Open ID: The Perfect Idea with Not So Perfect Results

OpenID was a great idea in the beginning. However, not everything that was intended to be a good thing turns out perfectly. OpenID was meant to save users time and browse the web more efficiently. OpenID made a promise to users that they would have the ability to explore new websites without having to create a new account with a new website while also having a single, consistent identity throughout the World Wide Web.

OpenID made a promise to users that they would have the ability to explore new websites without having to create a new account with a new website while also having a single, consistent identity throughout the World Wide Web, but it was just too complicated to use.

It was a promising idea, but…

With more than 50,000 websites that supposedly support the use of OpenID with more than a billion of users, hardly anyone actually utilizes it because of the fact that it was complicated to implement. Each website uses OpenID differently, which ultimately confuses the masses. Therefore, people may have it but rarely use it.

Facebook is the main catalyst to why OpenID has been pushed under the rug. Facebook Connect does nearly the exact same task as OpenID. The difference is that Facebook does it considerably more effectively. People recognize and are familiar with Facebook, therefore, making it much easier to understand.

OpenID may sound as if it’s “knocking it out of the part” with its 50 something thousand supported websites and a billion or so users. However, Facebook has numbers doubled that. What’s most impressive is that Facebook has been around less than half as long as OpenID. Facebook’s main advantage is its brand. Practically everyone with an internet connection has a Facebook account these days. With Facebook Connect, you can create a new profile on whichever website you’re trying to join utilizing your Facebook details, and you have this ability to do so with well over 250,000 websites.

Lack of Security Detail

Another issue that OpenID poses is its lack of security detail. The way a user chooses to authenticate their ID is completely in their hands. Therefore, there is no set level of security. This can pose problems while using the OpenID because it can potentially put users at risk of having their ID hacked. However, there is a lot of development going on with the OpenID Provider Authentication Policy Extender, or PAPE for short. These new developments will assist website owners to detect the providers they can trust by assessing their means of authentication the user utilizes in order to gain access. Hopefully, these new developments will help form a strong security protocol with OpenID.

For now, Facebook is in the lead with their ability to allow internet users to use their Facebook information in order to sign into or sign up with new websites. However, the is potential for OpenID to at least become equal with Facebook. We’ll just have to see how their new developments pan out.

Why Businesses Should be Transparent about Data Collection

Trust is the foundation for success in business. Without trust, an individual cannot know if a company is telling them the truth. Consumers never trust a business that suppresses or manipulates personal information. If a firm has proven their data is secure, they submit it back to the company without reluctance. What’s next for Our Personal Data? The ongoing concern is how to monetize personal information while keeping it safe. Is the outlook for personal data, selling intelligence to online companies for a profit? Will data become a currency of the future?

Data privacy must be accelerated beyond targeted advertising. Consumers have the fundamental right to know what information is shared and where it is locked away.

Consumers know their personal information is being collected. As long as data sharing contributes to better products and services, customers enjoy the technology. A leading research firm, Gartner estimates there are over 5 billion connected “things” worldwide. The company forecasts that number to quintuple by 2020. Data privacy must be accelerated beyond targeted advertising. Consumers have the fundamental right to know what information is shared and where it is locked away.

Ethics and Targeted Advertising

With advancements in digital technology, companies accumulate vast amounts of consumer records. Connected products foster data collection. Most users realize their fitness equipment, and home thermostats collect personal data. However, they do not comprehend how much of their individual intelligence is being collected. Google’s Nest Thermostat adjusts home temperatures without user intervention. The device records how hot or cold you like your home, based on location and family routines. This information is then saved in the cloud for future use and targeted advertising.

Transparency must be the objective of companies collecting personal information. Experts agree, there needs to be a “privacy by design” business model. Consumers need the flexibility to balance their privacy settings. Business performance relies on the viability of their data. Great companies know where to uncover value in the data they compile and how to maximize that knowledge for profit. Digital advertising has grown into an intricate method of technology, targeting the most receptive consumers.

There are enormous opportunities for abuse. The Cambridge Analytica scandal emerged in March 2018. The Ensuing public outcry over how companies harvested data has changed Facebook forever. Other than the consumers affected, hardly anyone remembers the 56 million credit card identities stolen from Home Depot. Large-scale data breaches are becoming just another headline.

