carlos moreira

Theft of bank data, misappropriationof identities on social networks,phishing, account piracy, black -mailing, counterfeiting, etc.: theproblems of identity and authenti-

city have never been as virulent and wide -spread as they are today. However, digitalidentification combined with biometricsalready has a good head start on theFalcianis and the other Arsène Lupins of theWeb, technologically and conceptually.Whereas traditional approaches to IT secu-rity concentrate their efforts on the reinfor-cement of infrastructures (physical accessto servers and networks), digital certifica-tion makes a point of protecting the actualdata, the nerve center of this war, and, byextension, protecting its integrity. “Ofcourse, absolute security does not exist,nor does zero risk, but it can be greatlyreduced with these technologies. Securingdata and electronic transactions is at thetop of the list of risk management measures.Confidentiality is a sine qua non conditionfor the establishment of fruitful partner-ships, especially in the banking sector,”stated WISeKey CEO & founder, CarlosMoreira.

Every individual is a riskThe digital identification and electronictransactions specialist, WISeKey, is not atraditional IT security firm. Its businessmodel does not consist of setting up infra-structure fortresses to protect their clientsmerely from outside attacks. “WISeKey’smission is to digitally secure the individualand his or her transactions, and not to build

firewalls!” said Jérôme Darbellay, ChiefResearch/ Strategy Officer at WISeKey. Asmany studies have already revealed, therisk of theft, falsification or manipulation ofdata is mainly the result of internal actions,and is more often than not due to ignorance. The gap in security occurs preciselybetween the physical person and the digitalidentity, or “virtual avatar”, that has accessto information such as online accounts oremails. This has to be filled by high-gradeauthentication, for the individual as well asfor the virtual alter ego. Digital certification,known as PKI (Public Key Infrastructure), isthe only way to do this. Put simply, it allowsdata to be secured independently from theinfrastructures in place, through the use ofelectronic signatures, which guarantee theorigin (source) of the data, and also through

encoding or encryption, which regulateswho can have access to what (the destina-tion). The principle of a digital identity is compa-rable to that which governs your bank cardand its pin code. If you have lost your walletand you kept your pin code in it, the bankwill not reimburse you if your account isdebited. Personal responsibility is handledin the same way within the framework ofPKI. Each exchange of information consti-tutes a formal contract, on the behalf of thesender as well as the receiver. “Other tech-nologies that compete with PKI have neitherthe legal framework nor the guarantee ofidentifying the person (or the object) towhom the digital identity is delivered,”added Jérôme Darbellay.

Authenticating confirmed identitiesThe renewed interest of banks and govern-ments in identity management has pushedPKI technologies to the front of the stage, asit is not an identification system but asystem for the authentication of confirmedidentities. This means that attributes suchas surname, name, year of birth, place ofbirth, profession, registration in the com-mercial register, serial number, etc. havebeen previously confirmed and legally certi-fied beforehand in the real world by atrusted third party (administrations orgovernments). “It is the ultimate barrieragainst leaks or improper usage of data.This process allows the hierarchical organi-sation of access to the data, and the imme-diate withdrawal of access should there beany doubt (for example in the case of theftor manipulation of data). Also, only themembers of the management of a businesshave access to all the information,” addedCarlos Moreira.

IT SECURITY

B&F BANKING SOLUTIONS38 B&F

DIGITAL IDENTIFICATION

The ultimate barrieragainst data leaks For digital identity specialist WISeKey, only PKI technologies combined with biometric dataprovide the legal framework necessary for the identification of people and objects.

Carlos MOREIRA*

Carlos MOREIRA, Founder & CEO, WISeKey

BF_HS10_BF_HS09.qxd 29.09.10 22:39 Page38

SPECIALIZATION

These principles of digital identification are adaptable to the protection of dataand/or individuals within almost any pre-existing IT system in any sector in need ofstrong authen tication: health, watch mak -ing, public sector, mobile communications(by integration of certificates in the SIMcards), banking (Norwegian and Americaninstitutes, for example, base their securetransaction system, BankID, on PKI). Thistechnology is also widely used in the frame-work of eGovernment projects: the systemof electronic tax declarations is one of the most important large scale uses of PKI. Credit card issuance companies anddigital passport projects can also be givenas exam ples of those that trust this infra-structure. n C.M.

*Founder & CEO, WISeKey

(Translated from the French article edited bySylvie Gardel)

B&F BANKING SOLUTIONS B&F 39

BF_HS10_BF_HS09.qxd 29.09.10 22:39 Page39