Applications that involve the electronic transfer of credentials, profile data, and other sensitive information are quickly gaining momentum. Initiatives such as E-Government and Network Identity are attempts to facilitate information exchanges beyond the traditional confines of private networks. Today's prevalent methods for secure electronic authentication rely either on Kerberos-style authentication or on PKI based on digital identity certificates, both of which were invented a quarter of a century ago, at the dawn of modern cryptography. In particular, they were designed to secure primarily non-open organizational environments, such as enterprise intranets and inter-government communication. Within the context of today's emerging open information infrastructures, however, symmetric authentication and digital identity certificates do at best a mediocre job of protecting security, introduce a host of performance problems, and have devastating consequences for privacy. Amongst others, they fundamentally do not offer any of the following: software-only protection against lending of access rights; role-based access; the ability to disclose the minimal information needed to a verifier; the ability of verifiers to hide competitive data from online status validators; limited-use instances of certified information; non-repudiation even in the presence of malicious central parties; and, reverse (or negative) authentication. As a result, they expose organizations to potentially unlimited liability, lead to consumer fear, and stifle the adoption of new systems. This presentation will show a much better way of doing authentication and access control in Digital Identity and Profile Management systems, based on scientific advancements in electronic authentication made over the past 25 years.
ABOUT THE AUTHOR: Dr. Stefan Brands is one of leading cryptographic experts on the subject of electronic authentication. His book Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy has been widely acclaimed by prominent privacy advocates, security experts, and legal experts, and its subject matter is taught at universities around the world. Dr. Brands is an adjunct professor at McGill's School of Computer Science in Montreal, and is the founder of Credentica. Incorporated in January 2002, Credentica's mission is to provide superior software solutions for transaction systems that involve digital identity and profile management.