Quantum Computing

Enormous volumes of incoming data flows have allowed companies to confront the most complex challenges. Companies must have clean, trustworthy information. Authorization to access personal data should carry significant controls. As an example, doctors, environmental protection personnel and screened government employees should have unencumbered access to their systems.

The RSA scheme is used to protect emails, bank transactions along with the most sensitive personal data

The RSA public key cryptographic system is one of the most universally used encryption methods. The RSA scheme is used to protect emails, bank transactions along with the most sensitive personal data. Arvind Krishna, Director of IBM Research, has warned: “quantum computers will be able to instantly break the encryption of sensitive data protected by today’s strongest security.” Krishna says this could happen in as little as five years.

Since the 1980s, quantum computing has been acknowledged to be an excellent structure for handling massive amounts of numbers. However, building a quantum computer was not feasible. Advancements in materials and physics have produced significant discoveries. Large commercial quantum computers are now viable. The recent regulation passed by the European Union is a step in the right direction. The “General Data Protection Regulation” has revamped the way companies can interact with their users and how businesses collect personal data.

OpenBSD project

The OpenBSD Project started when a member of the NetBSD program was asked to resign from his position. This man named Theo de Raadt was able to move his own version of the BSD license to his home in Calgary, and he began to coordinate his own project. He believed very much in the open sourcing of the project, and he wanted to give his customers something that served as an improved version of the NetBSD that had worked on. He knew that he could update his system faster on his own, and that is where he came up with what we know as Open BSD. This is a storage system that is secure, and it has been coded perfectly at every step. Someone who is watching from the outside will find that this is a precise system that is open to input.

The OpenBSD Project started when a member of the NetBSD program was asked to resign from his position

Open Source And Imput

The open source of the OpenBSD Porject has contributed to many of its bes timprovements, and all these pieces of input are poured over carefully by Mr. de Raadt. He knows that his product depends on the accuracy that he creates in his coding, and he has worked quite hard to build a reputation for the accuracy of his coding. This gives him an upper hand on other companies that are spitting out as much content as fast as possible, OpenBSD is a quality controlled product that anyone may use knowing that is will perform perfectly when they begin to use it. Someone who has an improvement to suggest has it checked, and the storage system and operating system have grown quickly because everyone who uses it finds that it works the first time out.

Security

Security is a major factor in the development of the OpenBSD Project, and the improved security has allowed a number of people to use this system without a second thought. They are pleased to know that Mr. de Raadt watches over the items that are built with this system, and they find that he is alerting anyone to problems that have been uncovered with security. It is much safer to use OpenBSD because of the meticulous nature of the founder, and these people will continue to recommend this system because of the personal service they get. Many other storage and operating systems are controlled by large companies that do not offer personal service, and they are beat out in this area by the small business that is known as the OpenBSD Project. This simple outgrowth of a disagreement at NetBSD has ensured that there are more options on the BSD market where people search for their storage and operating needs.

Google’s Cloud Identity Management Services for Developers

Big technology players are vying to be the first over the finish line for universal security. It’s a vast global market with billions of devices and users as the end game. Google is taking advantage of its dominating internet position by setting comprehensive security standards. Google’s cloud security initiative has been constructed to satisfy the growing demand by consumers, for better security in their digital lives.

Google's cloud security initiative has been constructed to satisfy the growing demand by consumers, for better security in their digital lives.

Tech giants realize security must come first with any modern code being created. Companies are rushing to bring legacy systems up to industry guidelines. Customers must depend on their screens, no matter if it is a mobile device or desktop. Without complete confidence at login, consumers will turn off in pursuit for alternatives.

Google’s cloud identity management service will be an ongoing company effort. Millions of apps accessing Google’s cloud platform have a fresh collection of identity management tools. Googles new security initiative offers identity protocols for app builders with a drop-in service.

Introduction to Google’s Cloud Identity Management Services

Google’s Cloud Identity Services adds management functionality and identity access for clients and business partners. The protocols aim is to secure user accounts better going forward. Google is just a small number of tech giants that can develop a set of protocols which the entire digital industry must consider following.

The moniker for the new service is Google Grade Authentication. CICP wants app builders to use Google as a partner in their pursuit for security. Google wants to be the security foundation. Developers can utilize vast information resources from the internet giant. Apps can be shielded from being a takeover target. App builders, associated with Google security, can scale their offerings to a global market.

