Identity, security and the Internet of Things
On the Internet, nobody knows you're a toaster
08 December, 2014
category: Biometrics, Corporate, Digital ID, Financial, Government, Health, Library, NFC
Internet of Things, Connected devices identifying owners
While there is concern over securing data and devices on the Internet of Things there also is great interest in using the wearables and other connected devices for authentication online and in the physical world.
The general theory is that Internet of Things-enabled devices will communicate with back-end authentication services so to aid in adaptive and continuous authentication. Did the Web-enabled coffee pot brew this morning? Did the Jawbone UP record a workout? Did you drive your connected car or use a mobile device to pay a fare on public transportation? All of this can feed into a system that enables continuous, adaptive authentication.
Adaptive authentication isn’t a new idea. Checking the IP address against the geo-location provided by a mobile device before enabling someone to login is available today, says Mark Diodati, technical director in the CTO’s office at Ping Identity. Enterprises can place an app on a mobile device that will “fingerprint” the device and check information from it. That along with a user name, password and token can all be used for authenticating to resources, Diodati says.
Adding data from wearable devices may be the next step but there are concerns about how these devices connect to back-end systems and overall privacy issues, Diodati explains. He notes that there are strong efforts underway to utilize modern identity protocols such as OAuth and Open ID Connect. “It’s still up in the air, however, how you take these protocols and use them on the Internet of Things,” he adds.
Brivo Labs is working to enable wearable devices for physical access, says Lee Odess, general manager at the company. Depending on the level of security the system would consume different authenticators. To walk into the front door of an office it might be enough to have the Nike Fuelband that is transmitting using Bluetooth Low energy but to get into a specific office the employee might also need a mobile device with NFC where they authenticate using a biometric. “A wearable with a phone and biometric is a pretty strong form of authentication,” Odess says.
Dog, man or toothbrush?
The identity management world is under siege. Data breaches are rampant and trying to figure out a better solution than user names and passwords alone is imperative. The introduction of wearable devices and emergence of the Internet of Things poses both a daunting challenge and an enormous opportunity to an identity industry that already has a lot on its plate. Adding factors to the authentication process was always viewed as a difficult proposition.
The additional cost of deploying tokens and scanners was cumbersome, but when employees or consumers already have these devices it’s the matter of adding them to an identity management system.
The famous cartoon stated, “On the Internet nobody knows you’re a dog.” Soon nobody will know if you’re a dog, a teenager, a government employee or even a toothbrush. There are many obstacles to overcome in this new Internet of Things-enabled world but once some of these issues are solved the possibility of a more secure, connected world does exist.