opportunity in identity crisis

7/31/2019 Opportunity in Identity Crisis

1/14

DNA for Identity Crisis

A Challenge to build a globally sustainableconcurrent solution!!

to todays

Most nagging Problem!!


2/14

The Challenge & the opportunity

Bigger than the BigData!!

Yes with the advent of Online Social Media and ElectronicCommerce.

Identity theft is Posing a significant threat to Individuals,Corporates, and all kinds of Organizations alike. It remains to bethe major nuance to be tackled with buzz words like phishing

Would you laugh if I suggest we all should be logging in to webbased portals, services without a password is this possible ??

feasible!!


3/14

Look at a few Scenarios how some reputed

!!address!! the issue

Social Media : Twitter Guess most of them would recognize and understand the meaning of

the Tick encircled in blue embedded on some of the users.

E-Commerce trade facilitation : E-bay , AlibabaCredibility , transparency of practices followed for accredited

Sellers / Buyers. Proprietary procedures and not open for public.

Banks and certain E-commerce portals tackling phishing Those using online banking services and electronic shopping

would notice the procedure or the sequence of steps required to

authenticate and transact online e.g.: HDFC , Axis (only for analogy

sake).


4/14


5/14

How to address tackle these issues with available

frame-works and technologies Back to Basics

Challenge 1 : Electronic -Identity-Impersonation

Authorization into web-services Leveraging upon

digital-certificate, PKI , Cryptography.

Challenge 2 : Phishing

Leverage embeddable plugins in web-browsers,

email-clients built to take advantage of a simplequery against a UDDI (Universal Description

Discovery and Integration)

Interesting and exciting isnt it !!


6/14

Challenge 1Problem :

Authentication into a web based service, is usually based on a user-name and password ... tackling

this with PKI and Digital Certificates.

It is being assumed the audience has a basic understanding of PKI, Digital Certificate, Cryptography. It is

advised to have a good understanding of CA (Certification Authorities) and PGP( Pretty Good Privacy)

Proposed Solution :

What if : The username is mapped to a public-key or public-certificate ?? Or if the public-key or the

public-certificate serves the purpose of the username ??

Advantages . all the way whether on chooses to map / use a public-key or a public-certificate in lieu

of / username result flexibility for Authentication , Authorization , Encryption/ Decryption , SSON

(Single Sign on .Oauth)

What am I talking about : Building A web based service that serves as an IDM (Identity Management )

repository for some or all of the above purposes , viz. a publicly

accessible directory and Lookup-service (In lay mans term digital

Yellow Pages )

Jig saw Puzzle : Yep there are more crumbs / building blocks that make the solution

interesting and scope for high commercial viability.


7/14

Building a effective and viable solutionChallenges : where should the private-key / decryption key sit ?? , what is the

role of digital certificates and Certification Authorities.

What part of information should be publicly accessible and what part

should be private/restricted/fore-bidden from public-access childish

to discuss bring up isnt!!

what if embeddable into your browser (Locked into your laptop / PC) for

authentication into your favorite URL.voila !! .well most of your digitalcertificates currently operate on these lines then what is new!!

what if the private-key sits in the USB device portable carry anywhere

authenticate, authorize, encrypt /decrypt on, any public, private or shared

systems with confidence.

A discussion of the Classic example of the : SSL X.509 , Digital Certificates

Certification Authorities the chain of trust!! decouple the private-keys from digital

certificates leverage the chain of trust .make available/possible a online repository

.either a digital-certificate with public-key or just a public-key .OO use-case modeled

Solution for leveraging the opportunity and the infrastructure being built.


8/14

Building a effective and viable solution

continued

Understand : How Digital Certificates are currently handled,Various algorithms used in the context of Security , Secure communications

underlying mechanics eg : RSA , Microsoft Digest etc

While I wouldnt like to delve in to the mechanics of various algorithms

their advantages or dis-advantages ??