Google has made several announcements this year to boost identity and security protocols. Administrators now have a comprehensive lineup of third-party apps to rely on, along with Google. A significant boost to the service is context-aware identity management. The protocol authenticates a user’s location and the context of the request.

Developers and CICP

Google’s next stage of their cloud identity service is in Alpha release. The company has designed identity and access management as an ongoing service. There are a number of components and benefits to the service. Google, along with other tech giants are finally taking identity management seriously.

  • User authentication is based on Firebase, a mobile and web application Google purchased in 2014. Developers can integrate user identity specifications, based on the SAML and OpenID industry standards
  • There is wide-ranging support for the new service. Developers can incorporate their apps into several client-side platforms, including Android, IOS and web access. Along with server-side platforms Node.js, Java, and Python.
  • CICP is self-contained. Developers drop the service into their application to take advantage of Google’s security capabilities.
  • Once the service reaches general release, two-factor authentication will be possible. Multi-factor authentication for mobile devices has become more reliable. Mobile devices are now more dependable than in the past. Hardware includes GPS, microphones and advanced sensors to keep track of users.
  • The CICP service integrates Google’s threat intelligence protocol. This helps to identify accounts that have been acting with a suspicious nature or have been compromised.

CICP satisfies the security demands of mobile device makers and web-access applications on a global scale. Apps having thousands of logins daily, cannot allow accounts to be compromised. Hackers no longer attempt to break into software by rewriting code or brute force attacks, they log in.

OpenID: Forget all of Those Passwords

Sometimes it can be annoying to have to remember several different passwords to the numerous websites that you visit frequently. Due to this reason, that is why OpenID exists.

Sometimes it can be annoying to have to remember several different passwords to the numerous websites that you visit frequently. Due to this reason, that is why OpenID exists

What is OpenID?

OpenID gives users the ability to access multiple websites with only one password. Users have the option to calibrate information with their OpenID that they will allow communicating with certain websites. Thus, eliminating the need to use a different password each time you log in to a different website.

This doesn’t mean that those websites you frequent are no longer password protected. OpenID simply allows the website to confirm your identity to the website that is being accessed. It’s sort of like the fingerprint scanner on your iPhone that allows you to unlock it without using your passcode.

In order to log in with an OpenID, the user must obtain an OpenID identity. Identities are granted through OpenID providers, which are in abundance. Once you receive an OpenID identity, it will be in a URL format, which looks like this username.example.com, or like this: example.com/username.

How do you use it?

Once the user has created an OpenID identity with their provider of choice, they will be prompted to sign into the provider’s web page with their OpenID. At which point, the user has the freedom to grant their most frequently visited websites access to their OpenID in order to confirm their sign on identity. Thus, removing the need to input their password each time they log into their favorite websites.

Where did OpenID come from?

OpenID came about around the middle of 2005. It was developed by an open source community whose sole goal was to correct a problem that was unable to be easily rectified by the pre-existing forms of identity technologies. Since it was created within an open source, OpenID is not owned by any particular person, organization, or company.

Practically anyone has the ability to either be a user of an OpenID or become an OpenID provider. The best part about this is that it’s absolutely free to do so, and the user will not be subjected to pending approval by any organization or company.

OpenID may not be for everyone, but it is an option that is available to heavily active internet users who access multiple websites each day. There is also a representative for OpenID known as the OpenID Foundation. This foundation offers a legal presence for the open source model while also providing the community with infrastructure and promotional aids to further expand the adoption of OpenID.

GNU – General Public Licence

The GNU is one of many licenses that is used in the software world to ensure that software programming may be distributed and protected correctly. Someone who is working in the open source world will benefit quite a lot from the GNU because of the way that is uses its rights. This is a copyleft license that will ensure the user can distribute only under the original license terms. Someone who is working under the GNU will not be exploited by software companies because their work can only be distributed in the same manner as the original program. This is much safer for many different people who are working on the fringes of the industry, and there are companies such as the Linux kernel that are doing quite well under this license because it is much safer for them over the course of the years to be free to distribute as their original programming was.

The GNU is one of many licenses that is used in the software world to ensure that software programming may be distributed and protected correctly.

