who am i now?

© 2006, ACCESS Co. Ltd. All rights reserved.

“Who Am I Now?”:

Identity and Mobility

David “Lefty” Schlesinger Director, Open Source Technologies

OSDL NEPs and Carriers Face-to-Face 10 Oct. 2006

Copyright © 2006, PalmSource, Inc. All rights reserved. 2

Do you know me?

  “How can you tell?”—Dorothy Parker, on being told that Pres. Calvin Coolidge had died

  Identity in the literal village (c. 12th century) is fundamentally different than identity in the virtual village (c. 21st century)

  When mobility is limited, establishing identity is relatively easy

  As mobility increases, establishing identity becomes both more difficult, more important, and potentially more useful

Copyright © 2006, PalmSource, Inc. All rights reserved.

How Is Identity Established?

  First-hand Recognition

•  This is the trivial case

•  Limited utility outside of very constrained contexts, by its very nature

  Second-Hand Recognition (aka “Introduction”)

•  A mutually trusted third party is necessary to make the introduction

•  Second-hand recognition becomes first-hand recognition

  You know me, you know her, but does she know me?

•  Identity relationships are not inherently transitive


Increased Mobility Requires Credentials

  Reputation could be passed on, one hop at a time.

Someone had to vouch for you, or give you a reference

  As we travelled farther, we needed credentials

  As we did more things, and needed to establish our

identities for different purposes, we needed more

credentials

  Today, we travel farther than ever, both physically and

virtually; we do more things than ever.


Third-Hand Recognition…

  …otherwise known as “credentials”

•  Again, a trusted third party (aka “an authority”) is required

•  A business card is not a credential; lose your wallet and see for yourself!

•  My driver’s license is not generally helpful in Nepal…

  Credentials need to be authenticatable

•  The authority can (hopefully) validate credentials, but this is not always practical…

•  Challenges and responses…


Some Different Kinds of Credentials


A Quick Digression…

  The GSM/SIM system is the most widespread identity

management infrastucture ever created…

•  More than 1.7 billion subscribers in over 200 countries at the end

of 2005

•  There are more countries with GSM systems than there are in the United Nations!

•  There are more countries with GSM systems than there are with McDonalds!

  UMTS/USIM will make even greater functionality available


Who I Am Depends on What’s Going On

  A particular “identity”, i.e. a given credential, is only meaningful in a given context and domain

•  Driver’s license at the airport ticket counter…? Okay!

•  Passport at the airport ticket counter…? Okay!

•  Driver’s license at the roadside…? Okay!

•  Passport at the roadside…? Not okay.

•  Passport at immigration…? Okay!

•  Driver’s license at immigration…? Not okay.

  Potentially, my mobile device can encompass all these credentials and more…


Authentication

  Authentication reliably associates an actual human being (i.e. a physical identity) with a digital identity

•  Via something you know (e.g. a password)

•  Via something you have (e.g. a token)

•  Via something you are (e.g. biometrics)

  Strong authentication requires multiple factors

•  My passport functions as a two-factor authentication: a physical token with an embedded “biometric device”…

  As we do more with our mobile devices—i.e. as our mobile devices hold more, and more sensitive information about us—the need to authenticate increases


Another Brief Digression

•  The hanko: something you have… 鏡石 ==

•  Hanko design requires research; they need to be unique, even for common names –  430,000 people in Japan have the last name “Sato”

•  This is why archaic scripts, such as tensho (i.e. “seal script”) are used for this sort of thing…

•  Since the hanko is only a single-factor authentication scheme, and since there are no protections against copying, physical or digital, hanko counterfeit is a growing and serious problem in Japan


One Response…

  Mitsubishi Pencil Co. introduced the “Dial Bank Hanko”…

  Two eight-position dials alter the arrangement of the pattern on the outer rings

•  64 possibilities…

•  Acceptance has been…slow


Who I Am Depends on Who You Are

  Identity is about relationship and access

•  My work “identity”: access to my corporate network, servers, etc.

•  My cellphone “identity”: access to my provider’s network

•  My Google “identity”: access to email, etc.

•  My Amazon “identity”: access to my recommendations, past orders, etc.

  Managing a multiplicity of “identities” becomes

increasingly difficult…


Multiple Identity Disorder…?

  Even in a given context, one can have multiple identities.

