Identity from the perspective of authentication

In this video Stephen Downes, convener of the E-Learning 3.0 MOOC explains that in the future our safety and security online will be managed through the use of identification keys. We will each have a private key and a public key, which we will plug into our computers instead of signing on with a password.

Source of  image –  Yubico.com

In the future everyone will be logging in like this and passwords will become a thing of the past.

Why do we need two keys? This is to ensure maximum security and encryption.  The two keys act like a two-way security system. We can think of our private key as our ‘key’ and our public key as the ‘lock’, i.e. the one won’t work without the other. You can only get through the door if you have the right key and the right lock.

So, an example found on Quora  explains how you can use private and public keys to send and receive encrypted messages like this:

Robert wants to send Katie a file. Robert would request Katie’s public key to encrypt the file and then encrypt it with her public key. Robert would then send the file to Katie. Katie would then decrypt the file with her private key.

In this way, Katie’s public key is only used to encrypt but can never be used to decrypt, keeping the data safe. And Katie can only decrypt the data with her private key and would never exposes her private key to anyone, keeping her private key safe. (Source: https://www.quora.com/profile/Ken-Mafli-1)

Stephen in his video (starting at about 7.00 minutes in) explains this in more detail and makes it very clear that a signature on the sent encrypted message would be needed to make it absolutely secure, otherwise you couldn’t be sure who had the public key. The point is to be able to prove who you say you are and keep your communications online safe, without the use of passwords. Your digital identity (based on your identity graph/s) becomes your public key, which is unique to you, and your private key keeps you safe.

Stephen believes that in ten years’ time this is how we will all be accessing the internet. I wonder how straightforward this will be for the average user. I will be in my 80s in 10 years’ time. Will this make it easier for me and people like me, or, as Stephen asks elsewhere on the E-Learning 3.0 course site,

“Will we be lost in the sea of possibilities, unable to navigate through the complexities of defining for ourselves who we are, or will we be able to forge new connections, creating a community of interwoven communities online and in our homes?”

Hopefully there will be more courses like this one which will help us to keep abreast of developments and where we are headed.

This is only a brief summary of the key points in Stephen’s video, as I see them. You need to watch the 25 minute video to get a more complete picture.

And have a look at the Resources – provided by Stephen which I have copied below:

FIDO U2F
Yubico, 2018/11/15

As explained on the Yubico website, “U2F is an open authentication standard that enables internet users to securely access any number of online services with one single security key instantly and with no drivers or client software needed.  FIDO2 is the latest generation of the U2F protocol.”

Public-key cryptography
Wikipedia, 2018/11/15

Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key.

Keybase.io – Downes
Stephen DownesKeybase, 2018/11/15

This is my Keybase page. Here’s what Keybase says about itself: “Keybase is a new and free security app for mobile phones and computers. For the geeks among us: it’s open source and powered by public-key cryptography. Keybase is for anyone. Imagine a Slack for the whole world, except end-to-end encrypted across all your devices. Or a Team Dropbox where the server can’t leak your files or be hacked.” See also (very technical) Keybase for Everyone. And Keybase writing to the blockchain.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s