Any Later Version

There is an Any Later Version clause in this license that ensures that someone who is developing their software may have it apply to any later version of the same program. Someone who needs to be protected because of the development of multiple versions will use the GNU because they know that it is much safer than trying to get a new license every time something comes up. There are many people who get turned around because they are talked into business deals after their first license, and they could be exploited easily. The Any Later Version clause will ensure that all these companies are treated properly long after they have come out with their first version of their software. They are hoping to operate free of big companies, and they depend on this license to safeguard them and their intellectual property.

The Free Software Community Grows

The free software community has been using the GNU for some time, and they have had a hand in ensuring that the license is updated. It was updated last in 2007 to ensure that software companies could not exploit people using the patents of products against their owners. These companies had to be stopped from using the software that was created without servicing later versions. The changes that were made to the GNU ensured that all large software companies had to honor the free software developers who created these programs, and they were forced to allow these companies to upgrade as many times as they wanted. There was no money in it for large software companies, but the GNU allows these two communities to co-exist as the free developers are protected so that they may do their work without the fear of profits overriding their good judgement and decency.

What is Elliptic Curve Cryptography?

In recent years, words, terms, and concepts have been introduced into the world’s vernacular that most of us find difficult if not impossible to understand. The explanation of these words and phrases are the future of our society.

Elliptic Curve Cryptography is a compilation of algorithms for encrypting and decrypting data

Cryptocurrency, the blockchain, and cryptography are in their infancy. Physical money is becoming antiquated. Borders between corporations and societies are breaking down. Cryptocurrencies and de-centralized networks will occupy the void left by the end of paper money. Blockchains are recognized by some of the largest enterprises in the world for encryption technology and resistance to intrusion.

The cryptocurrency blockchain requires four indispensable properties when applying a digital signature in transactions.

  • The signer of the transaction must be verifiable.
  • Each signature along the chain cannot be forged.
  • Signatures are deemed final. The signature cannot be associated with any other identity.
  • It should be computationally impossible to procure a private key from a public key.

Quantum computing, although years away from practical application, is perceived as a menace to break any current encryption technology. Cryptocurrencies and the blockchain are choosing a forward-looking sentiment to the computational capability of quantum computers. Algorithms are now branded as quantum-resistant.

Introduction to Elliptic Curve Cryptography

Each block in a blockchain requires a cryptographic key to the preceding block. Other conditions must be satisfied. However, cryptography is the glue that holds the chain together. Digital transactions are growing exponentially.

Elliptic Curve Cryptography is a compilation of algorithms for encrypting and decrypting data. ECC is one of the most formidable and extensively used encrypting methods. An ever-growing list of websites secures customers HTTPS connections on the ECC standard. The ECC encryption method is being utilized by these same websites to interact with their data centers and other corporations.

In 1977, the contemporary era of cryptography began when two new algorithms were proposed, the RSA and Diffie-Hellman. These new designs were radical in their approach. The cryptographic security was based on numbers. Dual_EC_DRBG is the cryptographic standard accepted by the NSA. The function uses elliptic curve mathematics. The process generates a sequence of arbitrary numbers. These numbers start from a seed formed by an algebraic calculation.

Securing Your Digital Signature

There is blistering criticism from cryptographers, acclaimed mathematicians, and security experts. The RSA encryption standard endorsed by the NSA has a backdoor function. The backdoor was revealed by documents provided by former NSA subcontractor Edward Snowden. Many have recommended, not to employ the RSA method.

The ECC method is useful to cryptocurrencies not solely for the size but also the trapdoor function.

Elliptic Curve Cryptography offers compelling improvements over the RSA standard. The most unique being, the key size is considerably smaller than the RSA encryption approach. Also, cryptocurrencies prefer the ECC because of the efficiencies the method provides. The NIST and National Security Agency now uphold the 384-bit ECC encryption model. Both agencies allow top-secret documents to be encrypted with ECC.

The ECC method is useful to cryptocurrencies not solely for the size but also the trapdoor function. This trapdoor is based on the infeasibility of determining a point on an elliptic curve. The approach is Point Multiplication. The operation successively adds a point along an elliptic curve out to infinity. The National Security Agency says it would need a 7680-bit key to solve the ECC method. The NSA has declared it is moving away from the ECC standard to a newer collection of ciphers. These new encryption mechanisms are because of the inevitability of quantum power breaking any type of code.

