Last Update 1:17 PM December 12, 2024 (UTC)

Company Feeds | Identosphere Blogcatcher

Brought to you by Identity Woman and Infominer.
Support this collaboration on Patreon!

Thursday, 12. December 2024

Trinsic Podcast: Future of ID

Jeffrey Schwartz - Acquiring Trinsic Ecosystems & Accelerating the Future of Decentralized Identity

In this episode of the Future of Identity podcast, I’m joined by Jeffrey Schwartz, Founder and CEO of Dentity, to discuss the recent acquisition of Trinsic’s SSI platform assets, their ongoing partnership with Trinsic, and the innovations driving decentralized identity adoption. They explore the journey behind Dentity’s success in achieving market traction, building trust, and scaling decentralize

In this episode of the Future of Identity podcast, I’m joined by Jeffrey Schwartz, Founder and CEO of Dentity, to discuss the recent acquisition of Trinsic’s SSI platform assets, their ongoing partnership with Trinsic, and the innovations driving decentralized identity adoption. They explore the journey behind Dentity’s success in achieving market traction, building trust, and scaling decentralized identity solutions in the face of market challenges.

In this episode we dive into:

The strategy behind Dentity’s success and rapid adoption in the decentralized identity market The Trinsic Ecosystem, interoperability challenges, and creating user-friendly identity solutions The role of interoperability and strategic partnerships in scaling decentralized identity systems The future of decentralized identity and the Trinsic Acceptance Network — connecting users, platforms, and networks globally


Whether you're an enterprise, developer, or identity enthusiast, this conversation is packed with insights into the future of identity ecosystems and their transformative potential.

You can learn more about Dentity at dentity.com.

Subscribe to our weekly newsletter for more announcements related to the future of identity at trinsic.id/podcast

Reach out to Riley (@rileyphughes) and Trinsic (@trinsic_id) on Twitter. We’d love to hear from you.


Dock

Dock is partnering with Moon Lab to develop a digital ID solution for banking institutions in Asia

We're excited to announce that Dock is partnering with Moon Lab to develop a cutting-edge digital ID solution tailored for banking institutions in Asia. Moon Lab is a pioneering Blockchain-as-a-Service solutions provider based in Hong Kong, bridging the gap between Web 2.0 and Web 3.

We're excited to announce that Dock is partnering with Moon Lab to develop a cutting-edge digital ID solution tailored for banking institutions in Asia.

Moon Lab is a pioneering Blockchain-as-a-Service solutions provider based in Hong Kong, bridging the gap between Web 2.0 and Web 3.0. With a mission to make Web 3.0 accessible, they empower businesses to harness the transformative potential of blockchain technology.

Through this collaboration, Moon Lab will leverage Dock’s advanced Decentralized Identity infrastructures to enhance data ownership for users and offer seamless and faster verification across various financial platforms.

Together, we’re focused on transforming ID verification processes in the banking sector, reducing friction for users, and enhancing security standards. 

By combining Dock’s expertise in verifiable credentials with Moon Lab’s tailored enterprise-grade blockchain solutions, we’re working to deliver a seamless, secure, and efficient digital ID experience.

A special shoutout to Jack Chen, a true forward-thinker, and his exceptional team at Moon Lab. It has been a pleasure collaborating with them on this groundbreaking initiative.

This strategic partnership also marks an exciting milestone for Dock as we continue to grow our presence in Asia. 

Stay tuned for more updates as we build the future of digital identity together!


Infocert

VPN Virtual Private Network: What it is and How it Works

What is a VPN (Virtual Private Network) and what is it for? In recent years, increasing focus on online privacy and security has led many people to discover tools such as VPNs. With the increase in cyber threats and risks associated with surfing online, protecting one’s personal data has become a priority for many users. […] The post VPN Virtual Private Network: What it is and How it Works appea
What is a VPN (Virtual Private Network) and what is it for?

In recent years, increasing focus on online privacy and security has led many people to discover tools such as VPNs. With the increase in cyber threats and risks associated with surfing online, protecting one’s personal data has become a priority for many users.

 

One of the most effective solutions to guarantee security and privacy when accessing the Internet is to use a VPN, a service that protects data transmission on public networks and preserves one’s identity by detecting and rejecting malware, phishing and fraud attempts.

 

This tool allows you to surf the Internet anonymously, protecting your information from eavesdropping and malicious attacks. But what is a VPN and what makes it so useful?

What is a VPN and why is it important?

VPN stands for Virtual Private Network. It is a technology that creates a private connection between your own device and the Internet. In practice, a VPN connection allows you to surf online more securely by masking your IP address and encrypting your data in transit. This means that your information is more difficult to intercept by third parties, such as hackers or individuals trying to monitor your online activity.

 

Using this type of connection is essential to ensure security and privacy, especially in situations where the risk of personal data exposure is high. For instance, when you connect to public Wi-Fi networks, such as those in bars, restaurants or airports, your data can easily be intercepted by malicious attackers who could connect to your device. By encrypting your connection, a Virtual Private Network prevents information from being stolen or monitored even on these public networks.

 

In addition, many organisations, including marketing agencies, try to monitor your behaviour as you browse in order to collect personal information, such as history and sensitive data. To protect your privacy and prevent your data from being used without your consent, it is essential to use a private network. In fact, using a VPN makes it almost impossible for anyone to monitor your online activities, ensuring that your information remains protected and out of reach of prying eyes.

Are VPNs legal?

One of the most frequently asked questions concerns the legality of this tool: are VPNs legal? The answer depends on the country you are in. In general, the use of a VPN is legal in most countries, including the UK and Italy, but there are some exceptions. The key lies in the way the technology is used.

 

While using this type of connection to protect privacy and surf safely is perfectly legal, in some countries the use of a private network to circumvent certain government controls or to access prohibited content may be restricted.

What is a VPN for? As mentioned above, a Virtual Private Network is an indispensable tool for protecting data and privacy online. By using it, you can surf more safely and defend yourself against potential threats.   Here are the main functions of a VPN connection:   Personal Data protection. A private network encrypts your Internet connection, making data, such as passwords and banking information, invisible to anyone trying to intercept them, especially on public or unsecured Wi-Fi networks. Online anonymity. By hiding your IP address, it allows you to surf without being tracked. This means that websites cannot collect information on your location or surfing habits, guaranteeing completely private surfing. Increased security. A VPN service protects online traffic from external attacks, such as hackers, and reduces the risk of unauthorised access. In addition, some private networks offer advanced features to protect against web threats, such as blocking suspicious applications in case of abnormal activity, malware and intrusive advertisements. How does a VPN work?

A virtual private network protects your Internet connection by creating a channel through which data travels encrypted, preventing anyone from intercepting or monitoring it.

Here is how a VPN works in greater detail:

User and server authentication. When you connect to a Virtual Private Network, your device is first authenticated by the server. This ensures that only authorised users can access the private network. Data encryption. Once authenticated, the server applies an encryption protocol to the data you send and receive. Encryption makes your data unintelligible to anyone attempting to intercept it, protecting your personal information during transmission. This creates a secure data exchange ‘tunnel’ that makes it impossible for third parties, hackers and even your service provider (ISP), to view the content passing over your connection. Encapsulation of data packets. Data is wrapped in an external packet, which is also encrypted. This encapsulation process makes it even more difficult for anyone to access the data, keeping it safe during transfer. Data decryption. Once data arrives at the destination server, the external packet is removed via a decryption process, allowing the data to be read securely.

 

Thus, a VPN works by creating a private and confidential connection between your device and the destination server, ensuring that your data can be transmitted encrypted and protected. Using an encrypted tunnel prevents data from being intercepted or used without your consent.

H2. Protect your privacy with NordVPN Plus.

With NordVPN Plus from InfoCert, you can surf safely by encrypting data, masking your IP address and blocking malicious content. In addition to advanced protection of your sensitive information, the service also has a Password Manager that stores and protects your credit card and login credentials for all your online accounts. It also defends you in real time against viruses, malware and ransomware, automatically blocking all malicious content.

Protect your privacy online with one of the most comprehensive solutions.

Discover More

The post VPN Virtual Private Network: What it is and How it Works appeared first on infocert.digital.


Ockto

Digitale inclusie: de positieve impact van hybride oplossingen

 

 


Data delen: hoe houden we het veilig, toegankelijk en verantwoord? - Roel ter Brugge & Hidde Koning - Data Sharing Podcast

Deze aflevering van de Data Sharing Podcast gaat over data-ethiek, vertrouwen in data en AI en toegankelijkheid in een steeds digitalere samenleving. 

Deze aflevering van de Data Sharing Podcast gaat over data-ethiek, vertrouwen in data en AI en toegankelijkheid in een steeds digitalere samenleving. 


SC Media - Identity and Access

Survey: Employee behavior is major cybersecurity challenge in hybrid workplaces

Conducted across six countries, the survey identifies risky behaviors such as personal device usage, poor password practices, and unauthorized access to sensitive data, which undermine workplace security.

Conducted across six countries, the survey identifies risky behaviors such as personal device usage, poor password practices, and unauthorized access to sensitive data, which undermine workplace security.


Thales Group

Thales RSM NG secondary radar selected by Luchtverkeersleiding Nederland to strengthen Air Traffic Control at Schiphol Airport

Thales RSM NG secondary radar selected by Luchtverkeersleiding Nederland to strengthen Air Traffic Control at Schiphol Airport prezly Thu, 12/12/2024 - 09:30 Thales has been selected by Luchtverkeersleiding Nederland (LVNL), the Dutch Air Navigation Services Provider, to supply the RSM NG, a digital Secondary Surveillance Radar with increased performance and reliability for safer
Thales RSM NG secondary radar selected by Luchtverkeersleiding Nederland to strengthen Air Traffic Control at Schiphol Airport prezly Thu, 12/12/2024 - 09:30 Thales has been selected by Luchtverkeersleiding Nederland (LVNL), the Dutch Air Navigation Services Provider, to supply the RSM NG, a digital Secondary Surveillance Radar with increased performance and reliability for safer Air Traffic Management. With the capacity to follow-up to 2, 000 aircrafts simultaneously and output 64 simultaneous data streams to Air Traffic Control Centres, the radar integrates both ADS-B1 and Mode S Sensors2, resulting in faster track initialisation and detection. Thales will install the radar in less than a year at one of the busiest airports in Europe – Schiphol Amsterdam, with a seamless replacement plan ensuring no interruption to Air Traffic Control service.
© Thales RSM NG

Thales has signed a contract with Luchtverkeersleiding Nederland (LVNL), the Dutch Air Navigation Services Provider for the delivery of the RSM NG digital Secondary Surveillance Radar with increased performance and reliability for safer air traffic management. Thales’s RSM NG radar will replace Schiphol airport’s current secondary radar with no interruption of service, reinforcing Air Traffic Control at one of the Europe’s busiest airports.

As air traffic increases, air passengers’ safety does not start in the sky, it starts as soon as the airplane is on the ground and air traffic controllers need to know an airplane’s position at all times to ensure security and passenger safety.

The RSM NG is the newest generation of Secondary Surveillance Radars from Thales. Secondary radars are responsible for providing data for the proper management of air traffic by sending interrogations to the transponder of the aircraft, which then responds to the radar with their identification information, position, speed, and other characteristics. This allows ground controllers to have even more accurate information about the aircraft's location in the airspace.

Thales’s RSM NG secondary surveillance radar goes beyond Monopulse Secondary Surveillance Radar (MSSR) architecture by including Automatic Dependent Surveillance - Broadcast (ADS-B) technologies within the same sensor. Because the ADS-B receives the information emitted by aircraft once per second (e.g. Identification, altitude, speed, velocity, projected path, etc), it provides air traffic controllers with accurate aircraft information. The result is a state-of-the-art meta-sensor that merges different levels of data (up to 2, 000 aircrafts and 64 simultaneous data outputs), in order to provide accurate and continuous information that contributes to meeting the aircrafts’ 3 NM separation.

In a highly competitive market, Thales was selected for its capability to provide a cutting-edge radar, high detection performances and a trustworthy replacement plan with fast installation of the secondary radar, involving no interruption of service in a complex high traffic dense environment.

To be delivered and installed at Schiphol airport in less than a year, the RSM NG radar contract includes training to LVNL personnel, spare parts, and maintenance of the radar for a duration of 15 to 25 years.

Thales has been working with LVNL for more than 30 years contributing to Air Traffic Control and securing the airspace with Air Traffic Management solutions, radar equipment and navigation aids.

“We are proud to continue to contribute to strengthening air traffic control surveillance detection for our long standing-customer and we thank them for their continued trust in our technology. With high technological expectations from LVNL, the RSM NG, represents a solid performance and no less than 10 patents, with a track record of 40 RSM NG sold since the launch in 2021. ​ With more than 1100 ATC radars in the world, our ATC ensure critical air safety and air surveillance with a solid reputation for performance and reliability”, Lionel de Castellane, VP Civil Radars Segment, Thales

“For LVNL, safety in the airspace is the top priority. Our air traffic controllers must be able to rely on the air traffic situation picture they see to safely guide aircraft and passengers through Dutch airspace. Reliable, robust and modern systems are crucial for this. The new radar at Schiphol Airport, which Thales will implement in collaboration with LVNL, will contribute to ensuring that we can continue to manage air traffic safely, efficiently, and responsibly in the coming decades”, Edward Schaap, Manager of Communication, Navigation, and Surveillance for LVNL

1 ADS-B (Automatic Dependent Surveillance-Broadcast) is a co-operative surveillance system for real-time air traffic control.

2 Mode S - Mode S is a Selective interrogation Mode allowing receiving precise information from the aircraft such as Aircraft ID, speed, altitude or flight status.

/sites/default/files/prezly/images/banner%20resized%20LVNL.png Documents [Prezly] Thales RSM NG secondary radar selected by Luchtverkeersleiding Nederland to strengthen Air Traffic Control at Schiphol Airport.pdf Contacts Cédric Leurquin 12 Dec 2024 Type Press release Structure Aerospace Netherlands Thales has signed a contract with Luchtverkeersleiding Nederland (LVNL), the Dutch Air Navigation Services Provider for the delivery of the RSM NG digital Secondary Surveillance Radar with increased performance and reliability for safer air traffic management. Thales’s RSM NG radar will replace Schiphol airport’s current secondary radar with no interruption of service, reinforcing Air Traffic Control at one of the Europe’s busiest airports. prezly_711919_thumbnail.jpg Hide from search engines Off Prezly ID 711919 Prezly UUID 85027993-55d9-4cba-8b9b-b6aa2259da8a Prezly url https://thales-group.prezly.com/thales-rsm-ng-secondary-radar-selected-by-luchtverkeersleiding-nederland-to-strengthen-air-traffic-control-at-schiphol-airport Thu, 12/12/2024 - 10:30 Don’t overwrite with Prezly data Off

SC Media - Identity and Access

Datadog urges to phase out long-lived cloud credentials

The report found that long-lived credentials, such as outdated access keys and identity and access management users, remain a significant security vulnerability across all major cloud providers, including Amazon Web Services, Google Cloud, and Microsoft Azure.

The report found that long-lived credentials, such as outdated access keys and identity and access management users, remain a significant security vulnerability across all major cloud providers, including Amazon Web Services, Google Cloud, and Microsoft Azure.


Ocean Protocol

DF119 Completes and DF120 Launches

Predictoor DF119 rewards available. DF120 runs Dec 12 — Dec 19th, 2024 1. Overview Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor. Data Farming Round 119 (DF119) has completed. DF120 is live today, Dec 12. It concludes on December 19th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE&n
Predictoor DF119 rewards available. DF120 runs Dec 12 — Dec 19th, 2024 1. Overview

Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor.

Data Farming Round 119 (DF119) has completed.

DF120 is live today, Dec 12. It concludes on December 19th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF120 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF120

Budget. Predictoor DF: 37.5K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and Predictoor

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF119 Completes and DF120 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


SC Media - Identity and Access

Funding round raises $45M for Astrix Security

Such newly secured funds would be allocated toward bolstering NHI protections, noted Astrix Security, which touted its agentless platform's ability to discover and consolidate NHIs that helps reduce the risk of various cyber threats, including data breaches and supply chain compromise.

Such newly secured funds would be allocated toward bolstering NHI protections, noted Astrix Security, which touted its agentless platform's ability to discover and consolidate NHIs that helps reduce the risk of various cyber threats, including data breaches and supply chain compromise.


Senate bill prohibiting health, location data brokerage unveiled

Aside from providing the Federal Trade Commission with $1 billion to ensure its implementation, the bill would also enable the agency, state attorneys general, and individuals whose information had been exploited to file charges against data brokers.

Aside from providing the Federal Trade Commission with $1 billion to ensure its implementation, the bill would also enable the agency, state attorneys general, and individuals whose information had been exploited to file charges against data brokers.


Mozilla retires ‘Do Not Track’ option from Firefox browser

The feature was rarely effective at blocking tracking and is succeeded by the Global Privacy Control, according to Mozilla.

The feature was rarely effective at blocking tracking and is succeeded by the Global Privacy Control, according to Mozilla.

Wednesday, 11. December 2024

SC Media - Identity and Access

Critical ‘AuthQuake’ bug let attackers bypass Microsoft MFA

Oasis researchers say they reported the bug in June – and Microsoft patched it in October.

Oasis researchers say they reported the bug in June – and Microsoft patched it in October.


Spruce Systems

The Right to Be Deleted: How Digital Credentials Can Let Users Revoke Shared Data

Personal data licensing offers individuals enforceable control over their sensitive data by using digital tools to track, limit, and revoke data sharing.

We recently proposed the Personal Data License (PDL): a system that leverages Verifiable Digital Credentials to give individuals control over the sharing of their sensitive data, including the ability to enforceably limit, revoke, or receive disclosures about that access. As part of this system, the person sharing data will issue a PDL using their digital wallet, establishing a clear record of the terms for data sharing. The PDL will then be countersigned by the recipient, signifying their acceptance of the user's conditions and creating a mutual agreement that protects both parties.

Combined with legislative enforcement, a Personal Data License system would allow individuals to share data for a limited time, requiring recipients to delete it after the agreed period or report its continued existence as required. This enhanced level of control greatly increases the power that individuals have over their data. The ability to revoke data, ensure its removal, or receive notifications about its existence would have a profound impact in a landscape where personal data is increasingly used for commercial purposes and massive repositories of outdated data remain vulnerable to a growing number of security breaches.

Personal Data Licensing (PDL) would also have a third important benefit: increasing user trust in the digital systems handling their data. The public is increasingly confused and worried about how their data are used, by both private companies and governments. That anxiety could be a serious obstacle to the adoption of digital identity systems like the mobile driver’s licenses (mDL), which offer significant improvements to the current privacy and security status quo.

But how exactly would Personal Data Licensing work? Let’s dive in.

Forget Me Now

Enforceable data control is important, both practically and for public perception because the public has come to associate digital tools with sacrificing their privacy. There’s the ambient experience of surveillance-driven advertising, but also much more scary examples, such as when Target’s algorithm detected and exposed a customer’s pregnancy or the current uncertainty about what 23andMe will do with all the individual genetic information it owns

The 23andMe situation illustrates how trackable data licensing would improve on the current status quo. In retrospect, 23andMe’s customers would probably have preferred to let the company handle their genetic data temporarily, not store it in perpetuity. Personal data licensing makes data more like a digital book out for a temporary loan. Notably, the goal is not to create a more nuanced commercial license to let users monetize data, a concept many experts believe would be exploitative and bad for privacy. Instead, PDL is intended as a privacy tool for particularly sensitive data, such as medical records, allowing users to automatically and auditably request the deletion of their data from their smartphones. If a user revoked their PDL and then published this action to a public blockchain, there would be solid evidence that they requested their data deletion at a certain point in history, accessible to anyone with shared data records and an internet connection.

Personal Data Licensing would use the same mix of digital wallets and secure signatures that verify digital IDs like California’s mobile driver’s license. When data are shared from a document or record in a digital wallet, a PDL system could require the recipient to digitally countersign a data license indicating acceptance of terms. This is aligned with building blocks like Katara’s verifiable “receipt” for the data, which is based on standards outlined by groups, including ISO

These licenses would be readable by both humans and machines, outline the purpose of the sharing, and have clear expiration dates. They might also define any rights for third-party sharing or provisions for the sharer’s right to revoke data access. They may also encapsulate reporting requirements, such as how to notify the user if further data sharing is needed. Data wallets would automatically retain copies of these licenses, with verifiable signatures from the data recipients. With legislation backing, such as an updated version of Europe’s GDPR, this paper trail would make data deletion auditable and enforceable.

These capabilities and interactions are not currently part of dominant digital ID standards, such as the ISO’s Mobile Driver’s License (mDL) or the W3C’s Verifiable Credentials standard. We believe the system can be designed externally to such standards in the “white space” left open—though ideally, data licensing would eventually be integrated with base standards.

Data Control and a Fairer Digital Economy

A system of digitally signed receipts for data sharing would create a verifiable record of what data we share, with which counterparties, and under which conditions. However, legislation would be needed to ensure compliance by imposing penalties on data recipients who didn’t comply with the conditions of a license. Analogs to such legislation already exist, such as the California Consumer Privacy Act (CCPA), Utah Consumer Privacy Act (UCPA), and the  European GDPR’s “Right to Be Forgotten.” Governments worldwide have been implementing policies to give people more control over their data.

Notably, Utah enacted the Government Data Privacy Act (GDPA) in May 2024, which gives Utahns discretion over how their own government should manage their personal data. At SpruceID, we are generally aligned with actions that increase individual autonomy while avoiding the centralization of power.

However, the current enforcement state for these laws tends to favor large-scale data collectors, such as Google and Facebook, who can afford the staff and other overhead to comply. Compliance costs have even led some smaller digital businesses to leave the EU or even shut down entirely.

A standardized and open system of Personal Data Licensing, including verifiable “receipts,” would make both enforcement and compliance simpler, reducing the unfair burden that data policies have tended to have on smaller digital businesses. 

Public policy would need to support PDL systems with enforcement. Imagine, for instance, that months after releasing your blood test data to a medical provider, you start receiving health marketing messages that seem guided by that data. This evidence of data misuse could be directly correlated with a digitally signed receipt showing exactly who received the data, and when, and submitted to a data enforcement body. 

From “Papers, Please” to “Why—and for How Long?”

Making the Personal Data License a reality will take work and time, but we believe it’s a compelling path forward. One very practical upside of personal data licensing is that it will make privacy frameworks such as GDPR and CCPA much more implementable. A record-keeping standard simplifying policy enforcement gives individuals more control over their data while also reducing the compliance burden on firms that collect data for valid purposes.

More fundamentally, Personal Data Licensing would be a major step forward in digital identity’s overarching mission to improve privacy, security, and user control of data. Personal Data Licenses, paired with monitoring and enforcement, can reverse the power dynamic in data sharing. Instead of a presumption that users must hand over data on request, government agencies and data-hungry enterprises will be required to convincingly justify their data collection and how long it will be stored.

The data hoards built up by unrestricted data collection have become huge risks to global privacy, security, and democracy. They have been used for surveillance and mass manipulation. It’s time for a change in control.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.


FindBiometrics

ID Tech Digest – December 11, 2024

Welcome to ID Tech’s digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today: LexisNexis Risk Solutions to Acquire AI […]
Welcome to ID Tech’s digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today: LexisNexis Risk Solutions to Acquire AI […]

SC Media - Identity and Access

New ICIT report urges better resilience to threats of a digitally consolidated world

ICIT says the key to resilience is in the four Rs: resourcing, recovery, rehearsals, and response -- all essential to mitigate the risks posed by digital consolidation and ensure the security of critical infrastructure.

ICIT says the key to resilience is in the four Rs: resourcing, recovery, rehearsals, and response -- all essential to mitigate the risks posed by digital consolidation and ensure the security of critical infrastructure.


