Digital identity modelling and management

University of Technology, Sydney. Faculty of Engineering.User identification and authentication is the first and most important aspect of identity management in maintaining security and privacy of users and their assets. Due to the open nature of the Internet, without reliable identification and authentication, subsequent security and privacy protections become worthless. Amid the increase of the number of online services and users, identity fraud is on the increase. It has been widely reported that identity fraud costs the industry many billions of dollars each year around the world. Perpetrators use false identities to engage in fraudulent activities. False identities can be established in one of two ways: (i) creating fictitious identity by manufacturing, forging or fraudulently obtaining legitimate documentation to satisfy proof of identity (POI) requirements, and (ii) stealing or forging someone else’s identity from an actual person (living or dead) such as passwords, security tokens or biometric information. One of the effective ways to prevent identity fraud is to build defence against the use of false identities. Use of false identities can be prevented by implementing strong authentication, using multi-factor identity proofing (during service enrolment phase) and multifactor identity authentication (during service delivery sessions). To balance convenience and security, the strength of the authentication needs to match the required level of trust. If the implemented strength is lower than the required level of trust, it may introduce risk of fraudulent activities. On the other hand if the implemented strength is higher than the required level of trust, it may introduce inconvenience to the user, preventing the usage. To solve this issue, we propose CaMa (Credential Attribute Mapping) models to calculate the strength of authentication for multi-factor identity proofing and multifactor identity authentication scenarios. The strengths are calculated from the desired properties of identities and presented in two ways, (i) a process of summation of the weighting index of the desirable properties, and (ii) application of information theory. Further, a scheme for constructing digital representations of personal identities from conventional identity documents such as birth certificates, citizenship certificates, passports, driving licences, bank card and photo ID is also proposed. This digital representation of personal identity along with the concept of (i) active credentials, (ii) trusted identity providers, (iii) secure assertion protocol such as SAML and with the (iv) established policies and procedures, enable a user to assert their identity to a remote online service provider that request the proof of identity (POI) requirements. Thus, it will help freeing users from the limitation of personal presence during service enrolment. For example, in this way, it will be possible to open a bank account in the USA by remotely submitting trusted identity credentials online from Australia

Identidade digital federada globaliD

Mestrado em Engenharia de Computadores e TelemáticaO presente texto propõe uma solução para a gestão de identidade digital online tendo em conta a versatilidade, o anonimato, a privacidade, a veracidade, a credibilidade e a responsabilidade do utilizador, recorrendo para isso ao uso do Cartão de Cidadão Electrónico Nacional Português e a outros meios de autenticação públicos usados diariamente pelos utilizadores. A dissertação é composta pela apresentação do conceito de identidade e das suas particularidades, por uma análise aos vários problemas da gestão da informação pessoal online, uma análise aos vários modelos, mecanismos e especificações existentes para gerir a identidade digital online (gestão de identidade digital). Uma solução de gestão de identidade digital baseada no modelo de identidade federada e associada ao Cartão do Cidadão Electrónico Nacional Português é apresentada, descrita, analisada, avaliada e comparada com outras soluções existentes. Por fim um protótipo de um provedor de identidades digitais federadas baseado na solução de gestão de identidade digital proposta é apresentado.The following text provides a solution for the digital identity management on the Web regarding the users’ versatility, anonymity, privacy, veracity, trustworthiness and accountability by using the Portuguese National Electronic Citizen Identity Card and other publicly available authentication mechanisms users use daily. The dissertation consists of the presentation of the concept of identity and its particularities, an analysis to the several problems of managing personal information online, and an analysis to the several existing models, mechanisms and specifications for the management of the digital identity online (digital identity management). A solution for digital identity management based on the federated identity model and associated to the Portuguese National Electronic Citizen Identity Card is introduced, described, analyzed, evaluated and compared to other several existing solutions. Last, a prototype of a federated digital identity provider based on the purposed solution for digital identity management is presented

Identity Management in Permanent Digital Spaces

Social media platforms have captured and transformed the social experience. Though media content is unique for each platform, all social media sites share some level of anonymity, asynchronous communication, and absence of non-verbal social cues. This environment provides a landscape where users can not only exercise a more conscious management and presentation of self, but are also able to explore creative identity formation processes. This study investigates the ways that users engage with social media platforms and the impact such engagement has on personal identity management. Methods consisted of distributing a personality inventory based on the widely accepted NEO-P-IR. Participants were also asked to self-report their current social media habits including which platform they use most frequently, and an approximation of the cumulative time they spend using all social media sites. A subset of those respondents participated in interviews that explored their responses deeper. Data suggests that social media users will maintain accounts on both an identifiable and more anonymous platform, using each site for different identity performances. Qualitative analyses have yielded usage themes such as: ease of relationship maintenance, political signaling, and information seeking. Because social media is used by a large percentage of the global population, it is crucial that the growing field of cyberpsychology continues research into the motivations of social media users to engage in content creation

