Privacy And Trust – Part 7
The most important benefit of a digital ID is authentication. Once digital IDs are more commonplace, you will no longer have to send your login ID and password over the Internet. Your password, passphrase, or biometric will go no further than your smart card, token, or your PC. Once you are authenticated, you will be able to authorize an encrypted exchange of digital data between your PC (or phone or other information appliance) and the other party. The result of the exchange is that both parties will be able to confirm that the other party is indeed who they say they are. If you provided biometric data the person will know not only that it was your ID but that it was actually you and not someone who may have “borrowed” your login/password.
Authentication (you are who you say you are)
Digital IDs are stored in a digital certificate (hence the origin of the certificate authority) and during the initial exchange of information you will see some of the data that is stored in the other party’s certificate. For example, you will see who issued the ID to them and you can use this information as an additional input to determine whether you want to trust the other party. If you want to be really sure you can examine the other party’s digital ID “fingerprint”. This is analogous to the code which is embossed on your house or car key. Your credit card statement, for example, could have a “fingerprint” printed on the statement so if you wanted to you could check it against what appeared on the certificate for the web page to be 100% certain that the credit card company’s web site was indeed them.
Authorization (who can do what)
Now that you have established that who you are who you say you are (been authenticated), various service providers such as banks, merchants, and others can authorize you to do various things. This might include reading a subscription to a publication, checking your bank balance, investing at an on-line brokerage firm, establishing an account with a merchant so you can buy things without having to provide your shipping address each time you purchase something, or voting in local or national elections. Authorization goes deeper however. Since you are authenticated, you can be authorized to authorize others!
Let’s suppose your company has an intranet application that allows you to enroll annually for various medical and dental benefits. Suppose you wanted to allow your spouse to do this for you. How would that work? In today’s world, unfortunately, many people don’t think twice about giving their password to a friend, colleague, or relative. In tomorrow’s world that is not a good idea. A digital ID gives each of us great power and enables us to establish our privacy at the same time. Sharing our password with others dilutes that power. An alternative approach is simply to have a web application that allows a person to authorize someone else to do something on their behalf without giving up their own identity. You authenticate yourself and then you authorize your spouse to be able to enroll or change your medical and dental plan benefits. Then the health care provider or insurance company knows not just that a valid ID and password were used to enroll, but that in fact, the person using the application was authorized by an authenticated person.
If you read the fine print at on-line banking sites you will find that you agree that as long as your ID and password was used to execute a transaction that they are not liable for it not being you. If one of your children finds your ID and password and sells your portfolio (or doubles the size of it on margin) the on-line brokerage is not liable. It was you!
Confidentiality (only the intended recipient can read your messages)
The killer application on the Internet is arguably still email. Unfortunately of the trillions of emails sent each year most are sent “in the clear”. In other words they are not encrypted. Think about writing your most sensitive personal thoughts about someone on a plain postal card and dropping it in a postal box or the slot at the post office. You would have no idea who might be able to read it as it travels from postal box to post office to post office to mail room to intended recipient. That is how it is with all the emails you send! You really have no idea who can read them. When we all have Digital IDs there will be a better way. If you want to send Josef a very private message that nobody but Josef can read you will go to a Certificate Authority and get a copy of Josef’s public key. You will then use your email program or other encryption software such as PGP (Pretty Good Privacy) to encrypt your message to Josef. When Josef receives the scrambled message he decrypts it using his private key. Nobody has Josef’s private key but Josef so you and Josef both know that nobody but Josef was able to read the message.
Integrity (you both know nothing got changed)
How does Josef know that the email really came from you and that it wasn’t altered in some manner on its way to him? A by-product of using the encryption keys is a function called “hashing”. A calculation is made based on all the characters in the message you create. This calculation is encrypted along with the message. After the decryption takes place, the calculation is compared to the one that was made at the time of the encryption. If they agree then your software will in effect tell both you and Josef that the message was not altered. In addition, your message can be “signed” by you using your private key. Josef gets your public key from the CA and decrypts your digital signature to confirm that it was actually you who “signed” it. Eventually I believe all email will be authenticated in some way so that you can be selective about what you are willing to receive; e.g. no spam.
Non-repudiation (no one can deny a conversation or transaction)
Have you ever been told, “We did not receive any request from you to make that stock sale” or have you had to say, “I did not receive that confirmation notice”? If you receive an encrypted message from someone that is “signed” with their Digital ID (with their private key) and you are able to decrypt it with their public key then you know that the message must have been signed with their private key. Only they have their private key, so they must have signed it. They cannot deny it. This works in both directions, of course. Many major countries of the world have now passed legislation that makes digital signatures as good as signatures with ink. They will stand up in court. Soon we will realize that they are actually much better than ink.
Digital signatures are not perfect. Bruce Schneier, founder and CTO of Counterpane Internet Security Inc., has pointed this out in great detail in various writings. This is because computers and computer software are not yet perfect. In order to trust the digital signature, we implicitly trust the hardware and software that enabled us to use our digital ID to create the digital signature. In spite of the imperfections there are many instances where digital signatures are adequate and in fact a clear advantage in efficiency and effectiveness versus current methods. Where the dollar value that depends on the signature is very high, strict security measures need to be taken in proportion.