FindBiometrics

Singapore to Extend QR Code and Biometric Immigration Clearance at Land and Sea Checkpoints

Singapore’s Immigration and Checkpoints Authority (ICA) is implementing QR code clearance at all automated and special assistance lanes in the bus halls of Tuas and Woodlands checkpoints, marking the latest […]
Singapore’s Immigration and Checkpoints Authority (ICA) is implementing QR code clearance at all automated and special assistance lanes in the bus halls of Tuas and Woodlands checkpoints, marking the latest […]

Illinois Judge Denies Class Certification in Hotel Workers’ Biometric Privacy Lawsuit Against Unifocus

An Illinois federal judge has denied class certification in a case involving hotel workers who accused software provider Unifocus of violating the state’s Biometric Information Privacy Act (BIPA). The ruling […]
An Illinois federal judge has denied class certification in a case involving hotel workers who accused software provider Unifocus of violating the state’s Biometric Information Privacy Act (BIPA). The ruling […]

Zetrix Teams with China’s Blockchain Platform on Cross-Border Digital ID Verification

Zetrix, a layer-1 public blockchain platform, has established an exclusive partnership with Astron-Xinghuo BIF, the international chain of China’s national public permissioned blockchain operating under the Ministry of Industry and […]
Zetrix, a layer-1 public blockchain platform, has established an exclusive partnership with Astron-Xinghuo BIF, the international chain of China’s national public permissioned blockchain operating under the Ministry of Industry and […]

Karolinska Institutet Seeks Biometric Rings for Sleep Study

Sweden’s Karolinska Institutet (KI) has initiated a procurement process for advanced biometric sensor rings to support a comprehensive research study on human health metrics. The procurement, valued at 2 million […]
Sweden’s Karolinska Institutet (KI) has initiated a procurement process for advanced biometric sensor rings to support a comprehensive research study on human health metrics. The procurement, valued at 2 million […]

FBI Warns of Chinese Text Message Interception, Urges Encrypted Apps After ‘Salt Typhoon’ Attack

The Federal Bureau of Investigation has issued an advisory to American citizens regarding potential text message interception by foreign hackers, following a significant cyberattack dubbed “Salt Typhoon”. The attack has […]
The Federal Bureau of Investigation has issued an advisory to American citizens regarding potential text message interception by foreign hackers, following a significant cyberattack dubbed “Salt Typhoon”. The attack has […]

Indicio

With decentralized identity – start today, start small, scale smart

The post With decentralized identity – start today, start small, scale smart appeared first on Indicio.
With a focused, achievable goal, you can quickly deploy your Verifiable Credential ecosystem and gain an edge over your competitors

By Helen Garneau

If you’re looking to transform costly, inefficient, or user-unfriendly authentication and data sharing systems, our motto at Indicio is: “Start today, start small, scale smart.” This means beginning with a focused, manageable use case to build understanding of the technology, achieve results, and let these results create momentum. 

We’ve helped customers implement Verifiable Credentials to solve a myriad of business issues: interoperability between partners and governments when privacy is a concern or when direct integration is too complicated and expensive; inefficient, error-prone, and repetitive processes based on manual, paper-based form-filling verification, and simplifying, securing, and speeding up access to systems and software. 

But, rather than aiming to solve every challenge at once, we encourage customers to start with a small deployment that fixes one problem. This approach builds understanding and trust, drives stakeholder buy-in, and sets the foundation for long-term success. 

Verifiable Credentials are a new digital authentication method that uses cryptographic proofs to verify identity or attributes without exposing unnecessary personal information or requiring the verifier to check in with the original source of the information or a third-party identity provider.

Here’s how they work:

Issuer: A trusted entity (e.g., a bank, government agency, or employer) issues a credential to a user (e.g., proof of identity, business license). Holder: The user stores this credential securely in a digital wallet on their mobile device. Verifier: When logging in or accessing a service, the user presents a cryptographically verifiable proof of the credential and, depending on the use case, information in the credential to the verifier. Importantly, only the necessary data is shared, and the verifier can confirm its authenticity without contacting the issuer.

This decentralized model for data ecosystems means that users hold their own data and that the data issued in a credential is completely under the user’s control. This decentralization eliminates the need to store personal data in a centralized database in order to cross check and verify it. It also removes the privacy concerns over how third-parties can use personal data. 

Let’s look at the simplest decentralized identity ecosystem we can create, one where the issuer and verifier is the same entity — for example, an employer issuing an employee credential for seamless login to company systems and applications. This structure, often referred to as a closed ecosystem, provides a simple, controlled environment for implementing, testing, and understanding the solution. 

Once a team experiences how easy it is to implement such a system, the path is much easier to adding outside verifiers (say a company’s benefits partners) or other issuers (say, government-issued credentials) to create new ecosystems for sharing verifiable data. 

Starting in this way allows for iterative development and continuous improvement, ensuring smoother rollouts and minimizing risks. 

Our CTO, Ken Ebert calls this stage of development, a three-legged stool. While decentralized identity often seems like a purely technological solution, success relies on making important choices to balance the needs of three critical elements: 

Business: What problem are you trying to solve with decentralized identity and Verifiable Credentials? Who are the users, and how will they benefit? What funding model supports the initiative? We’ve seen the customers who are quick to answer these questions get the budget and speed to deployment the fastest.

Governance: Governance defines how users obtain the credentials, who uses them, who the other parties in the ecosystem are, as well as how the deployment adheres to emerging global data regulations. Ensuring compliance and clarity builds trust among stakeholders. 

Technology: This involves the foundational tools: the software for issuing credentials, holding credentials (in a digital wallet) and verifying credentials; the ability to write to and retrieve cryptographic material; and decisions over protocols and standards.

Our team at Indicio is active and lead many different communities where technologies and standards are being developed. From OpenID to DIDComm, W3C and IETF, chances are if you are interested in a specific protocol, credential type, or specification– we’ve got you covered.

An example of how these three elements work together: A company call center could issue credentials to customers, enabling quicker authentication. If this reduces verification time from 30 seconds to 5, with data to prove efficiency and customer satisfaction, the team can now ask for further funding for adoption. Here, the technology solves a business problem, and the governance is rooted in the trusted relationship between the company and its customers. 

As new applications and improvements emerge during an initial rollout, the temptation to scale quickly can be strong. However, the key to sustainable growth is incremental expansion. Using the call center example, this might mean gradually adding new verifiers, issuers, or credential holders to improve routine transactions while maintaining a stable and secure system. 

Decentralized identity is transformative. A key factor in the success of any decentralized identity project is effective communication of this — both internally and externally. Teams must articulate the value proposition to users, addressing the pain points that decentralized identity alleviates. This requires a combination of education, documentation, and messaging that engages stakeholders at every level. 

At Indicio, we help organizations take their first steps with decentralized identity and support their success as they grow into larger deployments. By providing enterprise-grade tools built on open-source technologies, a variety of hosting options, and customizable training programs, we provide businesses the flexibility to create a variety of scalable solutions to fit their needs. 

Whether you’re just starting out in testing or ready to deploy, our expertise helps you confidently navigate the path to a successful decentralized identity ecosystem.

Reach out to Indicio to get started.

###

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post With decentralized identity – start today, start small, scale smart appeared first on Indicio.


auth0

Bring Your Own Key (BYOK) in Auth0

Take control of your encryption keys using the BYOK security model in your Auth0 tenant.
Take control of your encryption keys using the BYOK security model in your Auth0 tenant.

Extrimian

Verifiable Credentials with attachments docs

The latest QuarkID update, implemented using the SSI API and ID Connect by Extrimian, introduces a critical feature for decentralized information management: VC Attachments. This functionality allows the inclusion of files, such as PDFs, images, and other formats, in verifiable credentials, providing additional context or evidence to support the information contained within the credentials. What [

The latest QuarkID update, implemented using the SSI API and ID Connect by Extrimian, introduces a critical feature for decentralized information management: VC Attachments. This functionality allows the inclusion of files, such as PDFs, images, and other formats, in verifiable credentials, providing additional context or evidence to support the information contained within the credentials.

What Are VC Attachments?

VC Attachments enhance the handling, storage, and linking of attachments to verifiable credentials. Issued under the Verifiable Credentials (VC) standard, these are cryptographically signed digital documents containing verifiable data.

The inclusion of attachments ensures that any relevant supplementary information is securely available and managed, preserving the integrity and reliability of shared or stored documents.

Birth Certificate in QuarkID wallet thanks to integration with miBA app Integration with miBA application to attach original scanned birth certificate to QuarkID wallet

Rapid Implementation What is the @quarkid/vc-attachments-agent-plugin?

The @quarkid/vc-attachments-agent-plugin is a plugin designed to expand the functionality of SSI agents, enabling secure management of file attachments in verifiable credentials. This plugin is essential for users who need to attach additional documents to their credentials, broadening their utility across various contexts.

Installation

The plugin can be installed using npm as the package manager:

npm install @quarkid/vc-attachments-agent-plugin

Usage in Mobile Agents

To integrate the plugin into a mobile agent:

Import the plugin into your project. Configure appropriate storage for file attachments. Add the plugin to the agent’s list of plugins to streamline the attachment management process during credential interactions.

For detailed instructions, refer to the step-by-step guide in the documentation.

Interaction with ID Connect SSI API API Integration Service

The SSI API provides two main endpoints for managing attachments:

PUT /attachment/filepath
Returns the file storage URL, allowing access to previously saved files. POST /attachment/upload
Facilitates the upload of new files to the API, offering a secure and direct method for storing additional information related to a credential.

Use Cases Retrieving Attachments

To retrieve attachments linked to a specific credential, use the getFileAttachments method, which fetches associated files.

Uploading Attachments

Uploading involves sending the file via a multipart form, along with detailed metadata, including a hash to ensure authenticity.

Learn More Documentation on VC attachments: Explore advanced configurations and capabilities. VC Wiki: Deepen your understanding of verifiable credentials and their applications. VC Issuance and usage guide: Master the creation and management of VCs. Visit the Extrimian Academy for courses and resources to help optimize your projects with verifiable information.

Start building, managing, and verifying digital information with Extrimian today to enhance the efficiency and security of your business operations.

The post Verifiable Credentials with attachments docs first appeared on Extrimian.


liminal (was OWI)

Market and Buyer’s Guide for Third-Party Risk Management

The post Market and Buyer’s Guide for Third-Party Risk Management appeared first on Liminal.co.

Dock

Introducing Credential Recovery: Ensuring Seamless Access to Your Digital Credentials, Anywhere

Today, we’re excited to announce our newest feature, Credential Recovery—a significant upgrade to our Digital ID Wallet, powered by Dock’s innovative Cloud Wallet technology, that makes credential recovery quick, secure, and convenient. ‍ Why Credential Recovery Matters Traditionally, Verifiable Credentials are

Today, we’re excited to announce our newest feature, Credential Recovery—a significant upgrade to our Digital ID Wallet, powered by Dock’s innovative Cloud Wallet technology, that makes credential recovery quick, secure, and convenient.

Why Credential Recovery Matters

Traditionally, Verifiable Credentials are stored solely on the user’s mobile device. 

If the device is lost or replaced, users can lose access to their credentials—a major inconvenience, and often a critical barrier in ID verification.


KuppingerCole

Jan 29, 2025: Securing Hybrid and Multi-Cloud Environments with Layered Protection Against Zero-Day DNS and Suspicious Domains

As organizations increasingly adopt hybrid and multi-cloud environments, they face significant challenges in securing their DNS, DHCP, and IP address management (IPAM) systems. The rise of sophisticated domain-based attacks, including zero-day DNS vulnerabilities and phishing schemes using newly registered domains, complicates the security landscape and exposes organizations to potential breaches.
As organizations increasingly adopt hybrid and multi-cloud environments, they face significant challenges in securing their DNS, DHCP, and IP address management (IPAM) systems. The rise of sophisticated domain-based attacks, including zero-day DNS vulnerabilities and phishing schemes using newly registered domains, complicates the security landscape and exposes organizations to potential breaches.

PingTalk

Compliance Management: Everything You Need to Know

Understand the role of compliance management in preventing noncompliance risks and ensuring regulatory adherence with best practices and examples.

Compliance management helps your business stay aligned with industry regulations, thus minimizing risks and maintaining efficient operations. In regulated industries, such as finance and healthcare (more on this below), following compliance standards is necessary to avoid legal penalties and reputational damage.

 

A strong compliance framework reduces risks related to data security, legal obligations, and your organization’s integrity. 

 

By managing compliance effectively, you protect your business from fines and safeguard its long-term success.

 

Tuesday, 10. December 2024

KuppingerCole

From Detection to Recovery: PAM's Crucial Role in Incident Management

In an era where cyber threats are constant, organizations must prepare not for if a breach will happen but when. The urgency to identify, address, and bounce back from security incidents has never been greater. Privileged Access Management (PAM) plays a vital role in bolstering defenses and streamlining responses to these incidents. However, many organizations still struggle to unlock its full ben

In an era where cyber threats are constant, organizations must prepare not for if a breach will happen but when. The urgency to identify, address, and bounce back from security incidents has never been greater. Privileged Access Management (PAM) plays a vital role in bolstering defenses and streamlining responses to these incidents. However, many organizations still struggle to unlock its full benefits, leaving critical vulnerabilities exposed.

Modern PAM solutions offer a range of capabilities that extend far beyond traditional access control. By integrating PAM into incident response strategies, organizations can significantly improve their ability to identify threats, contain breaches, and streamline recovery processes. Join us as we explore how PAM can be leveraged to transform human risk into human assets, providing full visibility and control over internal risks.

Paul Fisher, Senior Analyst at KuppingerCole Analysts, will look at the state of PAM and compare common versus emerging capability areas. He will discuss to which extent these capabilities can support not only protective requirements but support in the analysis of incidents and thus streamline incident reporting.

Aleksandr Dymov, Product Manager at Syteca, will showcase the Syteca platform, a comprehensive cybersecurity solution designed to meet the diverse needs of modern organizations. He will present a case study and provide a live demo, illustrating how Syteca's customizable security toolkit enables granular PAM and advanced user activity monitoring to secure organizations against insider threats.




Building CIAM With Open Standards

In this videocast, Tom Bruggeman from DPG Media shares how his team tackled the challenges of user authentication in a fast-changing media landscape. He highlights the role of open standards like OAuth and OIDC and explains how Authlete helped create a seamless and secure user experience. Tom also offers insights into future plans, including efforts to enhance user privacy and explore data wallet

In this videocast, Tom Bruggeman from DPG Media shares how his team tackled the challenges of user authentication in a fast-changing media landscape. He highlights the role of open standards like OAuth and OIDC and explains how Authlete helped create a seamless and secure user experience. Tom also offers insights into future plans, including efforts to enhance user privacy and explore data wallet solutions.




FindBiometrics

Neurotechnology Achieves Top Rankings in NIST Latent Fingerprint Recognition Test

Neurotechnology, a Lithuania-based biometric technology company, has achieved top rankings in the National Institute of Standards and Technology’s (NIST) Evaluation of Latent Friction Ridge Technology (ELFT). The company’s latent fingerprint […]
Neurotechnology, a Lithuania-based biometric technology company, has achieved top rankings in the National Institute of Standards and Technology’s (NIST) Evaluation of Latent Friction Ridge Technology (ELFT). The company’s latent fingerprint […]

SecureAuth Acquires SessionGuardian with Eye to Remote Work Security

SecureAuth has acquired SessionGuardian, enhancing its identity and access management (IAM/CIAM) capabilities with new continuous biometric verification technology. The acquisition incorporates SessionGuardian’s Biometric Continuous Identity Assurance (BCIA) functionality into SecureAuth’s […]
SecureAuth has acquired SessionGuardian, enhancing its identity and access management (IAM/CIAM) capabilities with new continuous biometric verification technology. The acquisition incorporates SessionGuardian’s Biometric Continuous Identity Assurance (BCIA) functionality into SecureAuth’s […]

Nigeria Launches Immigration Technology Research Hub

President Bola Tinubu has officially commissioned the Nigeria Immigration Service (NIS) Technology Innovation Complex, also known as the Bola Ahmed Tinubu Technology Innovation Complex (BATTIC), at the NIS headquarters in […]
President Bola Tinubu has officially commissioned the Nigeria Immigration Service (NIS) Technology Innovation Complex, also known as the Bola Ahmed Tinubu Technology Innovation Complex (BATTIC), at the NIS headquarters in […]

SC Media - Identity and Access

Over 11K youths affected by Datavant breach

Infiltration of a single user's email in a phishing attack between May 8 and May 9 allowed threat actors to compromise individuals' names, addresses, Social Security numbers, contact information, financial account details, health information, passports, and driver's licenses.

Infiltration of a single user's email in a phishing attack between May 8 and May 9 allowed threat actors to compromise individuals' names, addresses, Social Security numbers, contact information, financial account details, health information, passports, and driver's licenses.


'AppLite Banker' lures victims with job offers, infects devices with trojan

Banking trojan gives attackers access to corporate credentials, apps, and data when employees run remote access sessions on their Androids.

Banking trojan gives attackers access to corporate credentials, apps, and data when employees run remote access sessions on their Androids.


FindBiometrics

ID Tech Digest – December 10, 2024

Welcome to ID Tech’s digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today: New York State Launches Mobile Digital […]
Welcome to ID Tech’s digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today: New York State Launches Mobile Digital […]

SC Media - Identity and Access

Ongoing widespread AWS customer credential theft exposed by open S3 bucket

Attacks conducted by the threat actors since March involved the exploitation of numerous open-source tools and scripts to discover AWS's 26.8 million IP addresses, whose domain addresses were later obtained through a Shodan search, an analysis by cybersecurity researchers Noam Rotem and Ran Locar published on vpnMentor showed.

Attacks conducted by the threat actors since March involved the exploitation of numerous open-source tools and scripts to discover AWS's 26.8 million IP addresses, whose domain addresses were later obtained through a Shodan search, an analysis by cybersecurity researchers Noam Rotem and Ran Locar published on vpnMentor showed.


Indicio

Indicio’s commitment to OpenID for Verifiable Credentials: leading the way in compatibility for global digital identity standards

The post Indicio’s commitment to OpenID for Verifiable Credentials: leading the way in compatibility for global digital identity standards appeared first on Indicio.
Our success in developing OpenID for Verifiable Credentials is paving the way for new use cases and quicker adoption.

By Helen Gareau

Our mission at Indicio is to make decentralized identity accessible and practical for real-world adoption. A key to this is our active involvement in developing and supporting OpenID for Verifiable Credentials (OID4VC) and OpenID for Verifiable Presentations (OID4VP). Part of the emerging European eIDAS 2.0 identity standards, these protocols specify how Verifiable Credentials can be used, building on OpenID Connect (OIDC), a widely used framework for authenticating user access to applications and websites. 

OID4VC: Streamlines the issuance of Verifiable Credentials using familiar web technologies.

OID4VP: Facilitates the presentation of these credentials, ensuring interoperability with existing OpenID-based systems.

These protocols make the transition to decentralized identity and Verifiable Credentials easy for many organizations, as they are familiar with the underlying authentication technology and don’t have to replace their identity and access management systems. This means companies and organizations can quickly implement seamless operations and services that deliver immediate value. 

As Gartner Research notes in its 2024 Market Guide to Decentralized Identity, the technology “represents magnitudes of improvement in terms of efficiency, cost and assurance” for authentication, account security, fraud, privacy, and security. 

Indicio’s OID4VC in action

An example of Indicio’s work with these protocols is the IATA One ID Proof of Concept (POC). This was developed with our strategic partner SITA, along with Delta Airlines and the Government of Aruba, and showcased at the joint IATA World Financial Symposium (WFS) and IATA World Passenger Symposium (WPS) in October 2024.

The POC showed how two different Verifiable Credentials, a Digital Travel Credential using the DIDComm protocol and a One ID credential using OID4VC, can work seamlessly together to facilitate seamless check in, baggage management, lounge access, and international border crossing. 

The POC showed just how easy it is for a person to enroll in both at the same time with a passport and mobile phone, and then use them for instant, seamless authentication through each step of the passenger journey from home to destination. This was the first ever One ID implementation. 

You can see a demonstration from a recent meeting of the Indicio Identity Community Meetup.

At Indicio, we see the future as a multi-credential, protocol, and standard world, and our goal is to provide the best implementation of each to meet our customer needs and to ensure that all work together so that our customers can seize every opportunity.

Our success in implementing  OID4VC and in combining and bridging different credentials and protocols has made Indicio a trusted partner for global organizations looking to implement cutting-edge identity solutions.

If you’re ready to explore how OID4VC can revolutionize your identity ecosystem, or to explore our solutions in education, finance, health, agriculture, the public sector, and travel and tourism, we’re here to help you every step of the way. Reach out to Indicio today!

###

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post Indicio’s commitment to OpenID for Verifiable Credentials: leading the way in compatibility for global digital identity standards appeared first on Indicio.


KuppingerCole

​​The Marriage of Cohesity and Veritas​

by Mike Small A Game-Changer in Data Backup and Cyber Resilience  On December 10th, 2024, Cohesity and Veritas announced that they have finalized their union. This is a major development as it will create the largest player in the rapidly growing market for cyber resilience and data protection. Data is not only fundamental to all organizations’ business processes b

by Mike Small

A Game-Changer in Data Backup and Cyber Resilience 

On December 10th, 2024, Cohesity and Veritas announced that they have finalized their union. This is a major development as it will create the largest player in the rapidly growing market for cyber resilience and data protection. Data is not only fundamental to all organizations’ business processes but now also defines the very infrastructure upon which these processes depend.  Cyber-attacks and ransomware are an existential threat to this data and data protection solutions are essential for cyber resilience.  This union represents a pivotal moment in the worldwide marketplace for these solutions. 

Why This Merger is Important 

Digitalization of business processes has increased the potential impact of cyber threats.  This, taken together with increased regulation on cyber resilience, makes the market for these solutions strong. Based on our current research the Cloud Backup market size was last estimated at over $5.75B with an annual growth rate of 18.7%. 

The merger of Cohesity and Veritas underscores the importance of dependable, scalable, and innovative data protection solutions for cyber resilience. Both these vendors are recognized as leaders in our recent Leadership Compass report Cloud Backup for AI Enabled Cyber Resilience with each bringing their own complementary strengths.  

Complementary Strengths 

Cohesity brings its modern, cloud-native approach to data management and Veritas brings its long-standing expertise in enterprise-grade data protection. By combining their strengths, the new entity is well placed to address the full spectrum of data protection and cyber resilience needs. 

Cohesity offers the Cohesity Data Cloud (CDC), built on SpanFS, an immutable filesystem ensuring data integrity and security plus instant file serving of backed-up NAS data, and using SnapTree chain-free metadata such that essentially each point-in-time backup can be accessed as rapidly and efficiently as if it had been originally made via a full backup.  Veritas products include Veritas Alta™ Data Protection, NetBackup – an enterprise backup and recovery solution, and Backup Exec - designed for backup and recovery for small to mid-sized businesses. Together these combine modern architecture with a wide range of capabilities and coverage. 

The Importance of ML and GenAI 

An important market trend is the evolution of machine learning (ML) and artificial intelligence (AI) in particular generative AI (GenAI).  ML and GenAI provide capabilities that can be helpful to enhance cyber resilience, and we expect cyber resilience solutions to exploit these technologies where appropriate.   

Both vendors have recognized the importance of ML and GenAI both in terms of the opportunities they provide as well as the data protection needs, they introduce.  

Veritas uses GenAI/ML with the AI-powered Operational Assistant, Veritas Alta™ Copilot. Alta Copilot brings the power of GenAI to Alta View, making it more intuitive and accessible for all users to detect suspicious activities. 

Cohesity’s AI framework, including the patent-pending Cohesity Gaia, leverages GenAI throughout the platform to offer operational insights, anomaly detection, information insights, and predictive analytics. Gaia enables users to search based on meaning rather than search based on characters, and converse with their data using natural language. The platform also includes AI-driven data classification and threat detection, utilizing machine learning to enhance security and compliance. 

In our view, in future an organization should be able to give a GenAI based backup and disaster recovery solution a set of resilience objectives, compliance requirements and cost constraints for the system to build, evaluate, and implement the technology elements and support the manual processes needed to meet these.  

