Monthly Archives: May 2020

Spotlight on Auth0

1. What is the mission of Auth0?

Auth0’s mission is to secure the world’s identities so the innovators can innovate, meaning we remove the hurdle of identity so application builders can focus on other things. Auth0 provides the simplicity, extensibility, and expertise to scale and protect identities in any application, for any audience.

2. Why is trustworthy digital identity critical for existing and emerging markets? 

From streaming your favorite television show to buying an airline ticket, no one can function without having some level of a digital identity. With credential stuffing, password spraying, phishing, and other malicious attempts constantly multiplying with no slowdown in sight, a trustworthy, secure digital identity practices must be put in place.

3. How will digital identity transform the Canadian and global economy? How does Auth0 address challenges associated with this transformation? 

On the business side, there is an increasing pressure to provide personalized services and seamless integration with other services your customer uses, while offering solid guarantees of privacy-preserving practices and resilience against increasingly sophisticated attacks. 
To meet these business demands, developers need to be able to rely on the best of breed of identity technologies and services, without being forced to become domain experts in security, identity, privacy, and all the other disciplines required to meet and exceed the high standards customers increasingly take for granted. 
Auth0 will continue to offer new and ever-improving ways of empowering application builders to easily handle the identity aspects in their solution, taking advantage of the new opportunities, features, and capabilities the industry and identity transformation will bring.   

4. What role does Canada have to play as a leader in the space? 

Canada is a leader in the identity space and a key contributor in the global movement to make digital identity secure and easily accessible for existing and emerging markets. 

5. Why did Auth0 join the DIACC? 

We’re thrilled to join the DIACC and connect and collaborate with leaders in the digital identity space, and aid Canada’s digital identity innovation efforts.

6. What else should we know about Auth0?

We recently launched Auth0 Signals, a collection of threat intelligence tools and product capabilities designed to protect customers from identity attacks for added value and security. By inserting threat intelligence and risk analysis into the IAM system, we’re reducing identity attack opportunities, offering a frictionless experience, and saving critical time and money for our users. 
Additionally, we recently unveiled Auth0 Explorer, an experimental research tool for application developers to map, visualize, and navigate the design of identity authentication architecture, a crucial element in the creation of secure applications. Auth0 Explorer is born from our ongoing and never-ending quest to make the very complex world of identity simpler for application builders.

DIACC Launches New Special Interest Group (SIG) to Address Foundational Identity

Collaboration is at the core of the DIACC’s work, and we are pleased to announce a new initiative – one that engages multiple stakeholders to further advance digital identity. 

We’re pleased to advise that DIACC’s Foundational Identity Special Interest Group (SIG) will launch soon. This is a great opportunity to connect insights. Participation is open to DIACC members and non-members. All are welcome. 

This SIG will seek to answer one question: “How can existing birth and immigration record sets be used to improve service delivery and reduce fraud?” This SIG will develop recommendations for a roadmap for improving service delivery and reducing fraud through better identity resolution capabilities. 

Reference the Foundational Identity SIG Charter for additional information.

To learn how you can get involved, please contact us at info@diacc.ca.

The DIACC Board of Directors have ratified the formation of DIACC’s first SIG. DIACC SIGs are open to all sustaining members, adopting members, as well as non-members who are interested to convene discussions around a specific interest. SIGs enable more opportunities to connect subject-matter experts around the world. 

The concept for this SIG was proposed by DIACC Members Valid8ID Solutions and the Government of British Columbia. The SIG will form to discuss opportunities for ‘Reducing Identity Fraud by Leveraging the Existing Unique Foundational Identities’. A topic that has been presented to DIACC’s Innovation Expert Committee (IEC).

“The work of this SIG is important because, when our foundational identity systems and processes are weak, the opportunity to have strong, well-trusted digital identity solutions is diminished.”

Andrew Johnston, IEC Co-Chair

As the name implies, foundational identity is a key concept, he explained, as components of the Pan-Canadian Trust Framework (PCTF) make reference to “foundational evidence of identity” which is evidence that is commonly kept in a birth registry for example. These records serve as the starting point for official and authoritative identification of people. Unfortunately, fraudsters may take advantage of such systems to defraud government programs and service providers, as well as to impersonate real people. 

“If we’re going to build digital identity solutions that can be trusted, building on a solid and trustworthy foundation is fundamental to that mission,” he added.  

“For a number of reasons, variants of our legal names are quite commonly used on secondary documents such as driving permits and resident cards,” explained Bill Pezoulas, Co-founder, Valid8ID Solutions. “The disparity between our legal name and the name used on common identifying documents gives rise to inefficiencies in identity validation in service delivery contexts and provides opportunities for identity theft and other kinds of fraud, which cost significant losses to public and private sector institutions.

The Foundational Identity SIG was formed as a forum to examine ways to anchor evolving Digital Identities in the foundational record sets to reduce inefficiency and fraud, Pezoulas said. The anticipated outcome of the group’s discussion is to recommend approaches to engage foundational evidence authorities regarding opportunities to increase trust in our Digital Identity ecosystem and accelerate adoption so that Digital Identity can be a driver of Canadian economic growth.