How Identities are the New Security Perimeter

There is constant news coverage of credit card identities stolen, bank records compromised, and identity theft. Consumers have become jaded to relentless headlines, of our privileged information stolen. Is this the new normal?

Businesses having significant digital footprints are seeing attacks increasing exponentially.

The statistics are shocking. 18% of all healthcare employees are prepared to sell patient data, 24% know of an employee who sold confidential material. Apple employees have been offered as high as $23,000 for privileged access credentials. A staff member at Honeywell, furious at not receiving a raise, was caught selling satellite tracking data. He assumed the client was a Mexican drug cartel, not the DEA.

The dark web is now firmly ingrained as a global marketplace for procuring and selling of privileged credentials. Hackers no longer break into secure digital systems, they log in, allowing for unfettered access to company data.

Digital Companies see cyber-security as a second-tier cost, only to be increased if a threat occurs. Profitable companies usually are cutting cyber-security costs. Government data to big Hollywood studios are seeing their assets being compromised. There must be consistent authentication policies across the corporate landscape, while providing the access employees, customers, and partners need.

Zero Trust Security (ZTS)

Dated security methods are not functioning. Businesses having significant digital footprints are seeing attacks increasing exponentially. The Zero Trust Security protocol ensures every device, login attempt and requested service are being verified through the Next-gen Access initiative. NGA is a digital business application coordinating login and resource request management. The technology recognizes every device and user.

There are four pillars to the ZTS protocol:

  • Never trust anyone, anything and always verify. This fundamental policy requires everyone in the organization to be verified before granting access into the system.
  • Endpoints must be authenticated. Before granting access to the system, the user must log in from a prior trusted device. If not, the login requires a multi-factor authentication.
  • The system grants the user only the access given to them when the account is set up. Company employees are set up on a tiered system. The level of access allowed is fixed. No more, no less.
  • The process is constantly learning. The platform learns user behavior, login attempts, access control, and policy adjustment.

What is the Future of Security for Digital Companies?

William Saito believes there are two types of enterprises in the world. Ones who have been hacked and the ones who do not know they are being hacked. Saito is accepted as a world authority on encryption, biometric authentication, and cyber-security. William Saito reports directly to the prime minister of Japan and sits on the Council for National Strategy.

Companies with large digital footprints must mature.

Companies with large digital footprints must mature. Traditional corporate security is not working. Employees work remotely around the world, logging into a vulnerable network with unrecognized devices. Identity has turned into the new security protocol. Only an individual’s biometrics can be relied upon when logging into a company network.

William Saito believes an all-encompassing strategy must be established now. This strategy must start immediately before it is too late, and users no longer trust any of their screens. Saito says, the internet is expanding quicker than anyone, or any corporation can keep up with. Most security controls are added haphazardly rather than from the ground up.

Unless the issue of trust identity is not dealt with now, the ensuing failure and costs will be massive.

No More Messing Around with Passwords

36% of the world’s population has access to a smartphone. This figure represents approximately 2 billion users, and ownership is flourishing. Consider, each user may have at least one account they log into, such as email. Add three, five or 10 accounts, and you start to realize the issue.

Companies have done a great job protecting initial access to your phone, such as Facial and fingerprint scanning. However, what takes place once you are logged in? The modern smartphone platform is more than just a phone. For some, it is their bread and butter. Without their device, they would lose business contacts, bank accounts, and current news. Few users do a satisfactory job of backing up data on their smartphones.

It has become essential to every smartphone user to go above and beyond traditional methods to protect their data.

Hackers work overtime to gain access to your phone and home computer. With each new software update, devious computer science engineers immediately work to circumvent the system. Blue-chip computer scientists see the future of smartphone security as hardware isolation. The operating system, apps, and alternative components are merely a pass-through to where true credentials are locked away, the hardware.

Future of Smartphone Security

The issue of protecting your smartphone is immense. Biometric scanning is doing an outstanding job of individual access. Millions of smartphone users rely exclusively on password managers and other apps to secure their most crucial information. Homeowners use their phone to manage home lighting, appliances, and more importantly home security.

Think-tanks around the world are scrutinizing these issues from a global perspective. Big players in technology are constantly looking for platforms that secure your phone, bank accounts and also remember to turn off the lights. Home integrations with smartphone technology are a vast global market; it is also very fragmented. AI (artificial intelligence) continues to be adopted into the devices we use every day and voice control is predicted to bring all these technologies under one umbrella.

