Security Market Segment LS
Wednesday, 21 December 2016 12:28

Are you who you say you are?


A top security executive says it is going to take more than proofing to stop ID fraud.

A number of things are crippling trust in the Internet and email: identity theft, email spoofing, fake SMS, fake websites, fake news, cyber criminals meticulously building fake people profiles, highly-targeted socially engineered phishing attacks ... Where will it end?

The answer in part lies in “proofing” and the security industry needs to get on top of this. It is all part of the identity management conundrum – providing the surety that you are who you say you are. And it has implications for the medical, finance, and the new sharing economy as well.

China has started with its mandatory requirement to verify and enforce that all people on-line are “real” with a traceable address etc. This not only should slow impersonation and criminal use but could help control credit card fraud and identity theft. It may be a breach of privacy rights but its Cyberspace Administration of China (CAC) has that power.

Ethan Ayer, chief executive of Resilient Network Systems, explains the next steps in Identity and Access Management (IAM) solutions.

Resillent Ethan Ayers“The key to IAM will be a combination of contextual access, device-specific credentials, and proofing – all of which should leave no doubt that you are who you say you are,” he said.


Contextual Access

Many organisations today use traditional IAM systems to secure resources by attempting to establish the identity of someone requesting access. In 2017 we'll see an increased focus on safeguarding digital assets via “context” rather than just "identity".

But, as we all know too well, identity by itself in the online world is no longer sufficient. Instead, we need to understand the complete context of any access request.

New technologies that focus on contextual access can connect to online databases and other authoritative sources to answer sophisticated questions like “Is this person a doctor?” or “Is this a trusted device?”.

It should also go much further – why does this person want to access the data at midnight from Russia when they normally live in California?

These additional attributes augment identity so that organizations can be more confident that they are granting access to the correct parties.

Device-specific Credentials

To the average person, this means your smartphone becomes your password, and this will be a big improvement to existing pin or passwords based credentials. 

Some set-up is required, but once you crypto-logically "bind" a user account to a physical device the world is your oyster in terms of balancing security, convenience, and privacy.   

Being able to ask the device, and hence the user, to enter a pin, use a biometric or just "be human" is a great extra factor.


The year 2017 will be first where proofing services (not to be confused with authentication services) grow up and get online. 

Everyone knows what it is like to be proofed when you are issued your driver’s license.  It is time-consuming, rigid and frustrating, but the result is your license and it is worth the trouble because it is broadly trusted. 

Replicating this process online is a privacy minefield given how many bad actors out there would love access to all the value-able personally identifiable information (PII) you must disclose to prove who you really are 

New technologies exist that solve the privacy problem through careful obfuscation and compartmentalisation, but more work needs to be done on the standards. NIST recently highlighted the importance of proofing with their draft Special Publication 800-63-3A.

The security industry must focus on online-proofing because it is the foundation that makes credentials trustworthy and enables e-commerce, sharing economy and so much more.


Ayer is 100% right – we need to prove who we are and who we are transacting with. Past efforts to do this on a state or even a global level have spectacularly failed.

Look at the reviled “Australia” card announced by Labor Prime Minister Bob Hawke in 1985 and abandoned quickly due to privacy advocates.

Oh, to have real proof (yes, a passport is proof but it is not mandatory for Australians to have one) to stop welfare, voter, and ID fraud.

The problem is that there are too many silos of information and perhaps that is what the privacy advocates want.

But the Australia card was 31 years ago. Perhaps it is time the “industry” came up with a global, 100% foolproof, solution – until it is cracked by cyber criminals.



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments