Remember the old New Yorker cartoon about the canine computer user telling his sidekick: „On the Internet nobody know’s you’re a dog“? That was back in 1993, but it still holds true. And while many, myself included, relish the anonymity the Net gives us, the inability to prove conclusively who is on the other end of the line can be irking, and even downright dangerous, when large sums of money or the running of critical or possibly even existential systems is concerned.

Of course, the username/password currently used by almost everybody doesn’t prove who you or I are at all. It simply proves that there is indeed an entry in a database that uses these attributes, so anybody who knows them can get in.

That’s probably okay for most use cases. After all, the world as we know it won’t come to an end if somebody highjacks my Facebook account. And for thing like eBanking or PayPal I have additional ways of protecting myself: tokens, one-time passwords or Transaction Numbers (TANs), for instance. And yes, my laptop does have a fingerprint reader built in. I don’t have an Iris scanner yet, but these things are available if needed. There are lots of other methods out there, such as systems that analyze my typing behavior or listen to my voice patterns. One of my favorites is a system called “PassFaces” which makes you memorize the faces from pictures of total strangers whom you are then required to pick out from a matrix of mugshots. Presumably, if you can recognize, say, three people, then this must be the real you knocking on my digital door.

Unfortunately, each of these methods has its foibles and weaknesses, so relying on any one of them just gets us back to square A, namely a relatively insecure system. So why not use a bunch of them simultaneously?

That’s the idea that occurred to the folks at Delfigo Security, a tiny South Boston start-up I visited recently. Their product, DSGateway, is supposedly able to analyze up to 17 different identity factors at once to create what Bharat Nair, who heads development at Delfigo, calls a “confidence factor”, and which I would describe as the probability of it really being me, as opposed to some crook or software robot trying to impersonate me.

Read the rest of this entry »

At my time in life, you sort of become settled into old, comfortable habits, and that’s okay.

However, moving from Munich to Boston to set up our new US office has shaken a few things up in my life. And as if that wasn’t enough, I flew out to the Bay Area a couple of days later to attend IIW ’11, which the organizers, Kaliya Hamlin (a.k.a. “identitywoman”), Phil Windley and Doc Searls put on at the Museum of Computer History right around from NASA’s Ames Research Lab at Moffet Field  in Mountain View – and boy did that give me a dose of culture shock.

I mean, we at KuppingerCole have some experience putting on an event like the European Identity Conference, and so I know how much backbreaking labor and painstaking detail needs to go into creating, among other things, a three-day conference program.

Only it doesn’t.

It took the assembled hundred or so hard-core members of the Identity Gang about 20 minutes to assemble a complete, gilt-edged program covering just about all the really hot topics in the identity space today, and they did so by simply standing up, saying what they wanted to discuss, and going over and hanging a sign on an “agenda wall” telling people when and where to meet.

This format is called a “unconference”, only it isn’t, either. It is a full-fledged symposium divided in to hour-long blocks – that is, unless someone wants to go into extra time, in which case, that’s fine. In fact, anything is fine. That’s because there are no rules at IIW, or at least nothing that resembles a rule in the understood sense of the word. Instead there are some guiding principles that sound like something straight out of Doug Adams, or maybe some of kind of secular geek ashram (which it isn’t, really).

Read the rest of this entry »