Impact on Customers 

Not all marriages last and customers may be anxious about what this union may mean for them.  Both companies recognized that it is easier to lose customers than to gain them. In February 2024, when they announced their intention to combine, the announcement included a “no customer left behind” product roadmap in which “...all products will be supported for many years. Customers can migrate when and if they want, on their own schedule.”  

Here is what we expect the new entity to provide: 

Transitional Arrangements – to ensure that all capabilities from the existing products remain available with the opportunity to mix and match between the two product ranges.  No enforced customer migration. 

Enhanced Capabilities: a unified portfolio that combines the best of both companies' technologies. These will likely be based around the Cohesity Data Cloud (CDC), to provide a unified interface and exploit the wide range of data connectors from Veritas. 

Global Reach and Support: With their combined resources, the new entity will be better positioned to provide support and expertise across regions and industries. This is particularly important for enterprises operating in highly regulated sectors such as healthcare, finance, and government. 

Technology Advances to Watch For 

The Cohesity-Veritas merger is not just a consolidation of market share but a bold move to accelerate technological advancements in data backup and recovery. Key innovations we anticipate include: 

AI and Machine Learning for Data Resilience: Leveraging Cohesity’s AI-driven analytics and Veritas’s deep integration capabilities, the new entity is likely to push the boundaries of predictive and autonomous data recovery. This could minimize downtime and enhance ransomware recovery strategies. 

Seamless Multi-Cloud Integration: As businesses increasingly adopt hybrid and multi-cloud environments, the combined expertise of Cohesity and Veritas will result in more robust and seamless cloud-native solutions, protecting data and data defined infrastructure in a common way across diverse environments. 

Comprehensive Data Governance and Compliance: With increasing regulations on data protection and cyber resilience worldwide, the union offers an opportunity to deliver solutions to help organizations to meet and exceed their regulatory obligations. 

Our Opinion 

The union of Cohesity and Veritas is a transformative moment for the data protection and cyber resilience market. As the largest player in the market, the combined company has the power to set new standards, influence industry trends, and drive the next wave of innovation. For customers, this means access to unparalleled technology and expertise, though the path forward may ultimately require customers to adapt and align with new offerings. 

As dust settles on this announcement, one thing is clear: the data protection and cyber resilience market has forever changed, and we are just beginning to understand the full impact of this historic combination.  Stay tuned and book now for EIC in May 2025 to hear the latest news. 


PingTalk

Understanding Audit Trails — Uses and Best Practices

What are audit trails? Understand types, and the benefits of implementing audit trails for compliance, fraud prevention, and legal investigations.

Audit trails provide a comprehensive record of user activities within a network or system, showing who did what and when. These logs play an important role in modern security, compliance, and fraud prevention, providing better system transparency and accountability.

 

In today’s world, Identity enables organizations to maintain digital audit trails across business environments. This allows organizations to track user activities more effectively, helping to reduce the risk of data breaches and strengthen their overall security posture. 

 

Below, we’ll take a closer look at audit trails and what they’re used for, including the common types, challenges, and best practices for maintaining them. 

 


SC Media - Identity and Access

Six identity takeaways from 2024's cyber blunders and breaches

From phishing traps to third-party risks, these hard-hitting insights reveal what went wrong—and how to fortify your identity defenses for the future.

From phishing traps to third-party risks, these hard-hitting insights reveal what went wrong—and how to fortify your identity defenses for the future.

Monday, 09. December 2024

SC Media - Identity and Access

Okta Secure Sign-In Trends Report Shows Companies are Getting Smarter about MFA - Chris Niggel - BSW #375


Forced exposure: Few SMBs adequately protect themselves against cyberattacks

Most owners of small and medium-sized businesses worry greatly about cyberattacks, yet few take steps to properly protect themselves, a survey finds.

Most owners of small and medium-sized businesses worry greatly about cyberattacks, yet few take steps to properly protect themselves, a survey finds.


Tokeny Solutions

Bitcoin Hits $100K: The Tokenization Tipping Point?

The post Bitcoin Hits $100K: The Tokenization Tipping Point? appeared first on Tokeny.
December 2024 Bitcoin Hits $100K: The Tokenization Tipping Point?

Last week, Bitcoin hits $100k!

This milestone, fueled by institutional adoption and a promising regulatory shift under new SEC Chair Paul Atkins, sets the stage for a transformative 2025 in onchain finance and tokenization. It is clear that institutional capital is going onchain, it is crucial to start bringing assets onchain now. The tokenization trend is inevitable.

But to reach that tipping point, we must overcome a few critical challenges.

Challenge 1: Lack of Actionable Data


The Problem:
Private assets often lack actionable data that allow all ecosystems to easily read the data of the tokens, such as Net Asset Value (NAV). Without this, other applications like data aggregators, distributors, and other service providers, can not provide accurate data to their audience.

The Solution:
ERC-3643 is designed to solve this. With its built-in AssetID smart contracts, tokenized assets gain a unique onchain identity. Asset data (Asset type, NAV, ISIN, LEI, ESG ratings…) can be verified and directly linked to AssetID. This allows the ecosystem service providers to access verified asset information.

Challenge 2: Limited Accessibility


The Problem:
Despite the promise of tokenized RWAs, they remain out of reach for most investors. Take BlackRock’s tokenized money market fund, BUIDL, as an example. Its $454 million market cap in Ethereum is held by just 23 investors, with 40% owned by a single Web3 company. High minimum investments exclude smaller investors from participating. Many institutions are still hesitating to open their onchain products to retail investors. They are afraid of losing control and fail to enforce compliance.

The Solution:
The ERC-3643 token standard enables issuers to tokenize more accessible financial products while maintaining full control and automated compliance. ERC-3643 tokens are permissioned tokens. They ensure issuers decide who can participate, and under what conditions, and even allow for token freezing or recovery. Issuers can scale by using this token standard and open onchain assets to smaller investors. The protocol has already been used many times to tokenize securities available to retail investors, such as open-ended public funds, or even with prospectus exemptions in Europe.

Challenge 3: Fragmented Liquidity


The Problem:
Secondary markets for RWAs remain siloed. Distributors can only offer assets within their isolated order books, leaving unmatched trades, inactive markets, and frustrated investors.

The Solution:
Shared liquidity. Imagine all distributors leveraging a shared order book while retaining full control of their platforms and investor relationships. In the new era of tokenized assets, trading offers are universal. Investors publish a trading offer on one platform, and it is instantly visible across all others. Smart contracts ensure compliance by design: Onchain identity checks confirm the buyer’s eligibility, enforce transfer restrictions, and verify wallet balances. Unauthorized transactions are denied instantly. The best part is delivery vs payment enabling instant settlements. Trades are completed in seconds without counterparty risk or intermediaries, creating a seamless and risk-free experience.

This vision is no longer theoretical. ERC-3643 tokens, combined with the open liquidity protocol DINO, make it a reality. By sharing an onchain catalog of offers, blockchain has been turned into a giant marketplace.

But unlocking this potential requires collective action.

For asset issuers: Adopting the open source ERC-3643 standard ensures compliance and future interoperability. For asset administrators: Defining their operating models to support seamless onchain operations. For distributors: Connecting to the ERC-3643 catalog of tokens and starting managing onchain transactions.

At Tokeny, our mission is to provide the best in class tokenized assets orchestration platform and expertise for all stakeholders to thrive in this financial revolution, empowering institutions to upgrade finance, onchain.

Change is no longer optional, it’s an opportunity, let’s make 2025 a bull market for RWAs!

Tokeny Spotlight

EVENT

DAW Panel with Apex Group on: How will mass customization shape the future of asset management?

Read More

EVENT

Attended Applied Blockchain with one clear message: Without standardization, onchain finance will be in silos.

Read More

INTERVIEW

 Our CEO Luc Falempin interview by NASDAQ to discuss the need for breaking down industry silos.

Read More

PODCAST

CCO, Daniel Coheur spoke on the Digital Pound Foundation podcast about: Tokenized MMF.

Read More

PRODUCT NEWSLETTER

ERC-3643 standard is the motherboard, you can add any block you need.

Read More

NEW TEAM MEMBER

Meet Christian Stricker our Digital Marketing Intern. Welcome to the team!

Read More Tokeny Events

Abu Dhabi Finance Week
December 9th – 12th, 2024 | 🇦🇪 UAE

Register Now

Luxembourg Blockchain Week
December 9th – 13th, 2024 | 🇱🇺 Luxembourg

Register Now ERC3643 Association Recap

Recognition by MAS

ERC-3643 is recognized as the official standard in the Project Guardian of the Monetary Authority of Singapore (MAS).

Learn more here

Subscribe Newsletter

A monthly newsletter designed to give you an overview of the key developments across the asset tokenization industry.

Previous Newsletter  Dec9 Bitcoin Hits $100K: The Tokenization Tipping Point? December 2024 Bitcoin Hits $100K: The Tokenization Tipping Point? Last week, Bitcoin hits $100k! This milestone, fueled by institutional adoption and a promising regulatory shift… Oct21 Institutional Tokenization 3.0: Break Silos October 2024 Institutional Tokenization 3.0: Break Silos Since Tokeny started building tokenization solutions in 2017, we have seen financial institutions exploring tokenization of assets in… Sep6 Amsterdam Teambuilding Fuels Our Mission for Open Finance May 2024 Amsterdam Teambuilding Fuels Our Mission for Open Finance Greetings from Amsterdam! We hope you had a wonderful summer holiday. Recently, our global team… Aug1 Transaction Privacy: The Last Blocker for Massive Open Finance Adoption July 2024 Transaction Privacy: The Last Blocker for Massive Open Finance Adoption Open finance is a new approach to financial services, characterized by decentralization, open…

The post Bitcoin Hits $100K: The Tokenization Tipping Point? appeared first on Tokeny.


KuppingerCole

Jan 14, 2025: Identity Fabric and Reference Architecture 2025: Future-Proofing your IAM

The Identity Fabric paradigm has established as the guiding principle for building modern Identity & Access Management (IAM) infrastructures. Since the introduction by KuppingerCole Analysts more than five years ago, many organizations have adopted this concept to streamline their IAM architecture, portfolio, and investments. With the newest release of the Identity Fabric, KuppingerCole Analyst
The Identity Fabric paradigm has established as the guiding principle for building modern Identity & Access Management (IAM) infrastructures. Since the introduction by KuppingerCole Analysts more than five years ago, many organizations have adopted this concept to streamline their IAM architecture, portfolio, and investments. With the newest release of the Identity Fabric, KuppingerCole Analysts provides an updated framework that not only reflects the evolution of IAM with respect to supported identity types and technologies, but also provides additional perspectives and layers to help organizations shape their own Identity Fabric for human and non-human identities. The Reference Architecture as second major framework of KuppingerCole Analysts adds more detail to the Identity fabric by going more into detail on IAM.

SC Media - Identity and Access

Texas flags Sirius XM, three others for data privacy law violations

While Sirius XM has allegedly engaged in the sharing of sensitive user data with unaffiliated third parties and other groups without notifying users and obtaining their consent, the MyRadar weather app, Miles travel rewards app, and Tapestri information rewards app have been accused of failing to secure data sharing permissions and inform users regarding their data privacy rights.

While Sirius XM has allegedly engaged in the sharing of sensitive user data with unaffiliated third parties and other groups without notifying users and obtaining their consent, the MyRadar weather app, Miles travel rewards app, and Tapestri information rewards app have been accused of failing to secure data sharing permissions and inform users regarding their data privacy rights.


KuppingerCole

Shaping the Future of Digital Identity: The KuppingerCole Identity Fabric 2025

by Matthias Reinwarth Identity and Access Management (IAM) has long been the backbone of enterprise security. As digital transformation accelerates and compliance requirements grow more stringent, the need for a flexible, scalable, and future-proof IAM framework has never been more critical. This is where the KuppingerCole Identity Fabric comes into play - a holistic framework expertly designed t

by Matthias Reinwarth

Identity and Access Management (IAM) has long been the backbone of enterprise security. As digital transformation accelerates and compliance requirements grow more stringent, the need for a flexible, scalable, and future-proof IAM framework has never been more critical. This is where the KuppingerCole Identity Fabric comes into play - a holistic framework expertly designed to tackle these challenges head-on.

But why is a comprehensive IAM blueprint so crucial? According to recent data, only 40% of companies currently have a complete IAM blueprint in place, while 26.8% are in the process of developing one, and a concerning 33.1% have no blueprint at all. This gap highlights a significant vulnerability for many organizations, leaving them exposed to risks that could be mitigated with a well-defined IAM strategy. The Identity Fabric addresses this very issue by providing a structured, adaptable approach to IAM, ensuring that organizations not only close this gap but also stay ahead of future challenges.

Building on its successful design and widespread adoption, KuppingerCole analysts and advisors are currently finalizing the updated revision of the Identity Fabric for 2025, scheduled for release soon. This new version is not just a routine update; it is a carefully crafted evolution that leverages valuable feedback from the industry, incorporates insights and experiences from end-user organizations, and integrates the latest market and technology trends.

Understanding the basics: What is the Identity Fabric?

At its core, the Identity Fabric is a comprehensive, holistic framework for architecting, evolving, and modernizing IAM systems. It is essential for organizations looking to keep pace with the demands of their future challenges, ensure compliance, and address evolving business requirements. Identities are the cornerstone of cybersecurity frameworks, and the Identity Fabric offers a structured approach to managing them effectively.

The benefits of the Identity Fabric are multifaceted. It not only provides a robust high-level model for IAM but also ensures that systems are adaptable to future challenges. This adaptability is crucial as the digital landscape continues to evolve, bringing with it new threats and opportunities. The business value of the Identity Fabric lies in its ability to streamline IAM processes, reduce operational costs, and enhance the overall user experience.

Applying the Identity Fabric: Why is it so useful?

The Identity Fabric is not just a theoretical framework; it is a practical tool that can be applied across various IAM scenarios. Whether you are designing a new IAM platform or evolving an existing one, the Identity Fabric provides the entry point for a clear roadmap. Areas of application include:

Strategy Definition for New IAM Platforms: Implementing new IAM platforms requires more than just technical know-how - it demands a strategic vision. The Identity Fabric helps define long-term goals and ensures that the platform is built with future scalability in mind. Strategy Definition for Evolving IAM Platforms: Just as new platforms need a strategic direction, so do existing systems undergoing transformation. The Identity Fabric guides the modernization process, ensuring that legacy platforms meet both current and future business requirements. Architecture Design for New IAM Platforms: When building new IAM platforms, the Identity Fabric framework ensures a robust, scalable, and flexible architecture. This architecture can adapt to changing business needs and technological advancements, making it future proof. Architecture Design for Evolving IAM Platforms: For organizations with existing IAM systems, the Identity Fabric offers a pathway to modernization. By aligning legacy systems with the framework, businesses can enhance functionality and improve scalability without the need for a complete overhaul. Review and Analysis of Existing IAM Service Platforms: To fully leverage the Identity Fabric, organizations must first understand their current state. Thorough reviews and analyses help identify gaps, inefficiencies, and areas for improvement, allowing the Identity Fabric to guide the necessary changes. Portfolio Management: Effective IAM is not just about managing individual systems - it’s about managing a portfolio of services and solutions. The Identity Fabric ensures that all elements are aligned with business objectives and that resources are allocated efficiently. Evolving the Identity Fabric for 2025: A Sneak Peek

The upcoming 2025 update to the Identity Fabric brings several exciting enhancements, each aimed at ensuring that the framework remains relevant in the face of both technological and business changes.

A Revision of the Conceptual Design: The new Identity Fabric will feature a slightly updated conceptual design that encapsulates all relevant themes. The structure of the Fabric will be more refined, looking at all types of identities, with all relevant IAM capabilities consolidated into IAM services and mapped to tools and market segments. Integration with the IAM Reference Architecture: One of the key enhancements in the 2025 update is the integration of the Identity Fabric with the existing IAM Reference Architecture. This ensures that the Reference Architecture is aligned within the Fabric context. Development of Detailed Blueprints: The 2025 update will also enable new applications of the Identity Fabric through deriving detailed, bespoke, and individualized detail identity fabrics. Crucial will be a new model of a two-tiered refinement of the KuppingerCole Identity Fabric (IF), which aims to provide a structured framework for managing identity and access within different organizational contexts.

The Identity Fabric can be adjusted two levels of abstraction:

Level 1: Master Identity Fabric (IF) - This is the core framework designed to manage functions and services across various identity and access management (IAM) requirements. It acts as the central IAM blueprint applicable to a broad range of organizations. Level 2: Tailored Identity Fabrics per Business Model and/or Maturity Level - At this level, the Master Identity Fabric is refined into more specific models to serve different organizational needs and maturity levels. These refined models serve as role models for other organizations and are designed to meet the distinct challenges and requirements of various industries.

This hierarchical approach allows for greater flexibility, ensuring that the Identity Fabric can be adapted to fit specific organizational contexts while maintaining a standard core framework.

Looking Ahead: The Future of IAM

The KuppingerCole Identity Fabric 2025 is more than just an update - it’s a strategic evolution that prepares organizations for the future of IAM. By adopting this enhanced framework, businesses can ensure that their IAM systems are not only capable of meeting today’s challenges but are also ready for the unknowns of tomorrow. As identities continue to be at the core of cybersecurity, the Identity Fabric offers a clear path to resilience, adaptability, and long-term success.

Stay tuned for the official release of the KuppingerCole Identity Fabric 2025, where these enhancements and more will be fully detailed, providing a cutting-edge framework for the next generation of IAM.


Thales Group

Avinor selects Thales to deploy Norway’s next-generation nationwide Unmanned Traffic Management system

Avinor selects Thales to deploy Norway’s next-generation nationwide Unmanned Traffic Management system prezly Mon, 12/09/2024 - 09:00 Thales and Avinor have partnered to implement Norway’s next-generation nationwide Unmanned Traffic Management (UTM) system, enhancing airspace management for both unmanned and manned aircraft while ensuring full compliance with European regulatory s
Avinor selects Thales to deploy Norway’s next-generation nationwide Unmanned Traffic Management system prezly Mon, 12/09/2024 - 09:00 Thales and Avinor have partnered to implement Norway’s next-generation nationwide Unmanned Traffic Management (UTM) system, enhancing airspace management for both unmanned and manned aircraft while ensuring full compliance with European regulatory standards. Thales' Topsky - UAS, powered by AstraUTM, will provide a scalable, automated platform for real-time traffic management, compliance monitoring, and safe integration of unmanned aircraft, paving the way for efficient air mobility operations across Norway. The new UTM system supports Norway’s vision for unmanned aviation, enabling safe, scalable drone operations and laying the groundwork for future Advanced Air Mobility (AAM) solutions alongside traditional aviation.
Drones flying in Norway, image generated by AdobeFireFly, December 2024

This strategic partnership with Avinor, the Norwegian air navigation service provider and airport operator, will enable the deployment of ​ Norway’s next-generation nationwide Unmanned Traffic Management system. This collaboration represents a major step forward in Norway’s airspace management, combining innovation with strict regulatory compliance. It also signifies a key milestone for Thales in the integration of AstraUTM, a recently acquired leader in cutting-edge UTM software development.

With its newly released product Topsky - UAS powered by AstraUTM, Thales will provide a safe and scalable digital platform for automated UTM and future AAM (Advanced Airspace Mobility). This system will efficiently manage air traffic in the vicinity of airports and metropolitan, suburban, and regional areas, offering capabilities such as compliance monitoring, authorisation management, real-time decision-making, continuous airspace surveillance, automated conflict resolution, and rapid response to dynamic conditions.

Ensuring safety and compliance in Norwegian skies ​

Avinor’s new UTM system aims to provide essential services for various stakeholders, including drone operators, air traffic service providers (ATSP), government agencies, and other key players in Norway in relation to the low altitude airspace management. The system will meet regulatory standards as specified in Implementing Regulation (EU) 2021/664, alongside the Acceptable Means of Compliance and Guidance Material for U-space management, ensuring that all services meet the highest standards of safety and operational transparency.

This UTM system will integrate safe, efficient and predictable access services such as the Common Information Service (CIS) and U-space Service Provider (USSP) provisions, ensuring complete regulatory compliance in U-space designated airspaces.

Enabling efficient UAS operations at scale nationwide ​

Through the implementation and management of a nationwide UTM system, Norway will benefit from robust unmanned traffic management solutions that support the diverse requirements of both civilian and governmental stakeholders. The system will deliver advanced real-time data sharing, streamlined and automated airspace access, and enhanced situational awareness to enable operations at scale in Norway’s dynamic airspace environment for all operators in the manned and unmanned airspace.

"We are honored to collaborate with Avinor to bring this nationwide UTM system to life in Norway, prioritising safety, innovation, and, naturally, regulatory alignment. Together with Avinor, we embrace the development of BVLOS (Beyond Visual Line of Sight) services in non-segregated airspaces, enabling technologies that make it simple and economical to perform safe, repeatable and scalable commercial UAS operations. Our UTM solutions, recently enhanced with AstraUTM, a Thales company, reflect Thales’ commitment to advancing airspace management and setting the foundation for safe and integrated air mobility." said Christian Rivierre, Vice-President Airspace Mobility Solutions, Thales.

"At Avinor, we are proud to be an active contributor in developing uncrewed aviation in Norway. Partnering with Thales on this next-generation UTM system reflects our dedication to advancing uncrewed operations in Norwegian airspace. This system will support Avinor’s role in ensuring the safe and efficient integration of drones, providing oversight, and managing airspace responsibly. We are excited to work with Thales as a strategic partner to deliver a solution that benefits all airspace users and supports air traffic services in managing drone operations." stated Mats Bye Gjertsen, Vice-President Avinor Drone Programme.

/sites/default/files/prezly/images/Generic%20banner%20option%204_9.png Documents [Prezly] Avinor selects Thales to deploy Norways next generation nationwide Unmanned Traffic Management system.pdf Contacts Cédric Leurquin 09 Dec 2024 Type Press release Structure Aerospace Norway This strategic partnership with Avinor, the Norwegian air navigation service provider and airport operator, will enable the deployment of Norway’s next-generation nationwide Unmanned Traffic Management system. This collaboration represents a major step forward in Norway’s airspace management, combining innovation with strict regulatory compliance. It also signifies a key milestone for Thales in the integration of AstraUTM, a recently acquired leader in cutting-edge UTM software development. prezly_711693_thumbnail.jpg Hide from search engines Off Prezly ID 711693 Prezly UUID 63cf3cef-9d8c-48cc-bd7d-fe5859d4848b Prezly url https://thales-group.prezly.com/avinor-selects-thales-to-deploy-norways-next-generation-nationwide-unmanned-traffic-management-system Mon, 12/09/2024 - 10:00 Don’t overwrite with Prezly data Off

PingTalk

What is an Access Control List (ACL)? Basics & Best Practices

Learn what access control lists (Access Control Lists) are, how they work, types, benefits, and best practices for retail, e-commerce, and finance security.

Access control lists (ACLs) support enterprise security by helping organizations manage who can access a given resource and what privileges they have if granted access. 

 

ACLs might apply to a broad system or network, or even just one file folder. Plus, they may be used alongside other security mechanisms to safeguard sensitive resources and efficiently filter network traffic.  

 

In this guide, we’ll explore what access control lists are, how they work, and best practices for their implementation and use for optimal security results. We’ll even discuss some of the more advanced access control systems that are better suited to modern organizations.

 

Sunday, 08. December 2024

KuppingerCole

Cyber Hygiene for Your Personal Life

In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by cybersecurity expert John Tolbert to talk about essential tips for personal cyber hygiene. Together, they discuss practical advice for keeping your devices secure, avoiding common threats, and implementing best practices for online safety. Whether you're a tech-savvy professional or just starting to think about your

In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by cybersecurity expert John Tolbert to talk about essential tips for personal cyber hygiene. Together, they discuss practical advice for keeping your devices secure, avoiding common threats, and implementing best practices for online safety. Whether you're a tech-savvy professional or just starting to think about your digital security, this episode offers actionable insights to protect yourself and your loved ones in an increasingly connected world.