“When I learned that the birth certificate is the one unique identifier that allows for multiple people to be named John Smith it was an “ah ha” moment,” said Don Waugh, IEC Co-Chair alongside Johnston. The anchor for identity, this document is the method by which a relying party can know which ‘John Smith’ they are dealing with.

Pointing out that, in Canada, the birth certificate is foundational for digital identities and is even more important than SINs, passports and driver’s licence numbers, Waugh said that when identity attributes are anchored to this document, it eliminates the confusion that arises form duplicate names and alternate nicknames.

SIGs are a great way to engage broad Pan-Canadian and international discussions and we expect that more SIGs will be established going forward. Johnston noted that all ideas are welcomed, and topics or challenges of interest should be brought to the attention of the IEC. “The motivating drive of this committee is to organize members of DIACC and the identity community at large to address outstanding problems, kick the tires on new approaches and assist in the alignment of those new approaches to the PCTF,” he said.

OARO: Fighting COVID-19 with Automated Temperature Screening

by Brenan Isabelle, Director, Enterprise Solutions, OARO

As the world is grappling with coronavirus (COVID-19), minds are churning with the desire to come up with innovative ideas. We need solutions, and fast.

Leveraging our OARO ACCESS product line, a physical access control system that uses facial recognition and blockchain identity technology, the team at OARO took a leap forward – offering a technology solution to meet the needs of the current pandemic. 

Mainly used to secure areas in New Brunswick’s Saint John Airport, we have expanded this line to now feature an optional body temperature module for fever screening. A common symptom of COVID-19, up to 80 per cent of individuals suffering from the virus may have a higher than normal temperature, making temperature a critical factor to measure. To enable fully automated detection of elevated body temperatures, OARO has integrated the latest generation of smart thermal cameras with our AI-based facial recognition technology. Additionally, with this solution, physical contact at entry points is also greatly reduced.  

How does temperature screening work?

Involving both a thermal camera and a visual camera, the two video feeds are streamed back to a computer server that uses facial recognition to automate the temperature screening process. Artificial intelligence recognizes faces in the visual video stream, identifying the best place to measure skin temperature, which is near an individual’s inner eye (the tear duct). It is important to note that this is not a diagnosis, it is simply a screening method.

Why temperature screening in the time of COVID-19?

One issue in today’s health sensitive world is that many physical access control systems use either palm or fingerprint readers, which carry the risk of viral transmission. Thus, there has been a shift towards the use of facial recognition and thermal cameras. Our vision at OARO is to have this integrated within access control or video management systems, optimizing it for large enterprises. 

For contactless access control systems, there are two various set-ups: a thermal camera can run automated facial recognition at an entry check-point, and the gate could be configured to open for authorized employees and contractors. Alternatively, smart facial recognition terminals can be installed at doors, and read employee keycards. 

What differentiates OARO’s thermal screening approach from other thermal screening approaches? 

We are striving to move away from having trained operators, with an entirely automatic system that scans multiple faces so people do not have to stop at screening points. 

As with all technologies today, maintaining a responsible approach to privacy by design and data management is key, as is compliance with PIPEDA and Canada’s Privacy Act. If done wrong, this technology has the potential to be quite invasive and “big brother-esque.”

An extremely popular technology today, the current demand for thermal cameras is very high (there is limited inventory across North America)! As businesses are considering this technology, which many are, it is important to remember that, despite being in a pandemic situation, identity and privacy needs must be continually upheld. As many of the current systems were not built on privacy by design principles, our goal was to take a modern, blockchain and cryptographic approach to this, rather than one that is centred on surveillance and big data.  

Learn More about DIACC member initiatives and identity solutions including OARO’s within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances.

About the Author: Brenan Isabelle

Brenan is the Director of Enterprise Solutions at OARO. Brenan’s background is in private equity and venture capital investments. Prior to this, he was a strategic and operations consultant at Deloitte — the largest professional services network in the world and a bond trading analyst at Scotia Capital. He holds an MBA in finance from Dalhousie University and a BBA from St. Francis Xavier University. Outside work, Brenan is an expert skydiver with over 3,700 logged parachute jumps.

Reliance on the Internet and the Battle Against COVID-19 Highlight the Need for Multi-Channel Authentication

By Karl P. Kilb III, CEO, Boloro Global Ltd.

Today, as COVID-19 rocks the world, the importance of digital identity solutions are only emphasized. We are pleased to share a number of guest blogs in the context of the DIACC network, showcasing members with capabilities, solutions and forward-thinking ideas surrounding the pandemic.

Learn more about DIACC member initiatives and identity solutions within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances. 

