Entities, Identities, & Registries
Heather Vescent
SSI Meetup | September 2019
Gaps in Corporate and IoT Identity
Creative Commons license. (CC BY-SA 4.0).
SSIMeetup objectives
Alex Preukschat @SSIMeetup @AlexPreukschat
Coordinating Node SSIMeetup.org
SSIMeetup.org
Who am I
Heather Vescent
Creative Commons license. (CC BY-SA 4.0).
Research Background
Objective: Research private sector companies digital identity and data privacy processes, with an emphasis on identifying market failures.
Creative Commons license. (CC BY-SA 4.0).
Current State
Creative Commons license. (CC BY-SA 4.0).
What is a Non-Person Entity Identity?
Creative Commons license. (CC BY-SA 4.0).
What is a Non-Person Entity Identity?
Company
(legal entity)
Creative Commons license. (CC BY-SA 4.0).
What is a Non-Person Entity Identity?
Thing
(IoT device)
Company
(legal entity)
Creative Commons license. (CC BY-SA 4.0).
What is a Non-Person Entity Identity?
System
(network)
Thing
(IoT device)
Company
(legal entity)
Creative Commons license. (CC BY-SA 4.0).
How many identities?
180 Million Companies
2 Gov + 3 Business IDs
900 million identities
7.7 Billion Humans
34-48% online
2 Gov + 5 Online ID
18-26+ billion identities
(FB: 2.38B, G:2+B users)
25-75 billion IoT devices
(by 2021)
35 million packages daily shipped/tracked
(UPS & FedEx)
9 billion yearly
Creative Commons license. (CC BY-SA 4.0).
How many identities?
180 Million Companies
2 Gov + 3 Business IDs
900 million identities
7.7 Billion Humans
34-48% online
2 Gov + 5 Online ID
18-26+ billion identities
(FB: 2.38B, G:2+B users)
25-75 billion IoT devices
(by 2021)
35 million packages daily shipped/tracked
(UPS & FedEx)
9 billion yearly
~100 Billion Identities
Creative Commons license. (CC BY-SA 4.0).
+ robot identity?
Creative Commons license. (CC BY-SA 4.0).
NPEs are given identity (Registries)
Creative Commons license. (CC BY-SA 4.0).
Web of Organizational Trust
Creative Commons license. (CC BY-SA 4.0).
NPE identity requires human identity
Creative Commons license. (CC BY-SA 4.0).
Why important to Government?
Creative Commons license. (CC BY-SA 4.0).
NPE is complex
NPE Identities
Creative Commons license. (CC BY-SA 4.0).
Report identified 11 Market Gaps
Corporate NPE Gaps | IOT NPE Gaps |
1. Legal Identity of Corporations | 1. Legal Identity of IoT Things |
2. Conclusive Ultimate Beneficial Owner | 2. Tracking and Auditing in the Supply Chain |
3. Conclusive Verified Corporate Data | 3. IoT Security Standards |
4. Corporate Delegation | 4. IT Self-Authentication |
5. Real-Time Verified Identity | 5. Data Integrity from IoT Sensors |
6. NPE Responsibility | |
Creative Commons license. (CC BY-SA 4.0).
1: Legal Identity of Corporations
“KYC and associated processes cost the average bank $60m annually.” - Consult Hyperion report
Creative Commons license. (CC BY-SA 4.0).
2: Conclusive Ultimate Beneficial Owner
Creative Commons license. (CC BY-SA 4.0).
3: Conclusive Verified Corporation Data
Creative Commons license. (CC BY-SA 4.0).
4: Corporate Delegation
Humans enter into contracts, make financial transactions, and take other actions on behalf of the corporation. There are processes to initiate this delegation, and the need for up-to-date information of who remains authorized.
GAP: Real-time verified delegation
Creative Commons license. (CC BY-SA 4.0).
5: Real-Time Verified Identity
Creative Commons license. (CC BY-SA 4.0).
6: NPE Responsibility
Creative Commons license. (CC BY-SA 4.0).
7: Legal Identity of IoT Things
Identity is built into very few IoT devices. There are no universal standards or regulations around which IoT objects have an identity assigned at “birth,” unlike a baby registry or corporate registry.
GAP: Legal IoT Identity
Creative Commons license. (CC BY-SA 4.0).
8: Tracking & Auditing the Supply Chain
Creative Commons license. (CC BY-SA 4.0).
9: IoT Security Standards
“Securing IoT devices is a major challenge, and manufacturers tend to focus on functionality, compatibility requirements, and time-to-market rather than security.”
—Interagency Report on Status of International Cybersecurity Standardization
Creative Commons license. (CC BY-SA 4.0).
10: IoT Self-Authentication
Creative Commons license. (CC BY-SA 4.0).
11: Data Integrity from IoT Sensors
Creative Commons license. (CC BY-SA 4.0).
Other Impacts
One of the major reasons the Internet+ is so insecure today is the absence of government oversight. Government is by far the most common way we improve our collective security, and it is almost certainly the most efficient.
—Bruce Schneier, Click Here to Kill Everyone
Creative Commons license. (CC BY-SA 4.0).
Future: Augmented Identity
Do we need more nuanced identity?
Creative Commons license. (CC BY-SA 4.0).
Future: Combined Identity
People create a collective identity that acts in a unified way as more than the sum of its parts.
Creative Commons license. (CC BY-SA 4.0).
Why do we care?
Creative Commons license. (CC BY-SA 4.0).
Future Identity System Goals
Creative Commons license. (CC BY-SA 4.0).
Thank you + Questions
Heather Vescent
Download NPE: bit.ly/NPEreport
Download VDS: bit.ly/vdsreport
Creative Commons license. (CC BY-SA 4.0).
Entities, Identities, & Registries
Heather Vescent
SSI Meetup | September 2019
Gaps in Corporate and IoT Identity
Creative Commons license. (CC BY-SA 4.0).