Written by Technorati Tags: ID cards, predictions, security
William Gibson, as I (and just about everyone else) always point out, once said that the future is already here, it’s just unevenly distributed. In other words, all of the technologies that will transform IDM over any reasonable timescale for organisational planning already exist (hopefully we’ll get a peek at some of them at the Digital Identity Forum next month). We just need to look around to see where they are being used, try and work out which ones will work in the mass market and then set about deploying them. Easy, really.
I have to say that I’m not sure that untried technologies are required. A well-engineered combination of smart cards, biometrics and PKI would seem to be a reasonable platform from which to build corporate and governmental solutions. The smart card to store your digital identities, the biometrics to authenticate your access to them and PKI to communicate them over networks (together with credentials).
The first step on the critical path must be the smart card, because until we get some tamper-resistent hardware into the identity loop we’re in a world where everything can be counterfeited with minimal effort. Now, the smart card from your bank (on your chip and PIN card) or from your mobile operator (your SIM card) would do just fine. A smart card superglued to the motherboard of your PC (anyone remember Palladium?) would work in some circumstances. But being able to carry your identities round with you and then plug them into whatever device you want to use would be even better. Microsoft would appear to agree and has apparently added support for smart cards and digital certificates to Vista. I’d love to see smart cards integrated with PCs. I hope it’s done the Japanese way: using small contactless readers built in to the laptop or desktop to make contactless verification (using both contactless cards and contactless phones) is so easy, convenient, simple, quick and, well, just plain cool.
Dave .. you are probably right for the end game. The old idea of dig certsproved way to expensive, and smart cards achieve that, once and assuming card readers are pervasive.
In the meantime the software solutions such as PassMark, and Bharosa are filling the gap, but they are not completing the payment experience, which is where you are going.
Re Japanese experience and cards embedded in phones, and including pin on the phone capability, this certainly sounds like a great solution, but North American, and to a certain extent European rules/ associations/ regulations make it hard to agree on standards for such solutions.
I’m sure you’re right that it will take time for European banks, operators and others to co-ordinate the standards and procedures needed, but the technology model (ie, waving your phone at things to prove who you are) is just too appealing for them to drop.