Thursday, 05. December 2024

SC Media - Identity and Access

Chemonics discloses months-long breach affecting 263K people

The major USAID contractor says unauthorized access continued up to 25 days after the intrusion was first detected.

The major USAID contractor says unauthorized access continued up to 25 days after the intrusion was first detected.


Northern Block

The United Nations Transparency Protocol (with Steve Capell)

Discover how the United Nations Transparency Protocol (UNTP) is revolutionizing global trade with transparency and trust. In this episode of The SSI Orbit Podcast, Steve Capell, Vice Chair of UN/CEFACT, joins Mathieu Glaude to discuss combating greenwashing, the role of digital product passports, and the power of verifiable credentials. The post The United Nations Transparency Protocol (with Ste

🎥 Watch this Episode on YouTube 🎥
🎧   Listen to this Episode On Spotify   🎧
🎧   Listen to this Episode On Apple Podcasts   🎧

About Podcast Episode

Are you confident in the environmental and social claims about your products?

In this episode of The SSI Orbit Podcast, host Mathieu Glaude sits down with Steve Capell, Vice Chair of UN/CEFACT and Project Lead of the United Nations Transparency Protocol (UNTP), to explore how transparency and traceability are being revolutionized in global value chains. Together, they unpack the challenges of greenwashing, the urgency of compliance with new regulations, and the transformative potential of a global transparency protocol.

Steve shares real-world examples, such as the impact of carbon border adjustments and digital product passports, highlighting how regulatory frameworks and technological innovation intersect. The conversation also addresses the role of decentralized identifiers and verifiable credentials in ensuring the integrity of sustainability claims.

Key Insights:

Greenwashing is widespread, with over 50% of product claims being misleading or false. The UNTP offers a standards-based approach to ensure transparency and interoperability in value chains. Verifiable credentials are essential for decentralized trust, linking data to trusted sources while ensuring integrity. Regulations like carbon border adjustments and product passports are reshaping trade by enforcing sustainability disclosures. The UN’s role as a neutral body provides a trusted space for creating global standards and recommendations.

Tune in to this episode to learn how the UNTP is driving a shift from marketing-led sustainability claims to evidence-backed transparency and why this transformation is critical for regulatory compliance and strategic business differentiation. Don’t miss this deep dive into the future of transparent global trade!

 

Strategies: Utilize the UNTP’s toolkit to develop industry-specific extensions for transparency. Implement digital product passports to provide traceable, evidence-backed sustainability claims. Leverage verifiable credentials for identity assurance and data integrity across decentralized systems. Align with emerging global regulations to stay ahead in compliance and strategic differentiation. Chapters: 00:00 – Why is the UN pursuing the development of a new protocol to help solve transparency in sustainability disclosures? 09:17 – How to ensure integrity of claims being made is the defacto standard? 16:32 – How did the UNTP think through the proper technical and governance architecture to support all transparency use cases? 32:36 – What will become the catalyst for the mass uptake of the UNTP? 40:32 – What makes the UN a good home for the definition of a transparency protocol? 51:03 – Does all data that interacts with the UNTP need to be public? 58:40 – Is there an opportunity for registrars to create value using the UNTP?  Additional resources: Episode Transcript UNTP Overview: A detailed introduction to the United Nations Transparency Protocol (UNTP). UN/CEFACT: Learn more about the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT)The digital product passport and its technical implementation Green claims – European Commission – Environment: New criteria to stop companies from making misleading claims about environmental merits of their products and services. Carbon Border Adjustment Mechanism (CBAM): EU regulation on carbon emissions and global trade. About Guests

Steve Capell is the Vice Chair of UN/CEFACT and the Project Lead of the United Nations Transparency Protocol (UNTP), bringing over 20 years of experience across industry and government. His expertise bridges organizational goals with the right blend of people, processes, and technology to deliver impactful outcomes.

With a diverse career spanning oilfield engineering, business management, software development, and strategic consulting, Steve is uniquely positioned to connect technical solutions with business needs. As a seasoned Solution and Enterprise Architect, he deeply understands architectural frameworks and standards, ensuring they are applied effectively to achieve practical and sustainable results.

Steve’s leadership in transparency initiatives, particularly through his work on the UNTP, reflects his commitment to fostering trust and traceability in global value chains. His ability to empathize with stakeholders and navigate the intersection of business and technology makes him a driving force in creating solutions that address today’s most pressing challenges. LinkedIn

  The post The United Nations Transparency Protocol (with Steve Capell) appeared first on Northern Block | Self Sovereign Identity Solution Provider.

The post <strong>The United Nations Transparency Protocol</strong> (with Steve Capell) appeared first on Northern Block | Self Sovereign Identity Solution Provider.


KuppingerCole

The Role of PAM in Modern Cybersecurity

by Paul Fisher Privileged Access Management (PAM) is a critical pillar in cybersecurity frameworks, safeguarding sensitive systems and data from increasingly sophisticated cyber threats. Privileged credentials—such as those used by administrators, developers, or automation scripts—are often the target of cyberattacks due to the expansive access they provide. As such, organizations require robust

by Paul Fisher

Privileged Access Management (PAM) is a critical pillar in cybersecurity frameworks, safeguarding sensitive systems and data from increasingly sophisticated cyber threats. Privileged credentials—such as those used by administrators, developers, or automation scripts—are often the target of cyberattacks due to the expansive access they provide. As such, organizations require robust PAM solutions that go beyond traditional boundaries to address emerging challenges such as shadow IT, insider threats, and secure remote access.

The demand for PAM solutions is driven by the growing complexity of IT environments, which now encompass hybrid infrastructures, multi-cloud ecosystems, and remote work arrangements. However, deploying and managing PAM solutions comes with its own set of operational challenges. Organizations must navigate the integration of these tools into existing systems, ensuring seamless functionality while managing privileged identities across distributed environments.

Effective PAM solutions today are more than just vaults for storing passwords—they enable organizations to enforce dynamic, time-limited access controls, continuously monitor user activity, and generate comprehensive audit trails. These capabilities are not only essential for security but also for meeting regulatory requirements. Syteca, formerly Ekran System, has redefined its offerings to meet these evolving demands, placing functionality, usability, and real-world applicability at the core of its approach.

The Growing Competition in the PAM Market

The PAM market has evolved rapidly over the past decade, with established players and new entrants competing for a share of this critical space. This growth reflects a broader trend in cybersecurity, as organizations increasingly prioritize the protection of privileged credentials. However, the shift toward hybrid and multi-cloud environments has added new dimensions to the challenge.

Organizations are no longer looking solely for tools that secure credentials; they need PAM solutions that provide agility, scalability, and ease of use without compromising security. Features like Just-in-Time (JIT) access, seamless integration with Zero Trust architectures, and compliance with ever-changing regulatory landscapes have become standard expectations.

Vendors are responding to this demand with diverse offerings, from feature-rich enterprise solutions to specialized tools tailored to specific industries. In this crowded market, differentiation is key. Solutions that adapt to unique business needs while addressing broader challenges, such as securing remote access and monitoring insider activities, are more likely to succeed. Syteca’s recent transformation and expanded capabilities position it as a strong contender in this competitive landscape.

Why Ekran System Became Syteca

In May 2024, Ekran System rebranded as Syteca, a strategic decision that signifies the company’s evolution and commitment to addressing the challenges of modern cybersecurity. The new name reflects Syteca’s expanded focus on delivering innovative system security and technology management solutions.

This transformation is more than a rebranding exercise; it marks a shift in how the company approaches Privileged Access Management. Syteca aims to align its tools with the practical needs of organizations, emphasizing usability and efficiency. Enhanced features, such as real-time threat detection, advanced session recording, and streamlined workflows, underline the company’s goal to offer comprehensive yet intuitive solutions.

By rebranding, Syteca positions itself as a forward-thinking player in the PAM market. The company is not only addressing the challenges organizations face today but also anticipating the needs of tomorrow, ensuring its solutions remain relevant in an ever-changing landscape.

Key Use Cases Highlighting Syteca’s Capabilities

Syteca’s approach to PAM is best understood through its real-world applications. These use cases demonstrate how the solution addresses critical security challenges across various industries and scenarios.

1. Detecting and Securing Shadow Accounts

Shadow IT accounts—those created without authorization or outside central control—pose significant security risks. These accounts are often overlooked, leaving them vulnerable to exploitation by attackers. Syteca automates the discovery of shadow accounts across Windows servers and Active Directory, onboarding them securely into its secrets management system. Once onboarded, passwords are rotated, preventing unauthorized access and ensuring compliance. Security teams can then evaluate and either disable or remove unauthorized accounts, reducing exposure to potential threats.

2. Mitigating Insider Threats with Privileged Account Monitoring

Insider threats remain a major concern for organizations, particularly when dealing with privileged accounts. Syteca addresses this challenge by continuously monitoring Active Directory for new privileged accounts. Discovered accounts are secured with two-factor authentication (2FA), session recording, and role-based access control (RBAC). These measures ensure that only authorized users can access sensitive systems, with all activities logged and auditable. This proactive approach helps organizations detect suspicious behaviour early and mitigate risks effectively.

3. Securing Sleeping Accounts

Inactive or dormant accounts often go unnoticed, becoming an attractive target for attackers. For example, the account of a former employee may still be active and exploitable. Syteca’s automated discovery tools identify these sleeping accounts, onboard them into the secrets management system, and rotate credentials to cut off unauthorized access. In real-world scenarios, this capability has helped organizations close security gaps caused by oversight, ensuring that no dormant accounts remain vulnerable.

4. Managing Third-Party Database Administrators (DBAs)

Organizations often rely on external contractors, such as third-party DBAs, to maintain critical systems. These contractors require temporary yet secure access to isolated networks. Syteca facilitates this through a combination of Jump servers, ticketing system integrations, and controlled access mechanisms. Contractors can only access specific resources via pre-approved workflows, with passwords rotated after each use. Session recording ensures that all activities are logged, providing full accountability.

5. Enhancing Security in Healthcare

In healthcare settings, securing access to electronic health records (EHRs) is paramount. Hospitals and clinics use Syteca to enforce strict access controls, such as 2FA and time-based restrictions, ensuring that only authorized personnel can access patient data during working hours. Additionally, audit capabilities allow administrators to monitor and review all activities involving sensitive data, helping organizations maintain compliance with industry regulations like HIPAA.

6. Enabling Secure File Transfers for Marketing Agencies

Collaborating with external vendors often requires temporary access to sensitive systems. For a marketing agency, Syteca facilitates secure file transfers via an FTP server. Access is granted only through secrets management, with manual approval workflows ensuring that each request is vetted. Passwords are rotated after use, and sessions are recorded for auditing. This approach allows agencies to collaborate confidently without exposing sensitive client data to unnecessary risk.

The Future of PAM

The cybersecurity landscape is evolving rapidly, and Privileged Access Management is at the forefront of this change. Organizations face mounting pressure to secure their privileged credentials while navigating complex IT ecosystems and regulatory requirements. Syteca’s transformation and its ability to address diverse use cases illustrate its commitment to meeting these challenges.

By focusing on usability, scalability, and real-world applicability, Syteca provides organizations with tools to address critical security gaps. Whether detecting shadow IT accounts, mitigating insider threats, or securing third-party access, Syteca demonstrates how PAM solutions can evolve to meet the needs of today’s security-conscious organizations.

As competition in the PAM market intensifies, solutions like Syteca will be instrumental in helping organizations achieve their security goals. With its comprehensive feature set and forward-thinking approach, Syteca is well-positioned to redefine what it means to manage privileged access effectively in the 21st century.


Analyst's View: Cloud Security Posture Management (CSPM)

by Mike Small The responsibility for security of cloud services is shared between the Cloud Service Provider (CSP) and the cloud customer. While the CSP must take steps to secure the service it provides, it is up to the cloud customer to secure the way they use the service. The customer must implement what are known as Complementary User Entity Controls (CUECs) to achieve this. Cloud Security Post

by Mike Small

The responsibility for security of cloud services is shared between the Cloud Service Provider (CSP) and the cloud customer. While the CSP must take steps to secure the service it provides, it is up to the cloud customer to secure the way they use the service. The customer must implement what are known as Complementary User Entity Controls (CUECs) to achieve this. Cloud Security Posture Management (CSPM) tools are intended to help organizations using cloud services to identify and manage the risks under their control.

liminal (was OWI)

The Role of Reusable Identity and Public-Private Partnerships in Age Assurance

The post The Role of Reusable Identity and Public-Private Partnerships in Age Assurance appeared first on Liminal.co.

KuppingerCole

Analyst's View: eXtented Detection and Response (XDR)

by John Tolbert eXtended Detection and Response (XDR) represents a platform-based approach to modern cybersecurity, integrating and correlating data from multiple security layers to deliver a holistic view of threats and to streamline response actions. By unifying telemetry from endpoints, networks, servers, email, cloud environments, and other security domains, XDR enhances visibility, simplifies

by John Tolbert

eXtended Detection and Response (XDR) represents a platform-based approach to modern cybersecurity, integrating and correlating data from multiple security layers to deliver a holistic view of threats and to streamline response actions. By unifying telemetry from endpoints, networks, servers, email, cloud environments, and other security domains, XDR enhances visibility, simplifies incident management, and accelerates threat mitigation. This report presents an overview of XDR technology, exploring its foundational capabilities, key differentiators, and its evolving role in the cybersecurity landscape. Drawing on insights from our latest research, it examines how XDR aligns with organizational security strategies, addresses emerging threats, and compares to traditional solutions like SOAR and EPDR, offering a forward-looking perspective on its impact and adoption trends.

Analyst's View: Managed Detection and Response (MDR)

by Warwick Ashford In today’s rapidly evolving threat landscape, Managed Detection and Response (MDR) has become indispensable for organizations of all sizes. Cybercriminals and state-sponsored attackers relentlessly target businesses, making 24/7 threat detection and response essential. Yet, many organizations face budget constraints and a shortage of skilled security staff, leaving them overwhel

by Warwick Ashford

In today’s rapidly evolving threat landscape, Managed Detection and Response (MDR) has become indispensable for organizations of all sizes. Cybercriminals and state-sponsored attackers relentlessly target businesses, making 24/7 threat detection and response essential. Yet, many organizations face budget constraints and a shortage of skilled security staff, leaving them overwhelmed by alerts from fragmented systems. MDR fills this gap by offering expert monitoring, advanced threat analysis, and real-time response.

Infocert

Electronic Seal: What it is and How it Works

What the electronic seal is and what it is for What the electronic seal is and how it works The electronic seal is a digital technology that guarantees the authenticity, integrity and origin of the digital documents to which it is applied. It was introduced by EU Regulation 910/2014 (eIDAS), which defines it as a […] The post Electronic Seal: What it is and How it Works appeared first on infocer
What the electronic seal is and what it is for What the electronic seal is and how it works

The electronic seal is a digital technology that guarantees the authenticity, integrity and origin of the digital documents to which it is applied. It was introduced by EU Regulation 910/2014 (eIDAS), which defines it as a set of data in electronic form “which is attached to or logically associated with other data in electronic form” with the aim of guaranteeing the origin and integrity of the document.

 

This tool can be considered as a kind of digital stamp, used predominantly by legal entities (companies, organisations) to certify the origin and integrity of digital documents. Unlike an electronic signature, which identifies a natural person, an electronic seal associates the document with an organisational entity, protecting it from unauthorised modification and guaranteeing its authenticity.

The qualified electronic seal (QeSeal)

The qualified electronic seal is created using a device that contains a qualified certificate, which guarantees the highest level of security and reliability for the authentication of digital documents. This is an advanced version of the electronic seal, which offers additional legal guarantees thanks to its compliance with strict European standards. 

 

Unlike the advanced electronic seal (AdESeal), a qualified electronic seal is created by means of a device containing a certificate issued in compliance with the requirements laid down by EU legislation. It can, therefore, be defined as the equivalent of a qualified electronic signature, the only difference being that it does not refer to a natural person, but to a legal entity. 

 

So while, through a digital signature, the data of the natural person who applied it can be traced, a qualified electronic seal makes it possible to trace the name of the legal entity. For this reason, it can be used for myriad activities, even by numerous parties belonging to the same company or organisation. It can, for example, be used to prove ownership of business documents, to protect intellectual works, for certificates of incorporation, for the management of medical records and medical reports as well as for many other purposes.

How to Obtain It

To obtain it, a legal entity must go through an even more stringent verification process, conducted by a Certification Authority authorised by a government agency.

 

InfoCert was among the first Qualified Trust Service Providers to be certified for the Qualified Electronic Seal, gaining recognition for its qualified validation services. This allows InfoCert to issue electronic seals for multiple uses, such as the eSeal for EPREL, the European Product Registry for Energy Labelling, with which companies wishing to apply for the energy classification of their products must register. 

 

Find out more about the Electronic Seal.

The post Electronic Seal: What it is and How it Works appeared first on infocert.digital.


PingTalk

Ping Identity Named a Leader in the 2024 Forrester Wave™

Ping Identity named a Leader in the Q4 2024 Forrester Wave™ for CIAM.

Thales Group

Copernicus Sentinel-1C Earth observation satellite successfully launched

Copernicus Sentinel-1C Earth observation satellite successfully launched tas Fri, 12/06/2024 - 07:34 Sentinel-1C will supply vital radar imagery for understanding climate change and preserving our planet Kourou, December 6, 2024 – The Copernicus Sentinel-1C Earth observation satellite, built by prime contractor Thales Alenia Space, the joint company between Thales (67%) and Leonar
Copernicus Sentinel-1C Earth observation satellite successfully launched tas Fri, 12/06/2024 - 07:34

Sentinel-1C will supply vital radar imagery for understanding climate change and preserving our planet

Kourou, December 6, 2024 – The Copernicus Sentinel-1C Earth observation satellite, built by prime contractor Thales Alenia Space, the joint company between Thales (67%) and Leonardo (33%), was successfully launched by a Vega C rocket operated by Arianespace from Europe’s Spaceport in Kourou, French Guiana.

Sentinel-1C © ESA

Sentinel-1C is part of Copernicus, the Earth Observation component of the European Union’s Space Programme. This programme is managed by the European Commission and funded by the EU with a partial contribution of the European Space Agency (ESA), the organisation responsible for the development and launches of dedicated Sentinel satellites. ESA also operates some of the missions and ensures the availability of data.

Sentinel-1C will join the Sentinel-1A satellite in orbit, providing images of the Earth’s surface, day and night and in all weather conditions, for a broad array of science applications designed to protect our planet.

This crucial data will be used to monitor landslides, earthquake zones, volcanic activity and variations in polar ice cover. They will also provide valuable insights for monitoring deforestation, the use of water resources and supporting emergency responders and search and rescue teams in the event of natural disasters. In addition, Sentinel-1C is the first satellite of the Sentinel-1 mission to be equipped with an  Automatic Identification System payload, enabling it to play a vital role in maritime safety by improving traffic management, avoiding collisions and monitoring ships in critical areas.

Sentinel-1C preparation for fit check ©Thales Alenia Space_ImaginE

The Sentinel-1 mission comprises two satellites in Sun-synchronous orbit operating in tandem to provide optimal global coverage with a 12-day repeat cycle. Their pre-tasking capability means that data can be acquired consistently over long periods, which is essential for analyzing environmental trends.  This data is accessible to public authorities, companies and citizens around the world on a free, full and open basis.

As prime contractor for the Sentinel-1 mission on behalf of ESA, Thales Alenia Space is responsible for satellite design, development, integration and testing. Each Sentinel-1 satellite is built on the PRIMA spacecraft bus developed by Thales Alenia Space for the Italian Space Agency (ASI) and carries a C-band synthetic aperture radar (SAR) instrument developed by Airbus Defence & Space. This SAR instrument enables precise mapping at resolutions up to 5 meters and coverage out to 400 kilometers.

“I’m delighted with the successful launch of the Sentinel-1C satellite, which will supply vital radar imagery for a broad array of science applications to help preserve our planet,” said Giampiero Di Paolo, Deputy CEO, Senior Vice President Observation, Exploration and Navigation at Thales Alenia Space. “The teams at Thales Alenia Space, who are contributing to 11 of the 12 missions in the Copernicus programme, can be proud of this success, which marks a new phase in our collaboration with the European Commission and the European Space Agency.”

With a launch mass of around 2.2 metric tons, Sentinel-1C will operate in low-Earth orbit at an altitude of 700 km and has a design life of 7.25 years. It will be joined in orbit by its twin Sentinel-1D, currently undergoing cleanroom tests at Thales Alenia Space’s facility in Cannes. These latest Sentinel-1 satellites feature an innovative world first: a patented mechanism to separate the radar antenna from the spacecraft bus on re-entry into Earth’s atmosphere at the end of their lifetime, thus helping mitigate orbital debris.

Leonardo contributed to the development of the Sentinel-1C and 1D satellites by supplying the attitude sensors (Autonomous Star Tracker) and the power units that feed the radar, ensuring continuous availability of images.

Data from the Sentinel-1C satellite will be collected by several European centers, including the ground station of the e-GEOS space center, a joint venture between Telespazio (80%) and the Italian space agency (20%), located in Matera, Italy.

About Copernicus

Copernicus is the Earth observation component of the European Union’s Space Programme, looking at our planet and its environment to benefit all European citizens. It provides accurate, timely and easily accessible information to improve the management of the environment, understand and mitigate the effects of climate change and ensure civil security. The world’s most advanced Earth Observation system, Copernicus provides continuous, free, and reliable Earth observation data and services to public authorities, companies and citizens around the globe.

Copernicus comprises several families of satellites and a series of monitoring networks (e.g. ground based weather stations, ocean buoys and air quality monitoring networks) to provide robust integrated information and to calibrate and validate the data from satellites.

The satellites are built by European prime contractors for ESA. A program of this scale enables Europe to better anticipate the consequences of global warming so that we can safeguard our planet.

The programme is managed by the European Commission and is co-funded by the European Union and ESA. The European Space Agency is responsible for the coordination, implementation and evolution of the programme, as well as the operations of some spacecrafts.

Thales Alenia Space, a key Copernicus partner

Thales Alenia Space is a major contributor to 11 of the Copernicus programme’s 12 missions. Sentinel-1 monitors land and sea in all weather conditions, day and night, thanks to its radar capabilities. Sentinel-2 and -3 acquire high-resolution optical imagery over land and coastal waters. Sentinel-4 and -5 are dedicated to meteorology and climatology missions. Sentinel-6 monitors the planet’s oceans. As well as being prime contractor for the Sentinel-1 and -3 satellite families, Thales Alenia Space also supplied the Sentinel-2 image ground segment and helped build the imaging spectrometer on Sentinel-5P and the Poseidon-4 radar altimeter on Sentinel-6. In 2020, Thales Alenia Space was awarded five contracts for the six new Copernicus Expansion missions, as prime contractor for the CIMR, ROSE-L and CHIME satellites and supplier of the CRISTAL and CO2M mission payloads. These new satellites will measure human-induced atmospheric carbon dioxide, survey sea ice and snow cover, support new optimized services for sustainable farming and biodiversity, observe sea-surface temperature and salinity as well as sea ice density and strengthen land monitoring and emergency management services.

ABOUT THALES ALENIA SPACE
Drawing on over 40 years of experience and a unique combination of skills, expertise and cultures, Thales Alenia Space delivers cost-effective solutions for telecommunications, navigation, Earth observation, environmental management, exploration, science and orbital infrastructures. Governments and private industry alike count on Thales Alenia Space to design and build satellite-based systems that provide anytime, anywhere connections and positioning, monitor our planet, enhance management of its resources and explore our Solar System and beyond. Thales Alenia Space sees space as a new horizon, helping to build a better, more sustainable life on Earth. A joint venture between Thales (67%) and Leonardo (33%), Thales Alenia Space also teams up with Telespazio to form the parent companies’ Space Alliance, which offers a complete range of services. Thales Alenia Space posted consolidated revenues of approximately €2.2 billion in 2023 and has around 8,600 employees in 8 countries, with 16 sites in Europe.

