Most of the digital innovation we hear in our relaxed daily conversation is about Facebook, Google search, Aliexpress, Reface, Instagram, Candy Crush Saga - these are the names we often recognise as digital innovators. These companies have set out a mission to make our daily lives either more efficient, fun, or independent of physical location. However there is a caveat, they make us dependent on internet and without access to internet our daily lives become awkward. At least this is how I feel and how I have seen people around me, even my mom. It also seems to me as if our home and workplaces have expanded into the internet by an unmeasurable size. Don’t we want to know every corner of our home and every possible security threat to it? Is an average internet user made properly aware of security measures and threats? Have the developers even focused on that enough?
Then there is another thought, which I think is connected to digital revolution in cyber security space. How is the situation with digitization in less leisure related fields like healthcare, law, e-governance, education and many other fields extremely important to our lives? This topic should be quite necessary nowadays as the time of pandemic and social distancing would be heavily relieved by digitization within these fields. These are also the fields, where the users cannot just make an account. The players in such environments would need to be able to show their valid ID document. Showing ID in the internet and validating it is not as easy as flipping out an ID-card from your pocket. It will not be a person checking your document, but a machine proxy. They do not speak the same language as we do. This brings the topic of digital trust mechanisms.
In Agrello, we see the importance of the internet and we want to make it feel more like home. It already has helped and saved lives during the pandemic. Thus, we are focused on technologies that eliminate possible threats that internet poses to individuals and societies. Cyber security and trust are our priorities in order to protect from the abuse of privacy and anonymity. Stay with us as we share our proposals to make the internet together. The discussion is open, so feedback and comments are extremely welcome.
In fields like healthcare and government services, there is a necessity that there are no fake actors in the ecosystem and everyone is identifiable as a real person. Trusting the authenticity of a person online is a complex chain of elements, but achievable in a form that is easy to use.
First it is necessary to have a digital identity. At first it is basically just a digital account. There must be private credentials for operating under the given digital identity. The framework of generating, managing and operating with these credentials must be built with the expectation that there is no reasonable doubt about who is technically in sole possession of these credentials. A part of these credentials should assume physical possession of a device in order to operate with the credentials. The latter rules out the use of common password mechanisms we use to log into Facebook or Gmail, because password information is stored in central servers and can suffer attacks towards multiple users from a single point.
Then it is important to link an identity verification to it. Services like Veriff, Jumio, Onfido and others are expanding fast. There are also physical and NFC chips placed in ID documents, but these solutions seem to be regionally very different and restricted. Another option is to visit an office physically, which then does the verification and issues the private credentials that are bound to the identity verification.
In Agrello we have built a system that utilizes Public Key Infrastructure (PKI) to ensure the sole possession of access credentials. This works through a digital signing mechanism that enables both digital signatures and login authentication. Everyone is in possession of their access secrets and password leaks cannot happen on a massive scale. With iOS and some Android devices we utilize FIDO certified security chips in the devices to keep the access secrets unobtainable. For identity verification we have partnered with Veriff, which provides identity verification online. Veriff is able to detect any attempts to enter malicious prefabricated identity information into the verification session.
With this, we are able to provide digital signatures for every situation and business relationship there is, including the ones where the parties have high risk but very little knowledge of one another. Our vision however, is bigger. It is to strengthen the security in existing digital environments and enable emergence of digitization in fields which have currently been challenging to digitize.
Follow our blog as I will challenge the existence of our digital lives and propose solutions to some of the bigger problems we face online and problems we face because we are not online. Let’s make life-saving digital technologies possible. Try out our digital signatures platform at https://docs.agrello.io/login
I would also like to thank all survey responders for sharing your thoughts on digital identity. The survey is still open and we would be grateful to receive your answers.
I appreciate you taking the time to contribute to this thread. The survey has 6 simple questions and it will take less than 2 minutes to complete. As a reward, we will announce 50 winners who will have free access to use .ID digital signatures professional subscription for 6 months.