Due to the COVID-19 pandemic, society is moving towards an increasingly virtual lifestyle, as many of our daily activities are now taking place in the digital realm, including online banking and eCommerce. We are all traveling non-stop on an information superhighway that was not built with safety and security in mind, as the Internet was built for mass dissemination of information and not for secure transactions and other risky activity that could allow fraudsters to run rampant with identity theft. We see stories each day about emails being hacked and Operating Systems being subjected to malware, making online activity inherently vulnerable to fraud. Our increased reliance on online activity during the current pandemic highlights these long-standing problems, as SIM Swaps, email hacks, malware, man-in-the-middle attacks and other forms of fraud are all rising dramatically. The decentralization of customer support desks may also be contributing to the ability of fraudsters to wreak havoc on current security systems in place. 

So, what can be done to put real security in the hands of consumers? 

As activity on the Internet and Operating Systems are increasingly becoming easy prey to sophisticated fraudsters who routinely exploit this single point of failure, we need to consider new approaches to security that avoid such systems. Security should not only be multi-factor, but also multi-channel, eliminating the vulnerabilities of a single point of failure. “In app security” is still touching the inherently vulnerable Internet, meaning its users are still putting all of their eggs in an unstable basket. Out-of-band security is one option that stands as a viable alternative, meaning, when activity is on one channel, authentication should be on a separate channel, providing an independent lock-and-key that cannot be intercepted and compromised. 

At a time when the world is increasingly becoming aware of the inherent vulnerabilities of virtual technologies, we are also seeing the dangers of physically touching public Point of Sale devices, ATM keypads, finger scanners, or anything that could spread the virus. During a time of social distancing, conducting multi-factor and multi-channel security safely on one’s own device is an effective approach.

Along with data protection and privacy, authentication processes must also be considered. In Europe, for instance, the Payment Services Directive (PSD2) defines Secure Customer Authentication, and the General Data Protection Regulation (GDPR) defines the guidelines for protection of personal data, regardless of the form it might take. There is a need to address both. One way this can be achieved is with a multi-channel approach that provides real security (both what you possess and what you know). Authentication should strive to provide assurance to the question “Is this really you?” without being unnecessarily intrusive in its use of a consumer’s personal data.

At Boloro, we believe that authentication should be multi-factor and multi-channel, separating the security process from the activity itself in order to avoid the vulnerabilities of a single point of failure. Authentication should be secure, user-friendly, instantaneous and compatible with all mobile phones, giving everyone the opportunity to safely, securely and seamlessly participate in the global economy and social media using what should be their most trusted device – their own personal, mobile handset. 

We should all strive to work together to make the world safer and healthier, and doing this through secure mobile activity is one of the ways we can work towards achieving this goal.

About the Author: Karl P. Kilb III

Karl P. Kilb III has been the CEO of Boloro Global Limited since October 2016, focusing on the licensing of Boloro Authentication for all forms of identity verification and activity validation. Boloro Authentication is patented in 84 countries and approved by the GSMA, among others. Prior to Boloro, Kilb was a pioneer in data, analytics, media, and electronic trading at Bloomberg LP, serving as General Counsel for more than 15 years. Kilb regularly lectures on identity verification, cyber security, fraud prevention, and welcomes exploring collaboration opportunities.

Self-Assessment: CitizenOne by Vivvo

This document is intended to be used by identity network providers that want to demonstrate how their solution fits into the framework and requirements as described in the Making Sense of Identity Networks white paper. This self-assessment is an informal way to illustrate the concepts discussed in the white paper and has been reviewed by Consult Hyperion to ensure it is objective, accurate, and aligns with the framework.

View the self-assessment: CitizenOne by Vivvo

Self-Assessment: Verified.Me by SecureKey Technologies Inc.

This document is intended to be used by identity network providers that want to demonstrate how their solution fits into the framework and requirements as described in the Making Sense of Identity Networks white paper. This self-assessment is an informal way to illustrate the concepts discussed in the white paper and has been reviewed by Consult Hyperion to ensure it is objective, accurate, and aligns with the framework.

View the self-assessment: Verified.Me by SecureKey Technologies Inc.

A Summary: Making Sense of Identity Networks

Who do identity networks serve, what functions do they support, and what are some key questions to consider, when selecting a network? This infographic distills the key concepts laid out in the DIACC white paper Making Sense of Identity Networks, based on research performed by DIACC member Consult Hyperion and developed in consultation with DIACC members.

Download the infographic: Making Sense of Identity Networks Infographic 

Download the paper: Making Sense of Identity Networks

Making Sense of Identity Networks

This DIACC white paper is based on research performed by DIACC member Consult Hyperion and developed in consultation with DIACC through a community review process, provides an objective and impartial comparison of identity networks. Considering the different types of identity networks that currently exist or are being developed, and using ‘Mary’ as an example, the paper presents a high-level framework with which to understand and assess them, offering guidance to those who are considering participating in such a network.

Download the paper: Making Sense of Identity Networks 

Read the infographic: Making Sense of Identity Networks Infographic

Reference industry self-assessments: Verified.Me by SecureKey Technologies Inc.; CitizenOneTM by Vivvo

How does this apply to your solution? Contact us to contribute a self-assessment