/sites/default/files/database/assets/images/2022-10/New_Banner.jpg 06 Dec 2024 Thales Alenia Space Type Press release Structure Space Sentinel-1C will supply vital radar imagery for understanding climate change and preserving our planet Kourou, December 6, 2024 – The Copernicus Sentinel-1C Earth observation satellite, built by prime contractor Thales Alenia Space, the joint company betwee... Hide from search engines Off Don’t overwrite with Prezly data Off Canonical url https://www.thalesaleniaspace.com/en/press-releases/copernicus-sentinel-1c-earth-observation-satellite-successfully-launched

Thursday, 05. December 2024

Indicio

Indicio drives decentralized identity interoperability in the upcoming DIDComm DIF Interop-a-thon

The post Indicio drives decentralized identity interoperability in the upcoming DIDComm DIF Interop-a-thon appeared first on Indicio.
Bringing its robust Mediator to the DIDComm DIF Interop-a-thon, Indicio supports interoperability efforts with expert insights and essential infrastructure for seamless testing.

By Helen Gareau

Interoperability is the cornerstone of decentralized identity, ensuring that diverse ecosystems can seamlessly interact  with each other. At Indicio, we are constantly working to advance  interoperability so that customer solutions will be able to work with all the emerging standards and protocols and effortlessly scale to meet opportunities. This is why we are excited to participate in the upcoming DIDComm Interop-a-thon, organized by the Decentralized Identity Foundation (DIF).   

DIDComm is short for Decentralized Identifier Communication, an open standard for secure, private, peer-to-peer communication between Decentralized Identifiers (DIDs). It’s one of the least-well understood aspects of decentralized identity and one of the most powerful — especially for business. DIDComm enables each party in a decentralized identity ecosystem to seamlessly authenticate the other over a secure channel before sharing data. But it also enables a mobile device to function with the capacity of an API, enabling anyone with a mobile phone and digital wallet to become their own, highly available, easily permissioned, data platform. 

While many people think about decentralized identity as an “identity verification” solution — not surprising given the scale of current identity fraud — DIDComm enables decentralized identity to go beyond that and create trust networks for much richer digital relationships and data sharing.

For the upcoming Interop-a-thon, Indicio is providing our robust mediator. Mediators play a critical role in the DIDComm protocol, enabling message routing between mobile devices, ensuring smooth and secure communication. Developers will be able to access the Indicio Mediator to test routing and communication scenarios in a secure, reliable environment.  

At Indicio, we are committed to supporting the decentralized identity community. By supporting events like the DIDComm DIF Interop-a-thon, we’re not only contributing infrastructure but also championing the values of collaboration and innovation that drive this space forward.  

We can’t wait to see the incredible advancements that emerge from this event. If you’re attending, be sure to test with our mediator and share your experiences with us. Together, we’ll continue to build a decentralized future that works for everyone.  

Want to learn more about the DIDComm DIF Interop-a-thon or our work with mediators? Contact us. Let’s build the future of interoperability together!

###

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post Indicio drives decentralized identity interoperability in the upcoming DIDComm DIF Interop-a-thon appeared first on Indicio.


Spruce Systems

Meet the SpruceID Team: Juliano C.C. Tavares

Juliano, a Senior Software Engineer at SpruceID, combines his passion for innovation and learning to deliver impactful digital identity solutions.
Name: Juliano C. C. Tavares
Team: Engineering
Based in: Paraná, Brazil About Juliano

I always knew I wanted to work in computing, and my journey began with university projects. My focus then was distributed systems and wireless networks, so I started specializing in those. I worked for a few years with wireless networks and embedded systems, completing a master's degree in IoT during that time. After a few years of working in the field, I realized that I liked working with web development much more and started to follow that path.

SpruceID came into my life years later as a professional challenge. It is very exciting to develop ambitious projects and open-source libraries that contribute to the digital future.

Can you tell us about your role at SpruceID?

I'm currently a senior software engineer at SpruceID, working mainly with front-ends and occasionally touching some wild Rust code. I believe my biggest contributions here were in the SSX project, which is a wrapper for our other library SIWE (Sign-In With Ethereum), and also this year in the project with Utah. I had the opportunity to work here on some things I was very interested in learning about (e.g., WebAssembly and mobile development) and things I had never imagined working with (Rust front-end). We definitely have a lot of challenges and opportunities to learn and apply new tools and technologies.

What do you find most rewarding about your role?

I am very happy when we finish a project, and it starts to be used by customers. At SpruceID, in addition to the projects that the end user will use, we also have libraries that other developers can build with. There is a huge potential for people who will be reached by our work.

What are some of the most important qualities for someone in your role to have, in your opinion?

Curiosity and persistence. We work with technologies that are still evolving, and our decisions will shape many of the paths forward. With no established playbook to guide us, we rely on our own exploration and determination to define the way.

What are you currently learning, or what do you hope to learn?

I have a web development background and am venturing into mobile. I'm still trying to improve my skills and knowledge in this area.

What has been the most memorable moment for you at SpruceID so far?

In addition to what I said earlier about the projects, I couldn't leave out our team meetings. We had many incredible moments in Japan, Ireland, and Portugal, and I can't forget to mention everyone's visit to Brazil, where I was able to show a little more about my culture.

What's the best piece of advice you've received since starting here?

Have confidence in your work—it’s genuinely excellent, and we all recognize and appreciate that.

What is some advice that you’d give to someone in your role who is early in their career?

Challenge yourself to solve problems that you look at and say, "I have no idea where to start."

How do you define success in your role, and how do you measure it?

Deliver on time, few without bugs, and with good code.

Fun Facts

What do you enjoy doing in your free time?: cooking, watching movies, playing volleyball and camping with friends.

What is your favorite coding language (and why?): JavaScript/TypeScript, because it's what I've used the most and feel most comfortable coding with.

If you could be any tree, what tree would you be and why?: I would be a Trumpet Tree. It is a Brazilian tree, and here we call it Ipê, which is a name originating from Tupi and means "rough-barked tree." This tree is very common here and always colors our springs.

Interested in joining our team? Check out our open roles and apply online!

Apply to Join Us

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.


Thales Group

Thales appointed to deliver SOC-CMM accredited maturity assessments

Thales appointed to deliver SOC-CMM accredited maturity assessments Language English simon.mcsstudio Thu, 12/05/2024 - 09:42 Thales has been approved as a silver support partner of SOC-CMM, highlighting our commitment to help organisations enhance their security operations. Through this accreditation and partnership, we’re trusted to deliver Security Oper
Thales appointed to deliver SOC-CMM accredited maturity assessments Language English simon.mcsstudio Thu, 12/05/2024 - 09:42

Thales has been approved as a silver support partner of SOC-CMM, highlighting our commitment to help organisations enhance their security operations. Through this accreditation and partnership, we’re trusted to deliver Security Operations Centre (SOC) Maturity Assessments that meet what’s widely recognised as the global standard.

The Importance of Independent Assessments

In the ever-evolving landscape of cybersecurity threats, independent and objective assessments like SOC-CMM are vital. They provide an unbiased evaluation of an organisation's security operations, identifying strengths and areas for improvement to help ensure the SOC is developing in the right direction or operating at peak efficiency and effectiveness. An external review can bring fresh perspectives and insights that internal teams might overlook, helping to uncover hidden vulnerabilities and optimise security processes.

Why SOC-CMM Assessments Matter

SOC-CMM assessments provide a structured framework for evaluating the maturity of a SOC. This includes assessing business drivers, governance, capabilities, processes, and overall effectiveness in managing security operations. By following the SOC-CMM framework, organisations can benchmark their SOC against industry standards and best practices, ensuring they meet or exceed these benchmarks.

The assessment covers key pillars such as business alignment, people, processes, technology, services and continuous improvement.

SOC-CMM assessments help companies identify gaps in their security operations and provide a clear road map for improving SOC capabilities. This allows them to prioritise improvements and allocate resources more effectively, leading to more robust and resilient security operations.

Demonstrating a commitment to high standards in cybersecurity can also build trust with customers, partners, and stakeholders, ultimately enhancing an organisation's reputation.

Michael Cormack, Managing SOC Consultant at Thales, said: “One of the common frustrations we hear from our customers is that the return on investment is not always understood by the business. By identifying inefficiencies and areas where resources are not effective, we’ve helped our customers to streamline their security operations, strengthening their business case and continued investment and growth towards SOC so they can stay ahead of the developing threat landscape.”

Want to know more about our SOC Advisory and Consulting services?

If you’re looking to strengthen your company’s cybersecurity posture, take a look at our website for more information on our SOC advisory and consulting services, including SOC-CMM maturity assessments.

Email the team at SOCAdvisory@uk.thalesgroup.com

/sites/default/files/database/assets/images/2024-11/UK-Security-Enterprise-1920px.png 05 Dec 2024 United Kingdom Thales has been approved as a silver support partner of SOC-CMM, highlighting our commitment to help organisations enhance their security operations. Through this accreditation and partnership, we’re trusted to deliver Security Operations Centre (SOC) Maturity Assessments that meet what’s widely recognised as the global standard… Type News Hide from search engines Off

Ocean Protocol

DF118 Completes and DF119 Launches

Predictoor DF118 rewards available. DF119 runs Dec 5— Dec 12th, 2024 1. Overview Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor. Data Farming Round 118 (DF118) has completed. DF119 is live today, Dec 5. It concludes on December 12th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE 
Predictoor DF118 rewards available. DF119 runs Dec 5— Dec 12th, 2024 1. Overview

Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor.

Data Farming Round 118 (DF118) has completed.

DF119 is live today, Dec 5. It concludes on December 12th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF119 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF119

Budget. Predictoor DF: 37.5K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and Predictoor

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF118 Completes and DF119 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


PingTalk

Ping Identity Named a Leader in 2024 Gartner® Magic Quadrant™ for Access Management

Ping Identity named a Leader in the 2024 Gartner Magic Quadrant for Access Management for delivering secure, scalable identity solutions.

SC Media - Identity and Access

Abuse of Cloudflare domains for phishing doubled in 2024, report says

Attackers leverage the Cloudflare Pages and Workers services to disguise and enhance their malicious sites.

Attackers leverage the Cloudflare Pages and Workers services to disguise and enhance their malicious sites.

Wednesday, 04. December 2024

Trinsic Podcast: Future of ID

Ajay Gupta - Shaping California’s mDL Program and the Future of Digital Identity

In this episode of The Future of Identity Podcast, I’m joined by Ajay Gupta, Chief Digital Transformation Officer of the California Department of Motor Vehicles, to discuss California’s groundbreaking mobile driver’s license (mDL) program. From its launch to current adoption trends and future ambitions, this episode provides a comprehensive look at how California is shaping the future of mDLs. In

In this episode of The Future of Identity Podcast, I’m joined by Ajay Gupta, Chief Digital Transformation Officer of the California Department of Motor Vehicles, to discuss California’s groundbreaking mobile driver’s license (mDL) program. From its launch to current adoption trends and future ambitions, this episode provides a comprehensive look at how California is shaping the future of mDLs.

In this episode we explore:

The adoption and growth rates of California’s mDL program, including demographic insights and usage trends. Where mDLs are being used today and the balance between Android and iOS wallet downloads. The promising potential of remote verification (online use of mDLs) and why Ajay sees it as the fastest-growing channel for adoption. Key lessons for other states, DMVs, and government agencies on engaging stakeholders and demonstrating ROI for mDL programs. Practical advice for driving adoption among businesses and other relying parties.

This episode is a must-listen for those interested in the future of digital identity, especially professionals working in government, transportation, or identity ecosystems. Whether you’re curious about the technical, policy, or adoption aspects of mDLs, there’s something here for everyone.

Enjoy the episode, and don’t forget to share it with others who would find value in this discussion!

Learn more about the CA DMV’s mDL hackathon outcomes in a free public briefing webinar on Januaty 10th. Register here.

Subscribe to our weekly newsletter for more announcements related to the future of identity at trinsic.id/podcast

Reach out to Riley (@rileyphughes) and Trinsic (@trinsic_id) on Twitter. We’d love to hear from you.


SC Media - Identity and Access

Data brokers face FTC ban for sensitive location data collection, sales

Virginia-based Gravy Analytics and its subsidiary Venntel have been accused by the FTC of leveraging consumer location details without consent, as well as peddling health information, religious views, political activities, and other data to others.

Virginia-based Gravy Analytics and its subsidiary Venntel have been accused by the FTC of leveraging consumer location details without consent, as well as peddling health information, religious views, political activities, and other data to others.


CFPB proposes increased data broker restrictions

Such a rule, which is open for public comments until March 2025, would not only mandate explicit customer authorization for the sale of data but also strengthen protections against the exploitation of collected data.

Such a rule, which is open for public comments until March 2025, would not only mandate explicit customer authorization for the sale of data but also strengthen protections against the exploitation of collected data.


Cybercrime-enabling Matrix encrypted messenger dismantled by law enforcement

Initially identified in the phone of the assassin of Dutch journalist Peter de Vries, Matrix — also known as Mactrix, X-quantum, Totalsec, and Q-safe — was later infiltrated by a joint Dutch and French investigation team, resulting in the discovery and shutdown of 40 servers leveraged by the platform to support at least 8,000 subscriber accounts.

Initially identified in the phone of the assassin of Dutch journalist Peter de Vries, Matrix — also known as Mactrix, X-quantum, Totalsec, and Q-safe — was later infiltrated by a joint Dutch and French investigation team, resulting in the discovery and shutdown of 40 servers leveraged by the platform to support at least 8,000 subscriber accounts.


Elliptic

OFAC targets Russian crypto-enabled money laundering network for facilitating sanctions evasion

The US Treasury’s Office of Foreign Assets Control (OFAC) has today issued sanctions against a number of individuals and entities connected to Russian sanctions evasion, money laundering and the funding of espionage operations. The entities targeted by today’s action are believed to be connected to a money laundering network called TGR Group. OFAC has identified crypto addresses connect

The US Treasury’s Office of Foreign Assets Control (OFAC) has today issued sanctions against a number of individuals and entities connected to Russian sanctions evasion, money laundering and the funding of espionage operations. The entities targeted by today’s action are believed to be connected to a money laundering network called TGR Group. OFAC has identified crypto addresses connected to two of these individuals, Elena Chirkinyan and Khadzi Murat Dalgatovich Magomedov. 


Datarella

Track & Trust Pilot Success

This article is the sixth and final article in a series about our probabilistic 360° supply chain tracking product, Track & Trust. Our previous articles described how the system works. […] The post Track & Trust Pilot Success appeared first on DATARELLA.

This article is the sixth and final article in a series about our probabilistic 360° supply chain tracking product, Track & Trust. Our previous articles described how the system works. Now, we dive into the results of our pilot operations. TLDR – We successfully tracked all the goods to their final delivery locations despite serious challenges!

The Track & Trust Mission in Southern Lebanon

We chose to track shipments of solar equipment for the Track & Trust Pilot. Destined for clinics and schools serving refugees in Beqaa Valley, Lebanon, these shipments were critical to the region. The area is home to over 300,000 Syrian refugees, according to UNHCR, and they all need medical care. Our partners, Aid Pioneers, Multi Aid Programs, and Al-Manhaj, collaborate to provide logistics, education, and medical care on the ground.

The clinics and schools require continuous a continuous electrical power supply. Due to Lebanon’s severe energy crisis, the public grid provides only about two hours of electricity per day, making the delivery of efficient healthcare services an immense challenge. In absence of a stable grid, most of the region’s essential services rely on generators, leaving the financial stability of operations at the whim of the ever-increasing price of diesel. Typical health clinics have thousands of dollars in monthly operating costs due to the need to purchase this fuel. To address this, Aid Pioneers is replacing diesel power systems with clean, abundant solar energy, one clinic at a time. By reliably shipping the equipment from Tripoli to Beqaa Valley, they achieve this goal with our help. Specifically the shipments we’ve tracked during the pilot contained all the equipment needed to outfit two clinics with enough solar power to cover all their needs. Aid Pioneers partner, Multi Aid Programs runs the clinics which received the solar and medical equipment we tracked.

Tracking Impact

Using Track & Trust, Aid Pioneers and their partners gained a clear view of what was happening to the parts in their shipment. As a result, they avoided extra trips, saving work and potential exposure to danger. Our team planned this deployment long before the recent conflict broke out, and our system performed well in the midst of a very difficult situation. Effective management of the challenges that arose was crucial to the success of the project.

During the shipments, ground personnel encountered outages of critical infrastructure, losing power and 4G connectivity several times. Fortunately, our Track & Trust mesh node infrastructure filled the gap, and our battery backup system enabled the system to run despite the power grid being down. The system’s design allowed it to handle such outages.

When 4G connectivity was lost, our mesh nodes cached delivery data until it could be passed between nodes. Utilizing technologies developed with our partner, Weaver Labs, we ensured the data was secure. Next, we used a satellite-enabled mesh node to post data that would have otherwise been lost via Iridium satellite uplink, developed by our partner Ororatech.

Aid Pioneers received hundreds of updates about the status of the goods from us. To ensure the integrity of the data, we cryptographically signed and anchored these updates to the ASI Alliance blockchain, making them highly trustworthy. This extra step was crucial to the project’s success. Together the result is highly trustable probabilistic 360° supply chain tracking.

Energy Independence One Clinic at a Time

Two major sets of shipments were completed under the watchful eye of Track & Trust, and a third set is currently being shipped to Lebanon. With 110 kWp of power, the solar systems make two entire clinics energy independent for the next twenty years. Additionally, we tracked a container of medical goods, which Al-Manhaj and Multi Aid Programs are using to save lives and provide medical treatment in Tripoli and the Beqaa Valley.

Track & Trust Proof of Resilience

The design of Track & Trust allows it to work in various contexts, providing resilience and probabilistic 360° supply chain tracking. Adaptable to different scenarios, our system is highly versatile. As we continue to develop and refine our system, we will meet the changing needs of our partners.

Next Steps

Following this piloting success, we will examine plans to make the system more user-friendly. Logistics organizations that could use more resilience in their field operations are also being contacted. If this series of blog posts has piqued your interest, please reach out, and we will schedule a call or demo.

<<< Previous Post

The post Track & Trust Pilot Success appeared first on DATARELLA.


Ocean Protocol

Season 8 of the Ocean Zealy Community Campaign!

We’re happy to announce Season 8 of the Ocean Zealy Community Campaign, an initiative that has brought together our vibrant community and rewarded the most active and engaged members. 💰 Reward Pool 5,000 ($FET) tokens that will be rewarded to the Top100 users in our leaderboard 🚀 📜Program Structure Season 8 of the Ocean Zealy Community Campaign will feature more engaging tasks and ac

We’re happy to announce Season 8 of the Ocean Zealy Community Campaign, an initiative that has brought together our vibrant community and rewarded the most active and engaged members.

💰 Reward Pool

5,000 ($FET) tokens that will be rewarded to the Top100 users in our leaderboard 🚀

📜Program Structure

Season 8 of the Ocean Zealy Community Campaign will feature more engaging tasks and activities, providing participants with opportunities to earn points. From onboarding tasks to Twitter engagement and content creation, there’s something for everyone to get involved in and earn points and rewards along the way.

⏰Campaign Duration: 4th of December — 30th of December 12:00 PM UTC

🤔How Can You Participate?

Follow this link to join and earn:

https://zealy.io/cw/onceaprotocol/questboard

Season 8 of the Ocean Zealy Community Campaign! was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


Dock

How Biometric-Bound Credentials Work

How can we ensure that the person presenting a credential is truly the same person who received the credential? This is a crucial question, especially when dealing with sensitive information. Our approach is to have the biometric provider issue a short-lived credential attesting to a recent biometric check whenever the

How can we ensure that the person presenting a credential is truly the same person who received the credential? This is a crucial question, especially when dealing with sensitive information. Our approach is to have the biometric provider issue a short-lived credential attesting to a recent biometric check whenever the issuer or verifier needs to confirm the physical presence of a credential holder. This biometric check credential can be used by the issuer to embed biometric-binding attributes into the primary credential of interest (the credential issued by a standard issuer, such as a bank or government authority), and then it can be used by the verifier to check that it is the same person presenting the primary credential. Let's break down the process:

Enrollment: The first step involves the user providing a biometric sample, such as a thumbprint or face scan, which the biometric provider can use to generate a biometric enrollment credential. The key advantage here is that the biometric data remains on the user's device—there's no need for the biometric provider to maintain a large, potentially vulnerable database. This credential, signed by the biometric provider, is secure and tamper-proof. Issuance: The biometric provider can use the enrollment credential from the previous step to derive a separate biometric check credential that is shared with the issuer of the primary credential. The biometric check credential does not contain the biometric data, but is evidence that the biometric provider was able to successfully check a biometric that matches a specific privacy-preserving biometric ID. The issuer embeds into the primary credential some attributes identifying the issuer of the biometric check credential and the biometric ID that was used. These are known as biometric-binding attributes. Verification: When verifying the primary credential, relying parties will also request a fresh biometric check credential. The user’s wallet will enable the biometric provider to perform a new biometric check and issue the associated credential containing the same biometric ID that was recorded in the enrollment credential. The verifier can then confirm that the biometric ID in the primary credential matches the biometric ID in the biometric check credential, proving that it is the same physical person who was issued the primary credential.

As an example, let’s look at how a bank can tie a customer identity credential to an individual’s biometric. Before issuing the credential, the bank would request that the customer shares a fresh biometric check credential. This will trigger the wallet to enroll the customer’s biometric as part of issuing the biometric check credential. The bank can then embed the biometric-binding attributes into the customer identity credential that they issue. When the customer wants to prove their identity to a verifier, the verifier can require a recent biometric check credential along with the bank-issued identity credential. This will trigger the wallet to have the biometric provider run a biometric check and issue a new biometric check credential which will then be used to confirm that the person presenting the bank identity credential is indeed the same person who originally received it.

By making the biometric provider a recognized issuer within the credentialing ecosystem, we streamline the process. All necessary integrations happen on the user's device, ensuring data security while allowing for robust biometric proofing and credential binding. This method eliminates the need for each participant in the ecosystem to integrate directly with the biometric provider, reducing complexity and cost. Additionally, the biometric provider can monetize their services as these credentials are utilized throughout the ecosystem.

You can learn more by reading our documentation on biometric-bound credentials and the biometric service provider plugin for wallets.


KuppingerCole

Feb 05, 2025: Tame the Cyber Storm: MDR to the Rescue!

Cyberattacks relentlessly target organizations of all sizes, making continuous threat detection and response essential. However, budget constraints and a shortage of skilled security professionals often leave businesses overwhelmed by alerts from disparate systems. Managed Detection and Response (MDR) solutions address this challenge by providing expert monitoring, advanced threat analysis, and rea
Cyberattacks relentlessly target organizations of all sizes, making continuous threat detection and response essential. However, budget constraints and a shortage of skilled security professionals often leave businesses overwhelmed by alerts from disparate systems. Managed Detection and Response (MDR) solutions address this challenge by providing expert monitoring, advanced threat analysis, and real-time response, effectively bridging the gap and enhancing organizational cybersecurity.

Thales Group

Like water off a duck's back… Biomimicry at Thales, episode 2

Like water off a duck's back… Biomimicry at Thales, episode 2 Language English adam.roberts Wed, 12/04/2024 - 10:22 What if we solve society's problems by looking at nature's toolbox? We continue our series with a focus on superhydrophobicity, and investigate how it can help keep optical equipment functioning in an optimum manner in the harshest condition
Like water off a duck's back… Biomimicry at Thales, episode 2 Language English adam.roberts Wed, 12/04/2024 - 10:22

What if we solve society's problems by looking at nature's toolbox? We continue our series with a focus on superhydrophobicity, and investigate how it can help keep optical equipment functioning in an optimum manner in the harshest conditions.

What is superhydrophobicity?

