An article in USA Today was touting the virtues of using the “building block” of the internet such as the likes of Google™, Amazon™ and Facebook™ titled: Google, Amazon, Facebook put start-ups on fast track, caught my attention as one of the “blocks” they suggested using was “Facebook” authentication. This started me thinking as if this was the long awaited for Holy Grail of the security age as here Mark Zuckerberg could be the holder of your “four magic keys“.
As to prove you are really “you” in the virtual world is a turning out to be a challenging task to say the least and is especially important should we wish to further the economic drivers of capitalism on the net. However the conventional tenants say that in order to validate yourself with any measure of security you need to prove you are really you, typically this is done via some form of biometric attribute such as a finger print, iris scan, hand print or the like.
However we’ve all seen the Da Vinci Code and know how well an iris scanner works when you pluck an eyeball out. Then there is the “Jello” trick where a finger print is lifted with a piece of tape and placed on to a Jello stick which is capacitive to defeat finger based biometric systems.
So how is it possible to increase the probability of authentication then if even physical systems can be compromised? Here one needs to employ what I’ve coined as the “Authoritative Compass” which is comprised of four interlinked personal keys:
1. Something you “know”
2. Something you “have”
3. Something you “are”
4. “Someplace” you are
As you can quickly see, Facebook™ has this data on you already along with the ability to correlate it altogether. So in short a system could challenge something you “know” such as the name of say a “friend“. Then there is what you “have” such as cars, pets, children or relationships as this will create a unique combination and again the “are” is filled by a posted job, parental or family status. While the final joining factor is then “where you are” which can be gathered from an IP address, GPS data from a smart phone or simple triangulation services from cellular towers. As here one can quickly see, once the compass is engaged and aligned the level of uniqueness is significant mathematically.
However on the surface this appears to be a complex option, however in fact, since Facebook™ has all of this information. As you log into a system, from Facebook™ (authentication services) it would hash the name of a relative, thus your response would be their name fulfilling something you “know” which is the name and second is the “have” being the “relationship” while the “are” is answered by the converse of the relationship as if:
1. Bob Newhart (something you know)
2. Nephew (something you have)
3. Uncle (something you are)
Then there is the “where” you are again to provide the final hash to complete the equation as even if some rogue operative in the back woods of Russia gets the first three. The final hash will fail to complete the “four magic keys” however as you travel Facebook™ will know from your IP and can update the hash dynamically.
While this was a rather simplistic view, the concepts are clear around the possibilities the social giant Facebook™ could bring to bear on the Web 3.0 social model…