Two of the hottest topics in technology these days are smart wearable devices and digital identities. The former, thanks in part to last week’s unveiling of the Apple Watch, has captured the attention of nearly everyone recently, while the latter has gained more notoriety recently than anything else, but is poised to be a key issue for years to come. While at first glance the two are unrelated topics, I believe we will see them come together in some very intriguing ways over the next few years.
One of the key characteristics that ties these two concepts together is they’re both very personal. Wearables are the most personal technology device you can own because, by definition, they are designed to fit or be worn somewhere on your body—and you can’t get any more personal than that. In fact, I believe some of the key challenges facing wearable makers is the need to account for this basic, but essential fact. It’s one thing to design something that lots of people want to use and carry with them—it’s something else entirely to design something that millions of individuals are willing to regularly wear. Unless you’re a big believer in standardized uniforms—and all that implies—the idea that lots of people are going to all wear the same wearable strikes me as a bit naïve.[pullquote]It’s one thing to design something that lots of people want to use and carry with them—it’s something else entirely to design something that millions of individuals are willing to regularly wear.”[/pullquote]
In the case of digital identities, the collection of data that goes into that identity is, again, by definition, as personal as you can get. The challenge here is that we haven’t really seen any great example of products or services that tie all of our information into a coherent, singular form. In fact, some people would argue that it’s better to have information about various aspects of your life—from email and social network site passwords, to your financial information, medical records, friends and family contact info and so much more—kept separate because that makes it harder to piece together all your critical information. (Never mind the fact that just by analyzing all your online activities, many firms probably already have a “scarily” accurate view of you that they’re selling to the highest bidder—that’s a topic for another column on another day…)
The basic assumption here is that none of the elements that would go into a unified digital identity are really safe, so we’re better off spreading that security risk across many individual services. That way, if someone gets one thing—like access to a credit card account—they don’t necessarily have access to all your other key bits of information or personal data, such as your personal photos. While that argument is relatively sound in some ways, it obviously ignores the potential benefits—particularly around convenience and ease-of-use—that a unified approach would clearly offer.
The problem is, one of the critical challenges in putting together a unified type of digital identity service is that you would have to create some kind of “master key” that would unlock the entire treasure trove of your personal data. The potential risks in that scenario are frightening to many people and no one is really confident enough in any single security/authentication mechanism to serve this purpose.
But that is exactly where I believe the wearable/identity connection can, and must, occur. One of the “side” benefits of having a device you wear is that it’s in direct contact with your body. In conjunction with the right sensors, that bodily connection could be used to provide some kind of biometric data to uniquely identify you and serve as a “password-less” automatic means of getting access to your digital identity. Conversely, without that biometric match, access to your digital identity would be denied.
While lots of attention has been focused on fingerprint-based biometric recognition, there are challenges to this technology. In fact, in many cases, such as manual laborers whose fingerprints have worn down, people with certain genetic issues and others, it simply doesn’t work. There are some promising new developments in low-cost iris scanners, as well as mechanisms for matching hand geometry, faces, vein pattern-based recognition and, likely, more to come. In all cases, there are tradeoffs between cost, accuracy and convenience and that will likely lead to the use of several different methods of biometric identification.
Regardless, it seems clear that wearable-identity connection could become extremely important over the next few years and open up a wealth of interesting opportunities for digital identities as well. We’ve yet to see anyone pull together all these aspects into a single solution—no, not even Apple—but I suspect that when it does come together, the impact will be profound.
“the idea that lots of people are going to all wear the same wearable strikes me as a bit naïve”. Isn’t that debatable ? What are brands, if not a shortcut to gaining acceptance by your reference group by displaying the appropriate markings ? Brands are a combination of uniform and face paint, and many people seem to love that. OEMs just have to get to that magic spot were a gizmo defines a tribe.
As for password-less biometry, I don’t want my arm cut off so people can raid my savings. With a password, at least they have to keep me alive. Canonical good security is: “something you have + something you know”. Wearables aren’t changing that.
A properly designed biometric identifier would return a failed authentication if the identifying limb does not show signs of life. Of course this needs to be publicized massively so that putative amputators are made aware that their efforts will prove futile.
Sure, the first point is somewhat debatable, but again, I strongly believe wearables are different than phones and other devices we carry and are much more personal. That’s part of the reason Apple is offering more variations on the Apple Watch than any other product they’ve ever done–even they acknowledge the issue.
Regarding the second point, as aardman noted below, most all of these new biometric methods look for “life” so I don’t think the cutting off of limbs or body parts will be a serious threat here…
I’m not sure why there is such a scare of someone chopping off a limb to steal a fingerprint. They can threaten to do that now unless you give them your password – LOL!!!
I blame Hollywood.
Also, a closed-source system cannot ever be considered secure:
1- it cannot be demonstrated to be secure,
2- even if it is secure at some point in time, it can be changed at any time, either globally (think U2 album) or on a case-by-case basis (think court order+gag order)
3- which company is confident enough they’re secure to put their money where their mouth is and (gasp) indemnify us for leaks ? Thought so !
Good post! We will be linking to this particularly great post on our site. Keep up the great writing
It’s nice to see the best quality content from such sites.