© Thales

“Picture a lotus leaf” encourages Julie Cholet, Research Engineer at Thales. “When water lands on the surface it adopts a spherical configuration and is repelled. This is superhydrophobicity. For an object like a lotus leaf, it enables the surface to minimise its contact with water.”

This property is widely seen in nature, where certain plants and animals have evolved to repel water for survival. This so called "lotus effect" refers to the leaf's ability to self-clean due to its ultra-water-repellent surface. When a water droplet lands on the leaf, it simply beads up and rolls off, carrying dirt and debris with it—much like how wax resists water. This ability to reject water is not just limited to the lotus; many plants have evolved similar strategies to protect themselves from excess water, dirt, and pathogens, each with its unique biological purpose.

“Almost all plants and animals are hydrophobic because no living organism wants to get completely soaked,” points out Edwin Plokker, Curator at Museumfabriek (“Museum factory”), a natural history museum in Enschede in the Netherlands. “In the animal kingdom, superhydrophobicity is crucial to improve the chances of survival.”

 

Many animals, particularly insects, amphibians, and aquatic species, have developed ways to repel water. For example, water striders use superhydrophobic legs to "walk" on water, and certain frogs have water-resistant skin to prevent drowning. Birds, like penguins, have tightly packed feathers coated with oils that create a superhydrophobic surface, allowing them to stay dry in freezing waters and maintain their body heat.

Replicating natural phenomena

Such properties have inspired researchers at Thales to study how to replicate these natural phenomena. At the Group’s Research & Technology centre in Palaiseau, just south of Paris, Julie Cholet and her team focus on multifunctional surfaces that combine superhydrophobic properties with other functionalities, such as antireflective surfaces, inspired by insects like the Greta oto butterfly, which has transparent wings that naturally minimise reflection and glare.

© Thales

“We take this inspiration into our clean rooms where we study micro- and nanofabrications. The possible uses for such surfaces are very wide, particularly in optical systems used in vehicles,” explains Julie Cholet. “For these Thales systems, often featuring high-performance video cameras, it offers a durable solution because you don’t need maintenance.”

Through these naturally inspired advances, the team aims to enhance performance, durability, and safety. One example where these technologies have been tested is the Gatekeeper, an electro-optic security system with cameras that need to provide ships with a continuous 360° panoramic visual overview in harsh environmental conditions. Having high-performance, durable surfaces that can withstand extreme humidity while maintaining optimal functionality can provide a key operational advantage.

“Nature developed these properties through evolution,” points out Julie. “Our research in superhydrophobicity goes back a decade, but we are already seeing great results – and it’s only just the beginning!”
 

/sites/default/files/database/assets/images/2024-12/BM_tgc_header.jpg 05 Dec 2024 Innovation What if we solve society's problems by looking at nature's toolbox? We continue our series with a focus on superhydrophobicity, and investigate how it can help keep optical equipment functioning in an optimum manner in the harshest conditions. Type News Hide from search engines Off

PingTalk

Virtual Versus Centralized LDAP Directories

Consolidating data into a central directory is a part the overall ICAM strategy, simplifying the directory removes failure points in complex architectures.

This is an old debate that has been discussed in directory circles for many years. To virtualize or not to virtualize.

 

Virtualization continues to have challenges. Directories and databases continue to increase in complexity and diversity. As the cost of owning a virtual directory has increased so has the required features to compensate for the complexity and diversity. 

Tuesday, 03. December 2024

KuppingerCole

Hack Smarter not Harder - AI Workflow for Red Teaming




Panel: Can you beat the AI? Find out where AI is better and when experts are better




Cyber Threats Amplified: AI-Driven Attacks and Emerging Trends




Future-Proofing Cloud Security – from CSPM to AISPM




Managed Detection & Response: Leadership Compass Panel




Managed Detection & Response: Leadership Compass




Managing Cyber Defense at Scale – Experiences from Establishing a Cyber Defense Center

Cyber Defense is one of the most crucial controls to counteract the ever-increasing cyber threat.  In a large scale, historically grown multinational, a coherently managed Cyber Defense Center may provide the means to survive successfully launched attacks by cyber-criminals from around the globe. In this talk, Lukas presents experiences gained from establishing a modern, efficient, and effe

Cyber Defense is one of the most crucial controls to counteract the ever-increasing cyber threat.  In a large scale, historically grown multinational, a coherently managed Cyber Defense Center may provide the means to survive successfully launched attacks by cyber-criminals from around the globe.

In this talk, Lukas presents experiences gained from establishing a modern, efficient, and effective Cyber Defense Center at Migros, one of the largest retailers based in Switzerland.  He reports on the importance of close collaboration among the Cyber Defense Center and the other disciplines of the CISO function.  Furthermore, he elaborates on the need of continuously improving the capabilities of a Cyber Defense Center to keep track with those developed by leading cyber-criminals.

 




Hacking Uber, Okta and Las Vegas Casinos: What GenZ-Hacking Groups like Lapsus$ and Scattered Spider teach us about the state of Cybersecurity.




Anonym

Beware AI-Generated Deepfake Texts, Emails and Websites This Holiday Season

If a deal looks too good to be true, it probably is. Scroll on, or be very cautious if you decide to click. That’s the warning coming from just about everywhere as the 2024 holiday season ramps up. McAfee’s 2024 Global Holiday Shopping Scams Study pinpoints AI-generated deepfake texts, emails and web sites promoting fake […] The post Beware AI-Generated Deepfake Texts, Emails and Websites This H

If a deal looks too good to be true, it probably is. Scroll on, or be very cautious if you decide to click. That’s the warning coming from just about everywhere as the 2024 holiday season ramps up.

McAfee’s 2024 Global Holiday Shopping Scams Study pinpoints AI-generated deepfake texts, emails and web sites promoting fake products, deals and giveaways as the main concern for holiday shoppers this year, with 70 per cent of American shoppers saying AI-driven scams are changing the way they shop online, and 59 per cent saying they’re more concerned by scams this year than they were last year.

Deepfake technology uses AI to create fabricated content such as video or photo impersonations, fake or cloned voices, images, or email. It makes content look like the real thing, within the proper context, and sounds or reads like a legitimate message. Behind the fake site or message is a bad actor waiting to pounce.

Forbes and other outlets recently warned the billions of users of the most popular web browsers Chrome, Chrome, Safari, Edge and Firefox about bad actors who had infected 1,000+ web sites to create and promote fake product listings that landed high in search listings and were backed by 121 fake web stores. Estimated losses ran into the tens of millions over the past five years, and affected hundreds of thousands of consumers—and that was just from one scam campaign under investigation.

Leading into the holiday season and massive sales days like Black Friday, Barclays is warning shoppers not to be lax about scam checking, particularly those that come via email—the most reported type of shopping scam. Barclays is urging customers to check email alerts of sales that claim to be from a legitimate retailer like Amazon or Costco advertising their Black Friday deals before making a purchase.

In fact, being hypervigilant about checking the authenticity of holiday sales messages and emails and the URLs they point you to, is key to beating the scammers.

Here’s our best advice:

Be suspicious of messages with: Unsolicited offers or deals that seem too good to be true Poor grammar or odd phrasing (but don’t rely on this being the case, as scammers and their AI-generated solicitations are getting more sophisticated) A sense of urgency, such as “limited time offers” or “act now or miss out” messages Links to unfamiliar websites. Use secure payment methods

Use only reputable payment systems like credit cards or PayPal, which offer buyer protection. Avoid wire transfers or sending money via gift cards. Or use a MySudo virtual card.

Before purchasing, look for reviews of the online store or product you’re interested in

But remember: AI-generated fake reviews are now commonplace, so be cautious if the reviews seem overly positive or generic.

Be alert to fake holiday giveaways and contests, and fake social media profiles

Giveaways and contests that ask for personal information or require you to click a link are almost certainly scams. Always check the authenticity of any giveaway and don’t share your personal information unless you’re sure it’s with a legitimate source.

Scammers use AI to create fake social media profiles that look like real people, offering fake promotions or asking for donations. Look for verification badges or use reverse image search to confirm the person or brand is legitimate.

Be careful of pop-ups and banner ads that offer discounts, prizes or exclusive deals

Understand that these could redirect you to fake websites or lead to malware downloads.

Only click on links from trusted sources

If you see a link in an email or message that seems too good to be true, manually type the URL into your browser. Or, if it’s a merchant you have used before, use your bookmark for the site if you have one.

Use multi-factor authentication (MFA)

Adding an extra layer of security to your accounts on shopping sites, email accounts, and banks, can protect you from scams that want your login credentials. Don’t share or reuse passwords across different sites, especially for sensitive accounts.

Warn family and friends

Tell your people about the risks of AI-driven scams, especially older adults who may be less tech-savvy. You can also avoid deepfake scams involving loved ones, particularly the common grandparent scam, by using MySudo:

1. Set up a Sudo and assign it a phone number that you only ever give out to your closest family and friends.

2. Be diligent about only giving out the number to your loved ones so that you build and protect a trusted communication channel with your inner circle.

3. Tell your loved ones they can trust the safe Sudo number. If that number rings, the call recipient will know it’s a legitimate communication and it’s you on the end of the phone line. If you’ve been diligent in protecting your safe Sudo number, it is very unlikely a criminal would have it.

4. Invite your family and friends to use MySudo and use the app’s handle-based end-to-end encrypted calling to communicate with each other.

Share scam alerts, and follow organizations like the Federal Trade Commission (FTC) and Better Business Bureau (BBB) to learn about and report scams.

Check the website’s URL

Always double check the website’s URL starts with “https://” and includes a secure padlock symbol in the address bar. Learn more.

Keep software updated

Regularly update your devices, browsers, and security software to protect against known vulnerabilities.

Keep up with AI trends

Get familiar with common AI scam tactics so you can spot them early and easily.

Fight AI with AI

Some antivirus and security software now includes AI-powered features that help detect phishing attempts, malicious links, and other scam activities. Use these tools for added protection.

Use MySudo to set up a dedicated shopping email and phone number for buying online year-round, but particularly during holidays Set up a dedicated shopping Sudo: Name your Sudo. This is the name you want to go by when using this Sudo. It might be your own name or a nickname. Add a purpose. Call it Shopping Sudo or something else you’ll remember. Confirm the email address that displays during Sudo set-up. Add a phone number. Supercharge your privacy by adding a virtual card. Virtual cards are secure stand-ins for your actual cards or bank accounts and protect your personal information and your money. Use your Shopping Sudo’s details instead of your personal details for all your shopping-related activities: Use your Sudo email to open store accounts and sign up for deals and discounts. Use the private browser in your Sudo to find the perfect product or search for sensitive purchases. The browser is ad and tracker free and keeps your browsing history, bookmarks and tabs all within the relevant Sudo. Once you’ve found a great deal, check out and pay for it with your virtual card. A virtual card doesn’t reveal any of your personal information when you make purchases. You might use your Sudo phone and email at the checkout, too. If your parcel gets lost or you need to contact customer service about any other issue, use the phone number or email for that too. Use MySudo Browser Extension to autofill your Sudo details directly into shopping carts and online forms.

MySudo Browser Extension lets you sync MySudo on your mobile device with your web browser on your desktop so you can use your Sudos without having to go into the app on your mobile device and manually copy them across.

This makes opening an account or buying online faster, easier and more secure. Simply put the cursor into a form field, click on the MySudo icon and fill all the available fields that MySudo can autofill or open the browser extension pinned to your browser toolbar and copy/paste directly from there.

Your desktop will stay in sync with the Sudos in your mobile device. So, if you create a new Sudo or modify an existing Sudo, it will automatically update over on your desktop.

Start using MySudo

Use RECLAIM to find out which companies have your personal information

RECLAIM, powered by MySudo, is a digital identity footprint management tool that helps you reclaim control of your personal information from the companies that store and might sell it. 

RECLAIM tells you which companies hold your personal information and where your information might have been caught in a data breach. It then gives you step-by-step instructions for protecting your information going forward, either by using Sudos in MySudo or asking the company to delete your personal information altogether. Start using RECLAIM.   

Report fraud and other scams to the FTC at ReportFraud@ftc.gov

Read about 12 more holiday scams to be aware of this holiday season.

Stay safe, and happy holidays!

The post Beware AI-Generated Deepfake Texts, Emails and Websites This Holiday Season appeared first on Anonyome Labs.


SC Media - Identity and Access

Fireblocks, Google Cloud partner to enhance digital asset security

The integration combines Fireblocks’ platform functionalities with Google’s advanced security tools, including attestation services, identity and access management, and key management services.

The integration combines Fireblocks’ platform functionalities with Google’s advanced security tools, including attestation services, identity and access management, and key management services.


KuppingerCole

Cloud Security Posture Management (CSPM)

by Mike Small CSPM solutions provide a way to continuously identify the risks related to the use of cloud services for which the cloud customer is responsible. They offer capabilities to assess these risks against common regulatory obligations, security frameworks, and organizational policies. They automate the discovery and reporting of these risks as well as supporting appropriate corrective act

by Mike Small

CSPM solutions provide a way to continuously identify the risks related to the use of cloud services for which the cloud customer is responsible. They offer capabilities to assess these risks against common regulatory obligations, security frameworks, and organizational policies. They automate the discovery and reporting of these risks as well as supporting appropriate corrective action. An important trend, which these solutions must evolve to cover and exploit, is the use of Machine Learning (ML), Deep Learning (DL), and Generative Artificial Intelligence (AI). Use our buyer's guide to help you find the solution that is right for you.

eXtended Detection and Response (XDR)

by John Tolbert This report provides an overview of the eXtended Detection & Response (XDR) market and a compass to help you find a solution that best meets your needs. It examines solutions that provide comprehensive observability and remediation capabilities across both endpoints and networks, including cloud environments. The report evaluates the capabilities of these solutions to meet the

by John Tolbert

This report provides an overview of the eXtended Detection & Response (XDR) market and a compass to help you find a solution that best meets your needs. It examines solutions that provide comprehensive observability and remediation capabilities across both endpoints and networks, including cloud environments. The report evaluates the capabilities of these solutions to meet the needs of all organizations to monitor, assess, and manage these risks.

Thales Group

Thales Unveils Data Risk Intelligence to Redefine Data Risk Visibility and Proactive Risk Mitigation

Thales Unveils Data Risk Intelligence to Redefine Data Risk Visibility and Proactive Risk Mitigation prezly Tue, 12/03/2024 - 09:00 Data Risk Intelligence combines posture and behaviour-based data risk indicators to proactively identify and mitigate risks to sensitive data First solution uniting the data security capabilities from the Imperva Data Security Fabric and Thales Ciph
Thales Unveils Data Risk Intelligence to Redefine Data Risk Visibility and Proactive Risk Mitigation prezly Tue, 12/03/2024 - 09:00 Data Risk Intelligence combines posture and behaviour-based data risk indicators to proactively identify and mitigate risks to sensitive data First solution uniting the data security capabilities from the Imperva Data Security Fabric and Thales CipherTrust Data Security Platforms to provide highly confident data risk prioritisation with clear corrective actions for CIOs, CISOs, and data risk specialists
Click to watch our video presentation
​@Thales

Thales today announced the launch of Data Risk Intelligence, a groundbreaking Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric with the data protection capabilities of the Thales CipherTrust Data Security Platform, following Thales’s strategic acquisition of Imperva in December 2023.

In today’s modern digital landscape, organisations face challenges in managing security across an ever-growing attack surface while maintaining compliance with regulatory standards. With data and operations spread across cloud, on-premises and hybrid systems, security teams require constant, comprehensive visibility into where their data is, the types of data they have, and the potential risks to that data. In fact, according to the 2024 Thales Data Threat Report, 93% of enterprises reported an increase in threats compared to the previous year.

Empowering Security Teams and SOCs with Enhanced Visibility and Control

The combined intelligence and contextual insights from Data Risk Intelligence provide a unified visibility of risks to critical data with a unique view of the strength of encryption for data across an organisation’s entire data estate. With this enhanced visibility, Data Risk Intelligence empowers CIOs, CISOs, and data risk specialists to accurately identify the most critical data that are at risk by severity and likelihood, enabling them to effectively prioritise risk mitigation with clear recommendations for corrective action.

Data Risk Intelligence delivers a highly confident risk score and clear recommendations for corrective action that are based on a wide-ranging set of data risk indicators through advanced analytics, built upon user permissions, data source vulnerabilities, use of encryption following NIST standards, monitoring of suspicious activities, and other customisable inputs.

Todd Moore, Vice President, Data Security products at Thales: “The ability to view data risk in key dimensions across organisational risk, asset risk, and regulatory risk in one place is extremely impactful. Data Risk Intelligence is the first of many integrations between the Thales and Imperva platforms that empower our customers to protect their data and all the paths to it. ​ Through our combined platforms, Thales has all ​ the tools to help our customers understand their data security risks and provide a clear set of actions to mitigate these risks.”

“The risks to enterprise data are multi-dimensional and organisations are struggling to address the volume and breadth of these risks while still maintaining optimal business operations,” said Jennifer Glenn, Research Director, Data and Information Security at IDC Security and Trust Group. “Centralising data risk visibility and management offers valuable context about the data – and its vulnerabilities – enabling organisations to prioritise protection where it’s needed most.”

Key Benefits of Data Risk Intelligence:

Enhanced Risk Prioritisation: Combines risk-related intelligence from Data Security Fabric and CipherTrust Data Security Platform to deliver precise risk scores that drive confident decisions. Comprehensive Visibility: Provides a unified view of data risks across the entire data estate, reducing complexity, delivering risk indicators, and recommending protective measures. Customisable Risk Indicators: Allows organisations to tailor risk indicators to their specific environment, highlighting the most critical threats. Encryption Integration: Leverages the encryption capabilities of the CipherTrust Data Security Platform to ensure data protection at all levels. Advanced Analytics: Utilises posture-based and machine-learning behavioural risk indicators to identify and prioritise the highest-risk data.

DSF Data Risk Intelligence is available to customers who have a current Data Security Fabric Data 360 license.

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies specialized in three business domains: Defence & Security, Aeronautics & Space, and Cyber & Digital.

It develops products and solutions that help make the world safer, greener and more inclusive.

The Group invests close to €4 billion a year in Research & Development, particularly in key innovation areas such as AI, cybersecurity, quantum technologies, cloud technologies and 6G.

Thales has close to 81,000 employees in 68 countries. In 2023, the Group generated sales of €18.4 billion.

/sites/default/files/prezly/images/Visuel%202.png Documents [Prezly] PR_Thales Unveils Data Risk Intelligence to redifine Data Risk Visibility ans proactive risk mitigation.pdf Contacts Cédric Leurquin 03 Dec 2024 Type Press release Structure Digital Identity and Security Thales today announced the launch of Data Risk Intelligence, a groundbreaking Imperva Data Security Fabric (DSF) solution that proactively addresses the risks to data wherever it resides. This is the first solution uniting the risk and threat identification capabilities of the Imperva Data Security Fabric with the data protection capabilities of the Thales CipherTrust Data Security Platform, following Thales’s strategic acquisition of Imperva in December 2023. prezly_709362_thumbnail.jpg Hide from search engines Off Prezly ID 709362 Prezly UUID 520e5324-e785-4899-bb8b-4009160a40a9 Prezly url https://thales-group.prezly.com/thales-unveils-data-risk-intelligence-to-redefine-data-risk-visibility-and-proactive-risk-mitigation-o2l1fa Tue, 12/03/2024 - 10:00 Don’t overwrite with Prezly data Off

KuppingerCole

CISO Agenda 2025: Preparing for a World in a State of Uncertainty - The 10 Most Relevant Topics for CISOs in 2025

by Martin Kuppinger The CISO Agenda 2025 report outlines the critical priorities and strategic initiatives for cybersecurity leaders navigating an evolving threat landscape. As organizations embrace digital transformation, expand cloud adoption, and contend with sophisticated threats, CISOs must address challenges like identity security, AI governance, supply chain risks, and Zero Trust adoption.

by Martin Kuppinger

The CISO Agenda 2025 report outlines the critical priorities and strategic initiatives for cybersecurity leaders navigating an evolving threat landscape. As organizations embrace digital transformation, expand cloud adoption, and contend with sophisticated threats, CISOs must address challenges like identity security, AI governance, supply chain risks, and Zero Trust adoption. This report provides actionable insights to strengthen resilience, optimize tools, and prepare for emerging technologies like quantum-safe encryption and generative AI. With a focus on proactive strategies and unified frameworks, the CISO Agenda 2025 equips cybersecurity leaders to enhance protection, ensure compliance, and align security efforts with broader business objectives.

BlueSky

Altmetric Is Now Tracking Bluesky Mentions!

Now, scientists and researchers can more easily track conversation around their research.

Ever since Bluesky was first launched as a beta app in 2023, scientists and researchers have been an early and core community. We’re excited to share that Altmetric is now tracking mentions of your research on Bluesky.

This makes it easy for you to track where the conversation around your research is happening, especially as Bluesky’s community has grown by over 10 million users in the last month.

To learn more about Bluesky as an Altmetric data source, read Altmetric’s blog here. Login to Altmetric to start tracking your research mentions here.

Bluesky's Open Network

Bluesky's open developer API makes it possible to easily find all mentions of your research on the network. Unlike other closed social platforms that lock users in and lock developers out, Bluesky is an open social network by design.

You can find Bluesky’s developer documentation at docs.bsky.app — we’re excited to see what you build!

Monday, 02. December 2024

KuppingerCole

Hacked! 72 hours of a CISO's nightmare




AI in Cybersecurity - Between Myth and Reality




Why the EU AI Act will not Protect us from Cybercrime - and What Needs to be Done Instead

 

 




SaaS Security - The Forgotten Element?




From Ransomware to Red Teams: Insights from the Front Lines of Cybersecurity




New Paradigms for the Next Era of Security and AI

The AI landscape is changing quickly, making it difficult to anticipate where the technology is going and where we might see new risks. Despite this uncertainty, AI advances are hitting the enterprise at a rapid pace and businesses are pressing forward to incorporate AI capabilities into many facets of their operations. Using various mental models, we can get a clearer understanding of what t

The AI landscape is changing quickly, making it difficult to anticipate where the technology is going and where we might see new risks. Despite this uncertainty, AI advances are hitting the enterprise at a rapid pace and businesses are pressing forward to incorporate AI capabilities into many facets of their operations. Using various mental models, we can get a clearer understanding of what to expect in the next stages of the AI revolution and start building governance processes and security capabilities to get ahead of potential challenges.




Navigating Cyber-Incidents when Traditional Comms Fail

A Tabletop Exercise Designed to identify communications gaps impacting on NIS2 and DORA compliance.

A Tabletop Exercise Designed to identify communications gaps impacting on NIS2 and DORA compliance.




Welcome Note by the Hessian Ministry of the Interior, for Security and Homeland Defence




PANEL: Elevating the Role of Security for the Board

This discussion will focus on how cybersecurity is integrated into corporate governance frameworks and the practical challenges of doing so. This dynamic Trio will share insights on their expectations of cybersecurity teams, underscoring the need for professionals who possess not only cutting-edge technical skills but also a deep understanding of business demands and regulatory environments. Thi

This discussion will focus on how cybersecurity is integrated into corporate governance frameworks and the practical challenges of doing so. This dynamic Trio will share insights on their expectations of cybersecurity teams, underscoring the need for professionals who possess not only cutting-edge technical skills but also a deep understanding of business demands and regulatory environments.

This session is indispensable for cybersecurity professionals at all levels aiming to align security strategies with broader business goals and regulatory frameworks. Attendees will leave equipped with the knowledge to implement cybersecurity as a core element of business strategy, ensuring their organizations are well-positioned to manage current and future digital threats.




Hacking Gamification – Learning Hacker Techniques




Hacked! 72 hours of a CISO's nightmare

If you take a look at the media on the topic of security, this is often limited to two aspects: cybersecurity, including vulnerabilities in systems, and the security service in personal protection. But behind the concept of security, we subsume topics that go far beyond – for example, geopolitical influences, changes in the labour market, or new technologies. So let’s have a look together at the c

If you take a look at the media on the topic of security, this is often limited to two aspects: cybersecurity, including vulnerabilities in systems, and the security service in personal protection. But behind the concept of security, we subsume topics that go far beyond – for example, geopolitical influences, changes in the labour market, or new technologies. So let’s have a look together at the challenges of today and find out what we should have in mind when it comes to security!