A game theoretic model for digital identity and trust in online communities

Digital identity and trust management mechanisms play an important role on the Internet. They help users make decisions on trustworthiness of digital identities in online communities or ecommerce environments, which have significant security consequences. This work aims to contribute to construction of an analytical foundation for digital identity and trust by adopting a quantitative approach. A game theoretic model is developed to quantify community effects and other factors in trust decisions. The model captures factors such as peer pressure and personality traits. The existence and uniqueness of a Nash equilibrium solution is studied and shown for the trust game defined. In addition, synchronous and asynchronous update algorithms are shown to converge to the Nash equilibrium solution. A numerical analysis is provided for a number of scenarios that illustrate the interplay between user behavior and community effects

Using Adaptive Enterprise Architecture Framework for Defining the Adaptable Identity Ecosystem Architecture

Digital identity management is often used to handle fraud detection and hence reduce identity thefts. However, using digital identity management presents additional challenges in terms of privacy of the identity owner meanwhile managing the security of the verification. In this paper, drawing on adaptive enterprise architecture (EA) with an ecosystem approach to digital identity, we describe an identity ecosystem (IdE) architecture to handle identity management (IdM) while safeguarding security and privacy. This study is a part of the larger action design research project with our industry partner DZ. We have used adaptive EA as a theoretical lens to define a privacy aware adaptive IdM with a view to improve the Id operations and delivery of services in the public and private sector. The value of the anticipated architecture is in its generic yet comprehensive structure, component orientation and layered approach which aim to enable the contemporary IdM

Identity principles in the digital age: a closer view

Identity and its management is now an integral part of web-based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. As identity management systems assume functionally equivalent roles, their significance for privacy cannot be underestimated. The Centre for Democracy and Technology has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between 'identity' conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with the key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus applicable to existing and new information communication technologies. The conclusion is that securing compliance with the legislation will prove to be the biggest governance challenge. Standard setting and norms will go some way to ease the need for centralised regulatory oversight

Digital Identity and the Blockchain: Universal Identity Management and the Concept of the “Self-Sovereign” Individual

While “classical” human identity has kept philosophers busy since millennia, “Digital Identity” seems primarily machine related. Telephone numbers, E-Mail inboxes, or Internet Protocol (IP)-addresses are irrelevant to define us as human beings at first glance. However, with the omnipresence of digital space the digital aspects of identity gain importance. In this submission, we aim to put recent developments in context and provide a categorization to frame the landscape as developments proceed rapidly. First, we present selected philosophical perspectives on identity. Secondly, we explore how the legal landscape is approaching identity from a traditional dogmatic perspective both in national and international law. After blending the insights from those sections together in a third step, we will go on to describe and discuss current developments that are driven by the emergence of new tools such as “Distributed Ledger Technology” and “Zero Knowledge Proof.” One of our main findings is that the management of digital identity is transforming from a purpose driven necessity toward a self-standing activity that becomes a resource for many digital applications. In other words, whereas traditionally identity is addressed in a predominantly sectoral fashion whenever necessary, new technologies transform digital identity management into a basic infrastructural service, sometimes even a commodity. This coincides with a trend to take the “control” over identity away from governmental institutions and corporate actors to “self-sovereign individuals,” who have now the opportunity to manage their digital self autonomously. To make our conceptual statements more relevant, we present several already existing use cases in the public and private sector. Subsequently, we discuss potential risks that should be mitigated in order to create a desirable relationship between the individual, public institutions, and the private sector in a world where self-sovereign identity management has become the norm. We will illustrate these issues along the discussion around privacy, as well as the development of backup mechanisms for digital identities. Despite the undeniable potential for the management of identity, we suggest that particularly at this point in time there is a clear need to make detailed (non-technological) governance decisions impacting the general design and implementation of self-sovereign identity systems

Anonymous network access using the digital marketplace

With increasing usage of mobile telephony, and the trend towards additional mobile Internet usage, privacy and anonymity become more and more important. Previously-published anonymous communication schemes aim to obscure their users' network addresses, because real-world identity can be easily be derived from this information. We propose modifications to a novel call-management architecture, the digital marketplace, which will break this link, therefore enabling truly anonymous network access

DIGITAL CLIENT IDENTITY AND MANAGEMENT USING BLOCKCHAIN

The present disclosure relates to implementing client onboarding process using a blockchain network. Specifically, the present disclosure relates to techniques of onboarding clients in a decentralized blockchain network. A method that uses permissioned blockchain is proposed for onboarding clients. The method includes creating a single secured digital print of a client by the permissioned blockchain when the client initiates onboarding process and allowing only permissioned nodes on the decentralized network to access the created digital print. Further, the method discloses using and modifying the created single digital print record when the client onboards to multiple applications. The blockchain network is immutable, so the client information cannot be mutilated. Also, the technique avoids maintaining multiple copies of the client at different applications