Identifying threats has become more difficult. Malicious software is being cloaked in useful apps, and users are completely unaware or incapable of dealing with these risks. It has become essential to every smartphone user to go above and beyond traditional methods to protect their data.

ReCRED

One such company at the cutting edge of smartphone security is ReCRED (Real-world Identities to Privacy-preserving and Attribute-based CREDentials). The platform seeks to eliminate the need for passwords or pins to log into each of the services we use. The unique approach, developed by a global team of scientists, wants to link all accounts to a specific biometric identity.

One such company at the cutting edge of smartphone security is ReCRED (Real-world Identities to Privacy-preserving and Attribute-based CREDentials).

Password overload affects us all. Advancing the usability of smartphones is the principal goal of firms such as ReCRED. The system is based on individual smartphones and their users. The architecture uses each cell-phone as a proxy. Meaning, your phone is an intermediary to all the accounts you use. ReCRED and comparable companies seek to be the lone point of login for your digital world. With this model, the user grants explicit rights to manage the security of your phone. ReCRED attempts to limit access across the platform such as email. Verifying your email would no longer be allowed because too much of the user’s identity would be disclosed.

Most experts regard the hardware isolation model as the only correct approach to withstand the increasing threat of attacks and data vulnerabilities. Separating data and computational processes within hardware containers is the only way to make your smartphone impervious to attack.

Rivest-Shamir-Adleman (RSA): A Cryptosystem

The RSA cryptosystem is one of the first of many public-key cryptography algorithms that utilizes prime factorization as the one-way function, or otherwise known as the trapdoor one-way function since it deals with fixed public-key functions.

The RSA cryptosystem is one of the first of many public-key cryptography algorithms that utilizes prime factorization as the one-way function, or otherwise known as the trapdoor one-way function since it deals with fixed public-key functions.

RSA: A History

The RSA cryptosystem was a new concept brought about in 1976 by Whitfield Diffie and Martin Hellman. Along with RSA, Diffie and Hellman also introduced the idea of digital signatures. Their number theory consisted of a shared secret-key formed through the exponentiation of prime numbers. Unfortunately, they could not complete the equation due to the use of one-way functions. Most likely because, at the time, factoring was an arduous process and was not fully studied or practiced. However, for the next year, three men that are known as Ron Rivest, Adi Shamir, and Leonard Adleman, all of whom studied at Massachusetts Institute of Technology, put in a plethora of man hours and made numerous attempts in order to design a one-way function that could not be inverted. In April of 1977, Rivest, Shamir, and Adleman finally completed what is now known as RSA; named so as a tip-of-the-hat to its creators.

In September of 1983, MIT was granted the patent for “Cryptographic communications system and method”, which utilized the RSA algorithm. The patent was only issued for a 17-year use which meant that it would expire in September of 2000. However, MIT released the algorithm for public use two weeks before the expiration of the patent. Since the algorithm was made public, it was granted a U. S. patent. Otherwise, obtaining a patent would not have been doable.

How does RSA work?

The RSA cryptosystem requires four different processes: key generation, key distribution, encryption, and decryption. When speaking of key generation, that is when public and private keys involved. The public key is mostly used for encrypting messages and confidential information and be used by anyone. The private key is, in a way, the skeleton key that can decrypt those messages if done so within a certain amount of time. There is a formula that is used in order to generate the public and private key codes.

Key distribution is sort of like file sharing with a password. To send someone an encrypted message, you need their public key, so they would have to send it to you in order to encrypt a message to send back. Upon receiving the encrypted message, you would then use your private key to decrypt it and read the message. RSA is fairly simple to understand once you remove the mathematical functions from it.

When using RSA to send encrypted messages, you want to be sure that the person you’re sending and receiving messages with is who they say they are. For this reason, there is what’s known as “signing messages.” Since anyone can use your public key, RSA can be utilized to confirm the source of the encryption by “signing” it with your private key. This allows the sender to know that the message was, in fact, from the person of interest.

To conclude, RSA is one of the simplest forms of cryptosystems that can be learned and used by anyone. Most computer programmers learn it while they are in school, and some people are self-taught. If cryptosystems are something that intrigues you, then you might want to try your hand at RSA coding.