Countering Cybercrime – Together against Cybercriminals




CISO Agenda 2025: Preparing for a World in a State of Uncertainty

None of the past years has been easy from the perspective of cybersecurity. There are no indicators that it will become easier in 2025. Navigating between budget challenges, modernization needs, emerging technologies, ever-stricter regulations, and ever-increasing cyberattacks, combined with geopolitical uncertainty, makes the job of CISOs a bigger task than ever. In their talk, Berthold Kerl, CEO

None of the past years has been easy from the perspective of cybersecurity. There are no indicators that it will become easier in 2025. Navigating between budget challenges, modernization needs, emerging technologies, ever-stricter regulations, and ever-increasing cyberattacks, combined with geopolitical uncertainty, makes the job of CISOs a bigger task than ever. In their talk, Berthold Kerl, CEO of KuppingerCole Analysts, and Martin Kuppinger, Co-Founder and Principal Analyst at KuppingerCole Analysts, will share their perspectives on what CISOs should focus on. It will not just be a list of hot topics, but they will deliver an approach that starts with the state of cybersecurity and identity security and then maps recommended actions.




IdRamp

Secure Your Service Desk: ServiceNow CLEAR Identity Verification

IdRamp partners with ServiceNow and CLEAR to deliver frictionless identity verification (IDV) for your service desk workflows, strengthening security while maintaining a seamless user experience. The post Secure Your Service Desk: ServiceNow CLEAR Identity Verification first appeared on Identity Verification Orchestration.

IdRamp partners with ServiceNow and CLEAR to deliver frictionless identity verification (IDV) for your service desk workflows, strengthening security while maintaining a seamless user experience.

The post Secure Your Service Desk: ServiceNow CLEAR Identity Verification first appeared on Identity Verification Orchestration.

SC Media - Identity and Access

Microsoft 365 credentials stolen via adversary-in-the-middle campaign

Threat actor uses leveraging the Rockstar 2FA phishing-as-a-service and bypasses MFA.

Threat actor uses leveraging the Rockstar 2FA phishing-as-a-service and bypasses MFA.


UbiSecure

IDS 2024.2, OAuth 2.0 flow improvements and patches for Tomcat & Red Hat

In the second release of 2024 we have improved OAuth 2.0 flow support to include URL encoded client credentials, made numerous improvements... The post IDS 2024.2, OAuth 2.0 flow improvements and patches for Tomcat & Red Hat appeared first on Ubisecure Digital Identity Management.

In the second release of 2024 we have improved OAuth 2.0 flow support to include URL encoded client credentials, made numerous improvements and corrections. Often the key element of any update is security. Within IDS 2024.2 release we’ve made available the very latest Tomcat patch as well as tested support for RedHat 8 and 9. We would like to point out that Redhat 7 / Centos 7 is no longer being supported by the open-source community, therefore support of this operating system has been removed from our System Recommendations pages. 

For our long-standing customers, we are working to release updates to a number of SSO service modules.  These are external elements which ease configuration or use of SSO within Identity Platform. Our IDaaS service naturally receives these updates as they are available, however, if you have a premises-based installation, we would ask you to open a Service Desk ticket to request the updated code for these external to SSO modules. We would also like to point out that the modules have only been tested on SSO 9.5.0 found within this IDS 2024.2 release of Identity Platform, so would encourage you to update your Identity Platform prior to updating the modules. If you have any questions, Operations is happy to help.  

As with all software, Ubisecure would like to encourage you to upgrade your Identity Platform in a timely manner. Please contact your Integration Partner or Ubisecure Account Representative with any questions. Ubisecure encourages all customers to review and schedule service upgrade to this latest release. Bringing system flexibility, security, and new features to ensure the best user experience possible for your businesses is our goal. 

For full details over the IDS 2024.2 release, please review the Release Notes and System Recommendations pages found on our Developer Portal. 

The post IDS 2024.2, OAuth 2.0 flow improvements and patches for Tomcat & Red Hat appeared first on Ubisecure Digital Identity Management.


Spherical Cow Consulting

The Importance of Early Engagement in Standards

The post discusses the critical role of standards development in shaping modern technology and emphasizes the importance of early organizational engagement. Referencing an NSA/CISA report, it argues that participating in standards not only offers organizations influence and insights into technological trends but also drives innovation and ensures representation of their needs. The writer encourage

I’ve been meaning to write a response to the report that came out this summer from the National Security Agency on standards development. With many of my clients taking a break for turkey and pie, I’m finally catching up on some writing. Let’s talk standards!

Standards development isn’t just an abstract exercise for senior engineers or academic theorists. It’s the foundation upon which modern technology is built and evolves, influencing everything from cybersecurity frameworks to consumer electronics. Every time you use the Internet, you’re benefiting from the collective brainpower that built the capabilities to get you there. A recent report from the NSA and CISA, “Recommendations for Increasing U.S. Participation & Leadership in Standards Development“, underscores the importance of standards development and provides a roadmap for bolstering U.S. involvement in shaping the future of critical technologies.

I’ll be honest: I’m not as anxious about U.S. leadership in the standards space, though I agree that the U.S. has, as a nation, lost some of its influence. That said, I think the content of this article applies to every single organization out there that relies on the Internet to conduct business. If you want to influence the digital world, you have to participate in defining how that world works.

Why Standards Matter to Organizations

Organizations (by which I mean companies, governments, educational institutions, etc etc etc) that participate in standards development often find themselves in a position of influence. They drive innovation while ensuring their needs and perspectives are addressed. Standards participation provides a direct channel to discuss regulatory challenges, improve interoperability, and gain early insights into technological trends. Despite these benefits, many organizations hesitate to get involved, perceiving the process as costly, time-consuming, or overly complex. OK, granted, they aren’t entirely wrong in that perception, but I think the benefits outweigh the costs.

From my experience working with standards bodies and related NGOs since 2010, it’s clear that active participation is the key to meaningful impact. The organizations that dedicate time and resources to this effort are the ones that shape the dialogue, influence regulations, and, ultimately, improve the functionality of the Internet and related technologies.

Early Engagement: A Competitive Advantage

One point from the NSA/CISA report that I keep coming back to is the emphasis on early engagement in standards development. Getting involved early in emerging technologies lets organizations take the lead, shaping standards to fit their goals. Whether it’s contributing to the development of cryptographic standards to counter the looming quantum threat or collaborating on protocols to enhance digital identity, early involvement ensures organizations are not just reacting to changes but actively shaping them.

The Consequences of Sitting on the Sidelines

The report highlights a harsh reality: failing to engage early risks allowing other players—potentially with competing interests—to dominate the conversation. This isn’t just a hypothetical concern; history is full of examples where delayed participation led to standards that didn’t account for the needs of key stakeholders, creating hurdles for businesses and end-users alike. (I’m going to point to RFC 8471, “The Token Binding Protocol” as one example some of my readers will be familiar with. That specification was pretty much abandoned because it didn’t meet the need.)

A particularly compelling example lies in the realm of cybersecurity. Standards for multi-factor authentication and passwordless systems, for instance, have been driven by those actively participating in groups like the FIDO Alliance. Organizations that joined these efforts early have seen the benefits of enhanced security measures that align with their operational realities.

The Role of Academia and Workforce Development

The report also rightly emphasizes the importance of fostering a standards-savvy workforce. Academic institutions should play a critical role here, but they can’t do it alone. Organizations must invest in training their employees, encouraging mentorship, and prioritizing standards participation as part of professional development. This investment isn’t just about building internal expertise—it’s about ensuring the longevity and relevance of the organization in a rapidly evolving technological landscape.

A Call to Action

If you’re wondering whether your organization should get involved, my answer is absolutely yes. The barriers to entry in standards development may seem high, but the rewards are higher. By participating, you gain influence, credibility, and a seat at the table where decisions that shape the future of technology are made. If you need advice on how to get there from here, reach out. The working group chairs of whatever space you’re interested are eager to help (ask me how I know!)

It’s not just about staying competitive; it’s about leading the way. Whether you’re in cybersecurity, telecom, or any field where innovation and interoperability matter, your voice can make a difference. Let’s make sure it’s heard!

And of course, I can help in other ways, though I’ll be the first to say you can do this on your own! I can, however, make your learning and engagement more efficient. Reach out if you want to learn more about navigating this process or need support with standards development. With my experience across various SDOs, I’m here to help guide you through the complexities of Internet standards development.

The post The Importance of Early Engagement in Standards appeared first on Spherical Cow Consulting.


Finema

This Month in Digital Identity — December Edition

This Month in Digital Identity — December Edition Welcome to the December edition of our monthly digital identity series! This month, we explore how digital identity technology is safeguarding academic integrity, ensuring the credibility of research in an era of rising identity fraud. Dive into the GAO’s call for robust civil rights protections as federal agencies increasingly rely on AI and
This Month in Digital Identity — December Edition

Welcome to the December edition of our monthly digital identity series! This month, we explore how digital identity technology is safeguarding academic integrity, ensuring the credibility of research in an era of rising identity fraud. Dive into the GAO’s call for robust civil rights protections as federal agencies increasingly rely on AI and facial recognition. Discover the transformative potential of Digital Travel Credentials and decentralized identity in revolutionizing international travel. Lastly, we’ll examine the urgent need for unified frameworks to align emerging technologies with civil liberties.

Here’s a closer look at what you’ll find in this month’s insights:

Protecting Academic Integrity with Digital Identity Technology

The scholarly publishing industry is grappling with an alarming rise in identity fraud and unethical practices like paper mills and author impersonation, undermining trust in academic research. To counteract these challenges, STM Solutions has unveiled a comprehensive report titled “Trusted Identity in Academic Publishing: The Central Role of Digital Identity in Research Integrity.” Developed in collaboration with a Researcher Identity Task and Finish Group, this initiative aims to provide practical guidelines for the effective use of digital identity technology.

The report calls for stronger identity verification mechanisms while respecting inclusivity and privacy. It emphasizes how digital identity solutions can authenticate researchers while maintaining their autonomy, thus preserving the credibility of academic contributions. A crucial aspect of this framework is its scalability, which accommodates the diverse range of research disciplines and global contexts without being intrusive.

This strategic document also advocates an industry-wide approach, urging publishers, institutions, and researchers to unite for seamless integration of identity verification systems. By doing so, the academic community can address fraud more effectively, sustain open collaboration, and enhance trust in published findings.

GAO Highlights Need for Civil Rights Protections Amid Federal Data Use

As federal agencies increasingly rely on advanced technologies like artificial intelligence (AI) and facial recognition, the U.S. Government Accountability Office (GAO) has raised concerns about their impact on civil rights. Despite the growing adoption of these tools, a recent GAO report reveals that existing federal guidelines fall short in protecting against biases, inequities, and potential abuses of personal data.

While some agencies, such as Homeland Security, have begun creating frameworks to address ethical concerns, the overall response remains fragmented. For instance, the Privacy Act of 1974 governs data handling but does not encompass safeguards for emerging technologies. This leaves significant gaps in accountability, allowing for inadvertent discrimination and systemic inequities.

GAO recommends that Congress establish robust, government-wide civil rights guidelines tailored to emerging technologies. These should include privacy safeguards, risk assessments, and ethical oversight to prevent misuse. Furthermore, the report stresses the importance of bridging workforce skills gaps by investing in specialized training, enabling public agencies to navigate the complexities of these evolving tools.

This call to action underscores a need for comprehensive policy reform, ensuring that technological advancements align with societal values and protect citizens’ fundamental rights.

Revolutionizing International Travel: Digital Identity Innovation

Imagine arriving at your tropical destination just 30 minutes after stepping off the plane. This seamless travel experience is now a reality, thanks to a groundbreaking trial conducted by SITA, Indicio, and Delta Air Lines, in collaboration with Aruba’s government. Using Digital Travel Credentials (DTC) and IATA’s OneID, the initiative has redefined how travelers journey from Atlanta to Aruba.

The process begins with the DTC, a cryptographically secure digital version of a passport, allowing travelers to preauthorize their journey. At Hartsfield-Jackson Airport in Atlanta, IATA’s OneID streamlines check-ins, baggage handling, and boarding processes. Upon landing in Aruba, passengers cross the border within seconds, holding the data required for verification securely on their mobile devices.

The initiative demonstrates the potential of decentralized digital identity technology, merging efficiency, security, and privacy. By combining the DTC and OneID workflows, travelers experienced reduced wait times and an overall enhanced travel experience. This innovation highlights a significant leap toward a unified, interoperable digital travel system.

The success of this trial is more than a technological milestone—it is a glimpse into the future of international travel. During the IATA World Passenger Symposium in Bangkok, SITA’s Michael Zureik will present the findings, signaling a major shift toward global adoption of decentralized identity solutions.

Emerging Technologies and the Call for Unified Civil Liberties Frameworks

The U.S. Government Accountability Office (GAO) has identified alarming gaps in the way federal agencies handle civil rights issues associated with emerging technologies. AI and facial recognition tools, while enabling efficiencies, have also amplified biases and raised concerns about discriminatory practices. Existing laws, such as the Privacy Act of 1974, focus on privacy but fail to address the civil liberties challenges posed by modern tools.

GAO’s analysis of 24 federal agencies revealed inconsistent approaches to mitigating these risks. While some, such as the Department of Homeland Security, have developed initial risk assessment tools, these efforts lack uniformity and coordination across agencies. Moreover, workforce shortages and outdated regulatory frameworks hinder the effective adoption of ethical practices.

To close these gaps, GAO urges Congress to create a government-wide framework addressing ethical data use, transparency, and accountability. The report also highlights the need for investments in workforce training and infrastructure, enabling agencies to better respond to technological advancements while protecting civil liberties.

This recommendation seeks to balance the promise of innovation with the need to uphold social justice, ensuring that government operations remain fair, inclusive, and trustworthy.

We look forward to bringing you more insightful updates as we continue to explore the latest trends and innovations in the field of digital identity. Together, we can contribute to a more secure and inclusive digital future.

This Month in Digital Identity — December Edition was originally published in Finema on Medium, where people are continuing the conversation by highlighting and responding to this story.


PingTalk

How Digital Identity Powers Fraud Integrated Detection, Response, and Prevention

Digital identity for bank fraud detection, response, and prevention

 

Bank fraud continues to rise sharply worldwide, driven by an increasing proliferation of AI-driven impersonation, deepfake attacks, and the rapid emergence of fraud-as-a-service (FaaS) cybercrime. The risks of bank fraud are further compounded by the increasing worldwide adoption of digital banking and embedded finance, creating new opportunities for malicious actors. While banks continue to invest heavily in developing their fraud detection, response, and prevention capabilities in line with rapid developments in the regulatory landscape, many are left with highly fragmented strategies that struggle to meet the evolving threat landscape. One of the key reasons behind this is the lack of holistic thinking about how “upstream” fraud prevention works in concert with “downstream” fraud prevention to drive real-time access decisioning at all stages of the customer journey.

 

This blog will explore how converged identity and access management (IAM) can help to integrate fraud detection, response, and prevention in the banking industry.

Sunday, 01. December 2024

KuppingerCole

From SolarWinds to Zero Trust: Rethinking Supply Chain Security

Matthias Reinwarth and Dr. Phillip Messerschmidt delve into the complexities of Cyber Supply Chain Risk Management (C-SCRM). They discuss the importance of understanding and mitigating risks that arise from external suppliers and the interconnected nature of modern supply chains. The conversation highlights the critical role of Identity and Access Management (IAM) in managing these risks, particul

Matthias Reinwarth and Dr. Phillip Messerschmidt delve into the complexities of Cyber Supply Chain Risk Management (C-SCRM). They discuss the importance of understanding and mitigating risks that arise from external suppliers and the interconnected nature of modern supply chains. The conversation highlights the critical role of Identity and Access Management (IAM) in managing these risks, particularly in the context of federated identities and the challenges that arise from relying on third-party controls. The speakers emphasize the need for organizations to actively assess and manage risks, implement robust onboarding processes, and continuously improve their cybersecurity practices to protect against potential threats.




1Kosmos BlockID

Vlog: How Can Remote Caller Verification Protect Your Organization From Social Engineering?

Mike Engle: Hi, everybody. My name is Mike Engle, co-founder and head of strategy here at 1Kosmos. I’m joined today by Jens Hinrichsen. Say hello, Jens. Jens Hinrichsen: Hello, everybody. Mike Engle: Jens is our head of sales here at 1Kosmos, spends a lot of time in the trenches. And today we’re here to talk … Continued The post Vlog: How Can Remote Caller Verification Protect Your Organization

Mike Engle:
Hi, everybody. My name is Mike Engle, co-founder and head of strategy here at 1Kosmos. I’m joined today by Jens Hinrichsen. Say hello, Jens.

Jens Hinrichsen:
Hello, everybody.

Mike Engle:
Jens is our head of sales here at 1Kosmos, spends a lot of time in the trenches. And today we’re here to talk about remote caller verification. We have an acronym for that, RCV. But Jens, would you mind giving your quick pitch on what RCV is for the folks out there?

Jens Hinrichsen:
Yeah, I would love to. And I think certainly also, Mike, with all the conversations that we’re both fortunate to have with a variety of organizations globally, please chime in with some of your own perspective as well. But I think remote caller verification, whether it is IT service desk for employees, contractors, other third parties that are interacting with an organization and have access to the inner sanctum, if you will, of an organization versus, say, contact center or call center. Where for years the industry has been working on solutions to mitigate fraud from a customer or outside facing standpoint, this is really about these emerging threat actor groups. Not even so much emerging, but Scattered Spider certainly has taken the cake recently in terms of being in the press most from MGM, Caesers, a host of other organizations where they have as a group socially engineered their way through the IT service desk of an organization.

So in the case of 1Kosmos, hi, I’m Mike Engle, I’m a co-founder. Service desk agent’s like, “Oh, my gosh, I got a co-founder on the call.” And if it’s not Mike and it’s a threat actor group, very charming, you name it, they can socially engineer their way in, get the credential reset, and then have Mike’s access to the company. So it is a big area of threat. It’s a big area of inefficiency also that organizations are trying to get better shored up. Mike, any other thoughts you have on that?

Mike Engle:
Yeah, so a lot of friends in the industry, I talk to them about this and they don’t have the right tools typically. So they’re using old, tired methods or no methods. They just turn it off because they can’t trust it. And an example would be secrets. What’s your employee ID? What was your date of hire? What was the amount of your last payroll deposits? Which I wouldn’t know that. So sometimes those are too hard and don’t work or they’re too easy to guess and anybody can use them. So social engineering has been around forever, but they’ve gotten really good at finding the information, the legacy ways that people have been using over time. What are some of the ways that they’re using now to get into help desks?

Jens Hinrichsen:
Well, it’s interesting, too. I think back to the point we made earlier from a fraud standpoint, I mean, there’s been social engineering going on for ages. Whatever that chain looks like, phishing, malware, getting information, and then pretending to be a customer of an organization, malicious actors are looking for economic gain and other impact for a variety of reasons. But where you can have big impact is when you’re able to infiltrate an organization. It’s one thing to steal $50,000 from a customer of an organization. It’s a big deal. You want to mitigate that, but as far as being able to get into the inner bowels of an organization’s IT stack moving laterally, whatever the case is, that is a huge area of focus these days.

So a lot of the, call it, the social engineering talent, the charms, I mean, Mike, you and I have even through different circles heard some of these calls and they’re … Wow, if I’m the service desk agent, yeah, I’m believing this person. You don’t have an ID for what reason or you don’t know this for whatever reason? Sure, of course. So I think it’s really been the same playbook focused on this avenue now. And again, it is really, really easy for these sophisticated threat actors to sound very believable, have core information that’s needed that would get a service desk agent to say, “Mr. Engle, co-founder of 1Kosmos, that’s fine that you don’t have this and this, but I’m going to issue a new credential to you right away. I want to make sure you’re happy.”

Mike Engle:
Right, and they may create a sense of urgency. I’m a doctor, I got a patient here at a table and I can’t unlock my stethoscope, whatever it is. So yeah, that’s a common tactic as well that we’ve seen them use. And then once they get that initial credential, they’re typically 50% of the way of getting into the core network and things go downhill from there. And so yeah, the traditional KBA, which you would think stands for knowledge based authentication.

Jens Hinrichsen:
Knowledge based authentication. Right.

Mike Engle:
We actually refer to it as known by anybody, KBA. So it really is close to useless. And whenever I opened a new financial services account and they pop up those five questions, what was the type of car you had when you were five years old or whatever, I run for the hills if I can. So what can we do about it? How does 1Kosmos, for example, mitigate this threat?

Jens Hinrichsen:
Yeah. And even, Mike, before we go there, and I think one of the examples, what’s one of the KBA examples you’ve used before? It’s like your grandmother’s shoe size when she was nine or something. Well, whatever the iteration is, before we even get into solution, I think some of the really interesting parts that we’ve gotten more intimate with is even the other ways that organizations are trying to address this. So KBA, sure, that’s one. Known by anybody, as you said. OTP. Hey, I’m going to push you an OTP. Well, we still don’t know it’s Mike. And then we’re also seeing a lot of organizations, not even necessarily just at the highest level of privilege, but even more broadly where it’s an escalation to the manager. And you do the math on that in terms of just sheer productivity loss and in some cases you might not still be actually verifying it’s that genuine user.

So there’s these kind of clunky ways and tools that we as an industry have been trying to address this. And so to your question, Mike, it’s like, well, gosh, what is a way that an organization can do this where it’s effectively automated? So somebody is still calling into the service desk, but you’re removing the onus of verification from the service desk agent because the reality is service desk agents are being asked to do so many things already and they’re always do it in this amount of time, get it faster, faster. So you don’t want to forsake quality, but how do you have a very easy process for both agent and user, whether genuine or a malicious actor, to undertake that then gives the credence that, yes, this is actually Mr. Engle calling in? And so there are a few ways to do it. One that really gives, I’ll say, the minimum viable baseline would be a one-time identity verification or identity proofing event where I call into the service desk and I’m pretending to be you.

And the service desk agent says, “Okay, Mr. Engle, I’m going to send you a link either to your phone, to your email address.” There are a variety of things that you have to take into consideration obviously in terms of companies that might not have employees be able to have phones or are they company owned, et cetera. Those are all things that you see and we navigate accordingly, but the very simple process of opening up a link, scanning the front and back of a driver’s license, a passport, some other government issued document, and then doing a matching selfie against the image that’s on that document. And what we can do with very high assurance is give a thumbs up or thumbs down. And all we would do is simply say the agent, “Yep, this is Mr. Engle,” or in my case, pretending to be you, “No, this is not.” And so that’s a really simple initial way to do it. The really exciting part, and this is what permeates the next generation, which is actually here now and gaining steam, is the user control.

That reusable identity of, hey, once I have verified myself, once I essentially have an identity wallet that I can then present wherever it’s needed that proves that I am like Engle and I don’t have to go back through the whole process of scanning something, selfie, et cetera. So the elegance is there. You get high assurance, quick and easy, reduces call center times. And then again, you’re removing that, again, onus on the service desk agent of having to be the one. And there are other companies, too, Mike, where it’s, “Hey, can you hold your ID up to the camera?” It’s hard enough to tell that they’re real when you’re holding them, much less over a camera.

Mike Engle:
Yeah. And when I hold my license up to a camera, now what’s the other person doing with that information? First of all, they can’t verify it. It’s too hard. You can’t see the little security features and then now I’ve just showed you my driver’s license number. That’s something you don’t want floating out there on a video call. So yeah, the privacy preserving aspects are really key. If you can assure the help desk and your remote callers, your remote employees, or customers that it’s safe, then they’ll trust it and feel good about using it as well. That’s a great point. Yeah, so I think we’ve about done it. I guess one last thing is how hard is it to implement a tool like identity-based biometric verification for a service desk?

