I work as an architect at a big telco that has recently become a quad-player. Part of my job is to think of what services come next. My previous interest has always been distributed computing, either networking or large data-sets. Also as part of my job I attend IT conferences on the internet of distributed devices.
My key questions & my current thoughts are:
What will become the distributed identity standard for device authentication?
OpenID Connect (OIDC) (like SAML) is not an AuthN mechanism but extends the OAuth2.0 model. The identity attribute API can be used for profile loading to define a user’s identity onto the device. This can be a lightweight equivalent of a SIM Profile & also support the eUICC flows for ownership switch (similar to a Profile Content Update Function)
Any AuthN & identity solution must support the limitations of loading profiles on smaller memory devices & requiring an authN flow over HTTP.
What will be the numbering & addressing standard for massively distributed devices?
This is more of an open question relating to the history of the service so that eUICC enabled devices will require an international mobile subscriber identity and LPWA & WIFI enabled devices will require a MAC addressing / IPv6 registry with the service provider.
The support for these addressing mechanisms and near field communication devices will have an impact of the network operator’s OSS IT architecture.
The GSMA proposal for eUICC uses the START-IMSI required for profile loading which supports roaming and allows for profile swap on change of ownership.
IPv6 offers a highly scalable address scheme. It provides 2128 unique addresses, which represents 3.4 × 1038addresses. In other words, more than 2 Billions of Billions addresses per square millimetre of the Earth surface. It is quite sufficient to address the needs of any present and future communicating device.
6LoWPAN provides a simple and efficient mechanism to shorten the IPv6 address size for constrained devices
Will the smart device co-ordination be through an embedded chip-set in the main home internet router?
Probably not but I would have said probably not 5 years ago and I still have not seen Zigbee co-ordinators or Thread border routers catch on as stand-alone devices.
I’ve not been blogging for a while, too much work is not an excuse, but will be updating more on these topics soon.
Credit and debit cards stolen from bricks-and-mortar stores sell on the black market for at least ten times the price of cards stolen from online merchants. There are plenty of TOR accessible card shops that will happily buy the cards from hackers and resell them on the open market. A card stolen from a bricks-and-mortar store can be reused in a real store to buy high value electronic goods or gift cards that can be easily converted into cash. Cards stolen online require a card verification value (CVV) and can only be used by online stores willing to send high value goods to a different shipping address from the billing address.
The two most recent major bricks-and-mortar store card breach stories that have appeared in the news recently are Home Depot where 56m customers’ card details have been stolen and Target where 70m customers’ card details have been stolen. In both cases the point of sales (POS) systems were been breached by variants of the same memory scraping malware. BlackPOS / Kaptoxa in the case of TARGET and Framework POS in the case of Home Depot. Both malwares run inside the POS system (running on Windows OS) and are registered as a service. Both malwares read card data before it is encrypted and then collate and later output the card data which is then made available as ‘dumps’ on black market stores.
The Internet of Things is not predicated on mobile or fixed-line operators. It is predicated on the value derived from the interplay between different sensors and actuators. In the history of mobile telecommunications it was the mobile network operators who provided a service that brought together radio waves and handset manufacturers. The success of mobile telecommunications has led to a 93.5% global saturation rate (source Informa) with the conglomerate operators China Mobile Vodafone. Airtel and Verizon etc being the big winners.
Reuters are reporting that the Royal Bank of Scotland and Lloyds Bank will both relocate to England if Scots vote for independence next week. The Royal Bank of Scotland, which employs 11,500 staff in Scotland, announced that it had taken the option to relocate to England because a vote for independence would create uncertainties which could impact its ability to borrow. Lloyds Bank, which employs 16,000 staff in Scotland, announced its contingency plans for Scottish independence included setting up “new principle legal entities in England”.
The Data Protection Directive (officially Directive 95/46/EC) regulates the processing of personal data within the European Union and also provides the criteria for Safe Harbour privacy for companies operating within the European Union. The Safe Harbour regulations forbid sending of customer’s personal data to countries outside the European Economic Area unless there is a guarantee that it will receive adequate levels of protection. There are no Safe Harbour considerations for EU companies with services deployed to Scotland while Scotland is part of the UK and when Scotland has become independent of the UK and joined the EU as an independent country. However there may be a period of time between Scotland becoming independent and joining the EU (as an independent country) when Safe Harbour requirements really matter. At this time no EU company will have a Safe Harbour agreement with the newly independent Scotland. Therefore any company with Identity Stores (or business systems containing personal data) deployed in Scotland will be in breach of the Data Protection Directive.
It is not impossible to have a single user directory tree for internal users / staff, partners and customers. All that is required is unique identifiers and different levels of permission normally managed through group membership. However pretty much every organisation quite rightly separates these groups as independent trees. These independent trees are normally realised as independent directory implementations thus providing security through isolation and security zones of control. This though has not stopped me being recently asked within a large organisation if it is not possible to have a single identity management solution.
This was an evident confusion between identity management solutions and directory structures. For which I drew two examples: the first was an example directory structure (below), for ACME_Corp and my test user Chester Drawers, showing how quickly a single directory structure would become very complicated.