 (6)