At work I have:

•  An email “identity”

•  A source code management system “identity”

•  A bug tracking system “identity”

•  A payroll system “identity”

•  And several others…


Names

  Names abstract multiple identities, multiple kinds of identity, and the attributes of identity

•  My web page changes, but the URL remains the same…

  Names simplify access to identity

•  “www.google.com” or 72.14.205.99 or 72.14.205.104 or…?

  For a name to be useful, you need access to the information it abstracts

•  This is the function of “a directory”

•  LDAP is one example: I can access all my work “identities” through a single password…


Partial Identities

  Mary has

•  A Social Security number

•  An auto insurance policy number

•  A work phone

•  A personal mobile phone

•  A diary

  Boyfriend Bob sees



•  A work phone


•  A diary


Partial Identities

  Mary has



•  A work phone


•  A diary

  Mary’s employer sees



•  A work phone


•  A diary


Why Partial Identities?

  In a secure system, access to resources is based on the “principle of least privilege”

  Similarly, in identity management, access to information should be based on the “principle of data economy”

  Transactions should be

•  Unobservable: they directly reveal no information about the parties involved

•  Untraceable: no framing information is usable to identify the parties involved

•  Unlinkable: no two transactions can be associated with one another

  Anonymity should be the baseline…


“But wait, there’s more!”

  As mobile devices, and the systems supporting them become more capable, the information which can be incorporated into one or more of our identities expands:

•  Location

•  Location history

•  Friends and contacts

•  Preferences

•  Buying habits

•  Etc…


Expanded Identities, Expanded Services

  Based on my preferences, location and time of day, the content of my personal mobile “portal” can be customized…

•  Most likely in coordination with service-providing partners

  “I’m away from home, it’s lunch time in this time zone, and I like ramen…”

•  I like places with counters better than places with tables…

•  I especially like Sapporo-style miso ramen…

•  Etc., etc…


A Sample Enhanced Transaction

  I choose a participating restaurant from the selection on my phone’s customized portal…

  A token (a credential) is transferred to my phone by the service provider…

  When I go to the (physical) restaurant, my phone transfers the token back…

•  I get a discount on my ramen

•  The service provider is paid a “finder’s fee” by the ramen-ya

•  The service provider pays a participation fee to the network operator


A Couple of Points…

  My mobile operator doesn’t need to know I like ramen,

only that I received a token (of some sort) that I might redeem…

  The ramen-ya doesn’t need to know anything about me

(other than that I’ve presented them with a verifiably valid

discount token)


More Scenarios…

  Based on my location and my DVD-buying habits…

•  The service provider recommends a movie to me…

•  I buy an “e-movie-ticket” through my mobile device…

•  My mobile operator passes the payment to the theater…

•  The theater pays the service provider…

  The service provider is able to leverage the mobile

operator’s billing infrastructure!

  My phone can be my wallet—eCash experiments in Tokyo…


Some Proposed Definitions

  Mobile Identity = Data + Policies regarding the use of that

data

  Mobile Identity is a set of claims a “digital subject” makes

regarding itself


Challenges

  Security is not generally a goal of users, they don’t view it

as making them more productive…

  Users underestimate the consequences of insufficient

security

•  Thus, they are not willing to invest a lot of effort in order to learn how to use security mechanisms…


What’s Needed Here…?

  User-friendly interfaces need to be developed for the non-

expert to prevent unintentional misuse

•  Different “partial identities” for different purposes

  Verifiable linkage between real and digital identity on user’s device is critical to prevent impersonation

  Published identifying data—both personal and device

characteristics—must be protected against misuse


What Are We Doing?

  The ACCESS Linux Platform provides facilities which can

be leveraged for on-device identity management

•  A flexible, policy-driven security infrastructure

•  Support for a variety of authentication schemes through Linux’s PAM infrastructure

•  Certificate management services

•  SIM tool kit

•  Vaulting services


Some Recommended Reading

  The Consortium of the Future of Identity in the Information

Society (FIDIS): www.fidis.net

•  D3.3: A Study on Mobile Identity Management

•  D11.1: Towards a Taxonomy of Mobility and Identity

  Digital Identity, J. Philip Windley, O’Reilly Books

who am i now?

Technology

particular identity

identity relationships

nepal credentials

responses copyright

transitive copyright

credentials reputation

useful copyright

firsthand recognition