I would like to draw attention to the following viz. UDDI , Dynamic DNS and the short URLs

(the links that appear Viz. made popular by) in the twitter feeds , a cookie and the

challenge (say as in the digest method), the JVM (java virtual machine)

A potent and potential solution : what if the user-id is just a kind of URL that resolvesback to your host / computer Reverse-engineer the UDDI offering the context in

which you can run JVM / ACTIVEX enable code-lets how are the majority of the digital

certificates purchased used for .where do they reside and what are they being used for!!


9/14

Scope role potential of Bio-MetricsRecall Biometric authentication devices , the finger-print scanners

what if your thumb impression is your private-key or a sub-set of

the key that makes up the private-key I believe the sum of the process

that makes up a RSA finger print gathering, for an analogy.

the key-challenge what would constitute a public-key , how would you

generate one

generation private-keys with deciphering algorithm/logic a

combination of raster-graphics, vector-graphics, fractals what not

to leverage upon rather not go into the details of leveraging Biometrics

with several leading industry players in the market, with aready off the shelf, solution.

hey by the way anybody remember/ recall USB drives that come with

embedded finger print scanner that let you access to data only when

guess not!!


10/14

Solution Modeling

Infrastructure Building Blocks

With most of the technology stack and buildingblocks discussed!!

I believe this is the right place to kickstart a dialogue set in motion a

discussion to gather right feedback on

the building blocks and also the road

blocks in solving the jigsaw puzzle.


11/14

A Big Thank You!!Where do we stand , an opportunity or challenge .

I would like to sincerely thank everyone

for providing this opportunity topresent a valuable paper before the right audience.

you can reach me at

[email protected]

http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619
mailto:[email protected]://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619http://in.linkedin.com/pub/venkat-ravi-shanker/5/6b8/619mailto:[email protected]


12/14

The un-disclosed AgendaAs with an researcher or opportunist , I too aim to profit from this papermodalities to be worked out.

With CAs already functioning I want to build a viable commercial market opportunity where multiple IDM serviceproviders can compete and render services to customers would love to have the DNS kind of model

to be leveraged for the IDM service rendering.

power and potential ...

...embedded a digital signature / certificate ...with DNA ...VALIDATION scanner on your

...credit-debit swipe cards ...that come with there own scanner and validation embedded

device !!

........enter into the world of digital commerce and POS commerce with confidence.

Ability to develop micro-devices for consumer market place that canleverage the IDM service model for authenticating, validation end-user devices (replace magnetic strip-devices, haveelectronic-chips embedded with IDM validated certificates with explorable potential of BIOmetric) to thePOS(point of sale) terminal a win-win opportunity for the consumer and merchants and merchandisers ..toleverage the IDM .

It is obivious for any kind of successful solution building it is important that all actors part of proposed solution

participate actively, hence solicitating sponsorship and geniune interest from the industry

Ravi Shanker KVvenkat ravi shanker k

00919848226880

Respect Intellectual Property


13/14

The Myth of Shortned Url!! 3 factor

authenticationWell all have been using [email protected] as a communication / identification means .in the contextof IDM i would be looking for the IDM providers providing one with a similar or for the matterdont mind making this a legible practice viz. When someone tries to identify one-self with say forinstance [email protected] the service provider in this instance idmservice vouchs forthe identity of the individual for the web service, while at the same time if the web-servicerequests a authentication the idmservice provider intiates a validation with the registered deviceof the identity viz. say [email protected] validatedgeneratesa valid .which enables the end-user with the , say [email protected] can do / have a session with the web-service provider??

Insurance .

Advantage : some-body is taking the onus that your serviceweb-service for instance for guaranting you a valid user isauthenticating into your service ?? .get insured against identityimpersonation .digital identity etc ??

Envisage doing a transaction at POS terminal . Or your

mobiledevice embedded with a appletfrom bank-provider,authenticating into the pos terminal inlieu of
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


14/14

Where to reach me

Ravi Shanker KV

8-3-976/41, viswasanti,

Shalivahan nagar,

Srinagar colony, hyderabad

India 500073.

[email protected]
mailto:[email protected]:[email protected]

opportunity in identity crisis

Documents