The Internet of Things
Currently…
- There are approximately 7.5 billion people on earth.
- There are approximately 1.5 billion PCs in use worldwide. (this is a good proxy for the size of the traditional “Internet-of-Computers”)
- There are already approximately 14 billion IoT devices that can connect to the Internet. (this is a good proxy for the size of the new “Internet-of-Things”)
In the next few years the number of connected IoT devices is projected to exceed 25 billion. Many forecasts project the total number of connected devices will exceed 50 billion by 2030.
Connecting this very large number of “smart devices” to the internet without instituting a new paradigm of combined cyber and physical authentication security is a recipe for disaster.
Authentication should verify both people and machines
Smart phones, devices, vehicles, homes, equipment, and other “smart things’, now regularly interact with communications networks, services, PC’s and between machines (M2M) in ways that may be both autonomous and/or inclusive of human users. Authentication needs encompass this entire specter of interactions in a comprehensive and unified manner. Upon authentication success, “Privileges” need to be issued to both humans and machines for both Cyber and Physical access.
Authentication should be persistent
Interactions between both humans and machines almost always takes place for periods of time across an on-going session. One-time “Event Authentication” at the beginning of a session, which is currently typical for an ongoing session, is an invitation to breach the session, and the risk increases as the session time length goes on. Persistent Authentication takes place during the entire on-going time of the session.
Authentication should be two-way
Authentication credentials for both Machines and for Humans should only be exchanges in a simultaneous, bi-directional, “Mutual” manner, such that both sides of credential exchanges will always involve only “Trusted” parties. Keying in a “Password” to any unknown person or machine, in order to gain access, can no longer be the standard process. In fact visible “passwords” themselves should at least be hidden in lower layers of the protocol, and eventually “passwords” should become a relic of the past. “When humans do not know a password, they can not give it up by mistake”
Authentication should be proximity-based
Secure Authentication is not only “Time” related, it is “Place” related. When “Location” is included as a necessary authentication factor, the authentication process is not only more secure and reliable, the authentication process can also be made much more natural, and incorporated as a normal part of the user’s workflows. Proximia solutions include both “Time-Coding and Geolocation” factors (Via GPS data), and also our own unique “Dynamic Proximity” factors provided for incorporating true real time close in proximity factors.
