The Identity of Smart Things

Posted by: Do Lee October 31, 2017 Cybersecurity

At last week’s NVTC Cybersecurity Committee, I joined industry colleagues Andrew Girson, Dan Caprio, and Joe Klein on a panel, and we explained how shift happens when we place our trust in smart things. IoT is now ubiquitous.

IoT access is replacing mobile access just as mobile access replaced web access over a decade ago.

Gestures are replacing logins and swipes are superseding passwords in the modern user experience surrounded by smart things. Earlier at this year’s Live Slam ’17 Internet of Things conference we witnessed how progressive the shift is to IoT with Amazon, GE, IBM and others racing to connect the dots. As the current population of 5 billion smart phones steadily outpaces the world population of 7 billion human beings, imagine how quickly trillions of smart things will surpass the human population.

In today’s era of password-less economy, basic user identity capabilities – authentication, authorization, attribution – are undergoing a shift from a user interaction standpoint.

A simple step of logging in is enhanced by adding gesture-based preambles. Similarly, authentication schemes for federated single sign-on experience is expanded via multiple layers of authentication to ensure you are really you in the context of myriad devices and apps. For instance, direct authentication is used to involve a pin, a password, a fingerprint, and often a KBA (knowledge-based authentication). Nowadays, there are indirect authentication methods that involve keys, tokens, and one-time passwords. Add to it, the notion of continuous authentication that strengthens the method via voice prints, facial scans, lexical keystrokes, and even walking gaits. Lastly but not the least, there is the notion of contextual authentication.  This factors in behavioral statistics, session cookies, IP address, and time of the day before granting compliant and secure access to the user.

Welcome to the era of smart things.


Dipto Chakravarty is Exostar’s Chief Technology Officer. A version of this post was originally published to LinkedIn.