Jens Hinrichsen:
Yeah. What’s the usual answer? Well, we could have had it in yesterday, so you got a couple of flavors. And I think the great thing for us as an industry is you can literally start as fast as you can start with, call it, a touchless integration where you’re simply calling out to an API. That link that we talked about earlier that gets sent to the user, that’s essentially a service. It’s a hosted service and you’re not having to replumb or do anything on day one within your organization. You can address the threat, make it a simpler process literally within a couple of weeks. And then the subsequent steps that I know we’ve observed with our customers is there are things that you can do to tighten some of the workflows, whether it’s ServiceNow or whatever the service desk system or backend might be.

But then that next step, and it can come pretty quickly, is the organization’s adoption and use of that reusable identity. And it’s a pretty powerful thing when we think about especially at the point of, say, onboarding. Whether it’s say HR onboarding, contract, or third-party onboarding, you’re doing that verification once. The user now owns it. You made a great point about privacy preservation. I mean, that’s what we’re all in the space for, right? It’s one thing to have a point in time, but you have to make sure it’s privacy preserving. But then also, let’s make it efficient for everybody. Do the verification once and then all you’re doing is you’re essentially authenticating into systems or doing high-risk transactions or whatever the case is after that.

Mike Engle:
Right, right. And you can’t implement something like this without uttering the words ROI, right?

Jens Hinrichsen:
Yeah.

Mike Engle:
You have the obvious security benefits, stop bad guys, but the user experience is actually better. And then an organization can have 100,000 calls into a help desk a year. It’s an average of 30% to 50% are password reset or identity related, so why not remove that and save those calls from even coming in? You can automate this, you can do it in a self-service password reset manner as well, SSPR. So yeah, a lot of reasons to do it.

Jens Hinrichsen:
Yeah. Well, no, and you’re right. And it’s fun to build these business cases alongside organizations because it’s not just a security risk mitigation. There are very direct, like you said, Mike, very direct savings, overall operating efficiencies. Even to the point where as an organization lifts its security posture, they’re getting better policy. Their cyber insurance policies are coming down or at least not going up as quickly as they might go, depending on what most of us are feeling in the industry. So that’s a great point, that this is a really a multi-pronged business case. And I think we’ve observed 10, 20, 30X return on an investment in even just the first year.

Mike Engle:
Yeah. Yeah, it’s a no brainer. So hopefully we’ll get the phone calls before the bad guys get in and not after, but either way …

Jens Hinrichsen:
Mike’s personal number is…

Mike Engle:
That’s right. Well, cool. Thanks so much for joining. It’s been fun chatting with you about this. Hopefully somebody out there will see it and will spark some ideas to make a difference in the world of cybersecurity.

Jens Hinrichsen:
Brilliant. Great chat, Mike.

Mike Engle:
Thank you.

The post Vlog: How Can Remote Caller Verification Protect Your Organization From Social Engineering? appeared first on 1Kosmos.

Saturday, 30. November 2024

liminal (was OWI)

Industry Highlights – Week of November 25

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage. Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments. Here are the main industry […] The post Industry Highlights – W

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week.

🪄Innovation and New Technology Developments

Colorado Expands Digital ID Options with Samsung Wallet Integration

Colorado residents can now add their driver’s license or state ID to Samsung Wallet, allowing for digital use in certain situations, such as at select TSA checkpoints like Denver International Airport. Users can verify their identity by unlocking their phone and using a QR code or digital ID, ensuring only necessary information is shared securely. Colorado has previously made digital IDs available through Apple and Google Wallets, as well as the state’s myColorado app. While digital IDs are gaining acceptance, they are intended to supplement, not replace, physical IDs, which residents should continue to carry. The Colorado DMV highlights this initiative as part of the state’s commitment to innovation, convenience, and enhanced security for its citizens. (Source)

UK Releases DIATF 0.4: Paving the Way for Digital Identity Certification in 2025

The UK government has pre-released version 0.4 of its Digital Identity and Attributes Trust Framework (DIATF), providing clarity on forthcoming standards ahead of certification opportunities expected in early 2025. This iteration, shaped by stakeholder feedback since the 2022 beta, introduces new certification roles for digital wallets and facial authentication services, stricter user support requirements, and guidance on data protection and promoting certified status. Key updates include inclusion monitoring, fairness in biometric systems, and a revamped structure for better navigation and auditability. Building on prior versions, DIATF 0.4 aligns with international standards, mandates certification for certain use cases, and emphasizes inclusivity through alternative identity verification methods. (Source)

North Korean Hackers Exploit AI and Remote Work to Fund Weapons Program with Stolen Crypto

Security researchers at Cyberwarcon revealed that North Korean hackers have stolen billions in cryptocurrency over the past decade by posing as venture capitalists, recruiters, and IT workers to fund the country’s weapons program. These campaigns involve creating false identities using AI and infiltrating multinational corporations, often with the help of U.S.-based facilitators to bypass sanctions. Key tactics include phishing, malware-laden downloads disguised as meeting tools or skills tests, and fraudulent employment schemes that exploit remote working trends. Despite sanctions and investigative efforts, experts warn that North Korean hacking operations remain a persistent and evolving threat to global cybersecurity. (Source)

💰 Investments and Partnerships

ID.me Secures $67M Investment to Expand Trusted Digital Identity Solutions

ID.me secured $67 million in secondary tender funding from Ribbit Capital , Viking Global Investors, and CapitalG, highlighting its rapid growth and adoption. Serving over 135 million users, including 62 million federally authenticated, ID.me offers a secure digital identity wallet for government, healthcare, and commercial use, meeting NIST Identity Assurance Level 2 standards. With 370% revenue growth from 2020 to 2023, the investment advances its vision of a trusted, reusable identity to combat fraud and simplify digital access. (Source)

Halcyon Secures $100M to Advance AI-Powered Ransomware Defense

Halcyon, a cybersecurity firm specializing in ransomware defense, raised $100 million in Series C funding, totaling $190 million to date. Its platform combines AI-driven prevention, suspicious file analysis, and tools to disrupt ransomware attacks while minimizing business disruption. Investors include Evolution Equity Partners and Bain Capital Ventures, with Evolution’s Richard Seewald joining the Board. The funds will drive Halcyon’s growth and innovation in ransomware prevention. (Source)

Idemia and Kudelski IoT Team Up to Boost Identity Security at Automotive Dealerships

IDEMIA Public Security has partnered with Kudelski IoT to enhance identity verification and document authentication for U.S. automotive dealerships. Kudelski IoT’s vehicle tracking technology, which uses GPS, WiFi, and Bluetooth Low Energy, will complement Idemia’s ability to validate driver’s licenses and verify customer identities during key dealership processes. The collaboration aims to improve security and reduce fraud risks for over 1,000 dealership customers, handling more than 200,000 identity verifications annually. This integration will support dealerships in managing test drives, financing applications, and vehicle purchases securely. Idemia also recently introduced a new Chief Technology Officer and shared insights on integrating biometric security in IoT devices. (Source)

Haveli Investments Acquires Majority Stake in AppViewX to Scale AVX ONE Platform and Tackle Cryptographic Challenges

Haveli Investments has acquired a majority stake in AppViewX, a company focused on certificate lifecycle management and public key infrastructure solutions. This investment aims to enhance AppViewX’s AVX ONE platform, which addresses the complexities of machine identities in hybrid and IoT environments and responds to shorter TLS certificate durations and emerging cryptographic needs. The platform automates certificate management and prepares for post-quantum cryptography. The deal includes financial and operational support to expand AppViewX’s capabilities and market presence, though financial details remain undisclosed. (Source)

EY Identity Acquires J Group Consulting to Boost Privileged Access Management Capabilities in Oceania

EY Identity (EYI) has acquired Melbourne-based cybersecurity firm J Group Consulting to enhance its Privileged Access Management (PAM) capabilities in Oceania. Founded in 2022, J Group Consulting specializes in PAM tools like CyberArk and HashiCorp Vault, offering strategy, implementation, and optimization services. The 20-member team, led by Joel Harris, will integrate with EYI, aiming to improve cybersecurity solutions for critical infrastructure sectors and address the growing demand for advanced PAM to secure privileged accounts in Australia. This partnership will strengthen EYI’s regional presence and its ability to deliver tailored cybersecurity strategies. (Source)

KGeN Raises $10M to Empower Gamers with Web3 Digital Identities and Expand Global Gaming Economy

Kratos Gamer Network has secured $10 million to enhance gamers’ control over their digital identities and expand its web3 gaming economy. The company aims to redefine game publishing with a focus on equitable data management and rewarding collaborations among developers. Targeting emerging markets like India, Brazil, Nigeria, and MENA, KGeN seeks to incorporate micro-gaming communities into the web3 ecosystem. This funding, led by Aptos Labs and supported by Polygon and Game7, brings KGeN’s total funding to $30 million, valuing the company at $500 million. (Source)

Wiz Acquires Dazz for $450M to Boost AI-Powered Application Security

Wiz, a leading cloud security provider, has acquired cybersecurity startup Dazz for $450 million. Founded in 2020, Wiz has grown rapidly, generating $500 million in annual recurring revenue, with projections to exceed $1 billion next year. Dazz, which supports around 100 organizations, specializes in scanning developer code for vulnerabilities and has achieved 500% annual revenue growth. The acquisition will enhance Wiz’s newly launched Wiz Code service by integrating Dazz’s technology, aligning with Wiz’s strategy to expand its security solutions and strengthen its position in the cybersecurity market. (Source)

⚖️ Policy and Regulatory

DOJ Pushes for Google Chrome Sale in Landmark Antitrust Battle

Australia has passed a law banning children under 16 from using social media platforms like Instagram, Snap Inc., and TikTok, effective in late 2025. The legislation, backed by 77% of Australians, aims to tackle youth mental health issues but raises concerns about privacy and digital surveillance. Critics argue it could lead to excessive data collection and limit access to support networks, while supporters, including parent groups, view it as a necessary move against cyberbullying. Tech companies are pushing back, claiming the law lacks clear implementation guidelines. This decision is a political win for Prime Minister Anthony Albanese but may complicate Australia’s relations with U.S. tech firms. (Source)

Finastra Investigates Data Breach of Secure File Transfer Platform, Impacting Global Banks

Pornhub Challenges UK Age Verification Rules as New Digital Identity Solutions Emerge

Pornhub has controversially claimed it is a social media platform, not a pornography website, to argue it is not subject to age verification requirements under the UK’s Online Safety Act until July. The company has previously blocked access in U.S. states requiring age checks and may implement options like facial age estimation or ID uploads. Meanwhile, Spain-based TechPump has partnered with Gataca to launch an age verification system using a free self-sovereign digital identity (SSI) wallet that protects user anonymity while verifying age. Gataca’s solution complies with the EU’s Digital Services Act and has been approved by Spain’s Data Protection Agency for secure age data processing. (Source)

NY Attorney General Fines Geico and Travelers $11.3M for COVID-Era Data Breaches

New York Attorney General Letitia James has fined Geico and Travelers Indemnity Company $11.3 million for data breaches during the COVID-19 pandemic that exposed the personal information of over 120,000 individuals. The cybersecurity failures allowed attackers to exploit vulnerabilities in Geico’s online quoting tool and access sensitive data, including driver’s license numbers, likely contributing to identity theft and fraudulent unemployment claims. This enforcement action highlights the importance of robust cybersecurity measures. (Source)

Australia’s Fast-Tracked Age Verification Bill Sparks Privacy and Democracy Concerns

The Australian government is moving to fast-track legislation for age verification on social media and pornography sites, despite limited public consultation. Critics argue this rushed process undermines democratic decision-making and raises privacy concerns, especially as the law requires collecting personal or biometric data, which could lead to data misuse and push minors to less regulated platforms. Digital rights advocates are divided on its effectiveness, with some suggesting a broader digital duty of care instead of targeted restrictions. Exemptions for sites like YouTube and unclear enforcement only add to the controversy surrounding user safety versus government control. (Source)

Bluesky Faces EU Scrutiny for Non-Compliance with Digital Services Act Amid Rapid Growth

According to the European Commission, BlueSky, a fast-growing social media platform competing with Elon Musk’s X, has breached EU regulations by failing to disclose details such as its number of EU users and legal establishment. Despite a nearly 300% increase to 3.5 million daily users after Musk’s controversial endorsement of Donald Trump, Bluesky has not complied with the Digital Services Act (DSA). The Commission has not yet contacted Bluesky directly and is seeking member states’ help to find an EU representative. Although it doesn’t meet the 45 million EU monthly user threshold for very large online platforms under the DSA, continued non-compliance could result in penalties of up to 6% of global annual revenues. (Source)

IGT Cyberattack Disrupts Systems Amid Rising Threats to the Gambling Sector

IGT, a major global gambling company, faced a cybersecurity incident on November 17, 2024, disrupting its internal IT systems. The company activated its response plan, involving external advisors and taking some systems offline to contain the breach. While the financial impact is still uncertain, IGT has implemented measures to maintain customer service. This cyberattack is part of a rising trend of ransomware targeting the gambling and lottery sectors. As IGT works to restore systems and rebuild stakeholder confidence, it remains transparent with customers and partners about its efforts. (Source)

The post Industry Highlights – Week of November 25 appeared first on Liminal.co.

Friday, 29. November 2024

Extrimian

Decentralized Identity in Education

Decentralized Identity in Education: Revolutionizing Data Management with Extrimian The education sector is undergoing a significant transformation with the integration of decentralized digital identity and Data technologies. These innovations are set to redefine the management, access, and trust of personal and institutional data across various educational processes. Extrimian, with its advanced
Decentralized Identity in Education: Revolutionizing Data Management with Extrimian

The education sector is undergoing a significant transformation with the integration of decentralized digital identity and Data technologies. These innovations are set to redefine the management, access, and trust of personal and institutional data across various educational processes. Extrimian, with its advanced suite of services, is leading this change, enhancing security, privacy, and efficiency for educational institutions globally.

The Urgent Need for Decentralized Identity Solutions

Educational institutions manage a vast array of sensitive data, from student records to faculty credentials. Traditional data management methods are often plagued by security breaches, privacy issues, and bureaucratic inefficiencies. Decentralized identity technology provides a groundbreaking solution by enabling secure, sovereign control over digital identities and data.

The Impact on Educational Data Management

Extrimian’s Self-Sovereign Identity (SSI) systems allow institutions to issue, manage, and verify credentials seamlessly and securely, streamlining administrative operations and minimizing data mismanagement risks.

Advantages of Implementing Decentralized Data Management in Education: Robust Data Privacy and Security: Extrimian’s blockchain-based solutions ensure that educational credentials and data are stored securely and immutably, safeguarding against unauthorized access and manipulation. Operational Efficiency and Cost Reduction: By eliminating intermediaries in the credential verification process, decentralized systems foster faster processing times and lower operational costs. Institutions can directly verify the authenticity of credentials through Extrimian’s platform, enhancing operational efficiency. Seamless Interoperability: Designed for cross-institutional and international interoperability, Extrimian’s data solutions facilitate the reliable exchange of credentials across different educational systems, enhancing global education programs and student mobility. Empowerment of Stakeholders: Students and faculty gain control over their digital credentials, managing and sharing their data independently, which reinforces the principles of data sovereignty and user-centric digital experiences.

Try our Education Demo to understand how this technology can work in this industry: click in this link.

Exemplary Implementation: A Case Study

A partnership with a leading university showcased the benefits of Extrimian’s DID technology by simplifying credential issuance and verification processes, thereby maintaining accurate, tamper-proof academic records. For more on this, visit our Case Studies page.

Future Prospects in Educational Technology

The potential for DID in education extends to streamlining administrative processes, enhancing personalized learning experiences, and integrating smart contracts for better governance. Extrimian is at the forefront, developing tools that integrate these technologies into educational frameworks.

For broader insights into decentralized digital identities in education and other sectors, the Decentralized Identity Foundation provides extensive resources and research.

Source: https://www.linkedin.com/pulse/self-sovereign-identity-distributed-ledger-blockchain-eray-altili/

Conclusion: Setting the Standard with Extrimian

The integration of QuarkID into the Buenos Aires miBA platform exemplifies a strategic enhancement of the city’s digital infrastructure, setting a global benchmark for digital governance and identity management.

For a detailed understanding of decentralized digital identity movements and how Extrimian’s solutions are pivotal, visit our Use Cases page. Find more insights and potential collaborations on Extrimian website.

The post Decentralized Identity in Education first appeared on Extrimian.


Dock

Data Reconciliation: An Introductory Guide

In a data-driven world, maintaining accurate and consistent information is essential for business success. Data reconciliation plays a crucial role in ensuring that data from various sources aligns and matches to provide a reliable foundation for decision-making, reporting, and operational efficiency.  This blog will delve into what

In a data-driven world, maintaining accurate and consistent information is essential for business success. Data reconciliation plays a crucial role in ensuring that data from various sources aligns and matches to provide a reliable foundation for decision-making, reporting, and operational efficiency. 

This blog will delve into what data reconciliation is, why it is vital for businesses, and best practices for implementing it effectively.

Full Article:


Customer Data Matching: What is it and why is it important?

In today’s data-centric world, businesses need to maintain accurate and consistent records to thrive. This is where customer data matching becomes essential. Customer data matching is the process of identifying and linking records that represent the same customer across multiple data sources. This ensures that businesses

In today’s data-centric world, businesses need to maintain accurate and consistent records to thrive. This is where customer data matching becomes essential. Customer data matching is the process of identifying and linking records that represent the same customer across multiple data sources. This ensures that businesses have a single, unified view of their customers, which is crucial for making informed decisions, providing personalized experiences, and maintaining operational efficiency.

Customer data matching goes beyond simply managing data; it is about creating reliable, connected information that helps businesses operate seamlessly. When executed effectively, data matching reduces redundancy, enhances data accuracy, and improves the overall customer experience.

Full Article: www.dock.io/post/customer-data-matching


Entity Resolution: What is it and why is it important?

In a world increasingly driven by data, ensuring that information across systems is accurate and connected is essential for business success. This is where entity resolution comes into play. Entity resolution is the process of identifying and linking data records that refer to the same real-world entity, such

In a world increasingly driven by data, ensuring that information across systems is accurate and connected is essential for business success. This is where entity resolution comes into play. Entity resolution is the process of identifying and linking data records that refer to the same real-world entity, such as a customer or organization, even when those records contain variations or errors. 

Whether you’re in finance, healthcare, or retail, entity resolution helps businesses consolidate their data, reduce duplications, and achieve a single, unified view of each customer, product, or transaction.

Entity resolution is more than just a backend process—it’s a foundational part of managing customer relationships, improving operational efficiency, and reducing risk. Without a clear view of their data, businesses face challenges like data silos, high operational costs, and inconsistent customer experiences.

Full article: https://www.dock.io/post/entity-resolution


UNISOT

Redefining Sustainability: The End of Greenwashing

In their insightful articles, Professors Arne Nygaard and Ragnhild Silkoset highlight the pervasive issue of greenwashing, where companies falsely present products as environmentally friendly, thereby eroding consumer trust and undermining genuine sustainability efforts. The post Redefining Sustainability: The End of Greenwashing appeared first on UNISOT.
Redefining Sustainability: The End of Greenwashing

 

In their insightful articles (here and here), Professors Arne Nygaard and Ragnhild Silkoset highlight the pervasive issue of greenwashing, where companies falsely present products as environmentally friendly, thereby eroding consumer trust and undermining genuine sustainability efforts.  

They eloquently argue that blockchain technology is the key to tackling greenwashing by ensuring that sustainability claims are traceable, transparent and verifiable. At UNISOT, we see blockchain not just as a technical solution but as a foundational element in redefining trust in global supply chains. Our Digital Product Passports (DPP), powered by Enterprise Blockchain technology, provide an immutable and transparent record of a product’s entire lifecycle. This aligns with Nygaard and Silkoset’s emphasis on the need for reliable, traceable, and tamper-proof product information to mitigate greenwashing.

UNISOT’s Solutions in Action  Full Transparency Across the Supply Chain

Nygaard and Silkoset stress the importance of transparency, emphasizing that consumers and regulators demand trustworthy documentation of environmental claims. UNISOT’s blockchain-based platform ensures that data entered at every step of the supply chain -whether it’s sourcing raw materials, manufacturing or distribution – is immutably stored and easily accessible. 

Example:
A clothing manufacturer can prove its fabrics are made from 100% recycled materials, with verifiable data on sourcing, energy use and CO₂ emissions. This aligns with the authors’ call for “proof, not promises.” 

 

Trust Through Decentralized Verification

The authors criticize the traditional reliance on centralized certification bodies, which can be susceptible to errors, biases or even corruption. Blockchain decentralizes this process, enabling all participants in the supply chain to input, audit and access data independently. 

UNISOT’s Impact:
Smart Digital Twins provide a decentralized, interactive record of each product, ensuring that sustainability claims are verified by multiple stakeholders – not just the company making the claim. 

Consumer Empowerment Through Digital Product Passports

Nygaard and Silkoset highlight how blockchain can empower consumers by giving them easy access to verified product data. UNISOT’s DPPs make this a reality. By scanning a QR code or NFC tag, consumers can instantly access a product’s history, including: 

Carbon footprint  Ethical Sourcing Certifications  Compliance with environmental standards 

Example:
A customer buying sustainable seafood can verify that the fish was ethically farmed, transported with minimal emissions, and complies with regulatory standards like the EU Digital Product Passport mandate. 

Combating Greenwashing with Immutable Data

A key point raised by Nygaard and Silkoset is the role of blockchain in preventing greenwashing by ensuring data integrity. Companies can no longer alter or selectively report data to present a false image of sustainability. 

UNISOT’s Solution:
Our Enterprise Blockchain backbone ensures that every claim – whether about emissions, sourcing or recycling – is recorded in a tamper-proof manner. Any discrepancy between what is claimed and what the data shows is immediately apparent. 

Real-Time Monitoring and Reporting

Nygaard and Silkoset emphasize the importance of real-time tracking to provide accurate and up-to-date information. UNISOT’s integration with IoT devices ensures that real-time data on energy use, emissions and material flows is continuously recorded and accessible. 

“Blockchain technology offers a more robust solution against the risk of greenwashing than traditional trademarks and certification systems.” – Professors Arne Nygaard and Ragnhild Silkoset

Why This Matters 

Nygaard and Silkoset argue that trust is the cornerstone of a sustainable economy and that companies who invest in transparency and verifiability stand to gain a competitive advantage. With upcoming regulatory changes, such as the EU’s Digital Product Passport and increasing consumer demands for transparency, companies that fail to act risk not only fines but also irreparable damage to their reputation. 

 

UNISOT: Turning Vision Into Reality 

By adopting UNISOT’s solutions, companies can move beyond vague sustainability claims and embrace a future where every claim is backed by immutable data, every product has a story, and every consumer has the power to make informed decisions. 

The battle against greenwashing isn’t just about avoiding bad press; it’s about building a better, more sustainable world. As Professors Nygaard and Silkoset highlight, blockchain technology is the solution to unethical practices, and UNISOT is here to lead the way. 

Reach out to us to explore how UNISOT’s solutions can transform your business into a beacon of trust and transparency. 

Read more: Addressing Greenwashing: Building Trust Through Transparency with UNISOT Solutions

The post Redefining Sustainability: The End of Greenwashing appeared first on UNISOT.


BlueSky

The Engagement Is Better on Bluesky

Bluesky is the lobby to the open web. Find and build your community here.

We could go on about how we welcome publishers, we don't demote links, we encourage independent developers to build apps and extensions on top of Bluesky's network.... but instead, we'll show you:

The Boston Globe

Traffic from Bluesky to @bostonglobe.com is already 3x that of Threads, and we are seeing 4.5x the conversions to paying digital subscribers.

— Matt Karolian (@mkarolian.bsky.social) November 26, 2024 at 10:19 AM
The Guardian

By which I mean, I'm pretty sure traffic from @bsky.app to @theguardian.com is *significantly* higher than the very obvious 2x that of Threads

This post brought to you by a reply to @mkarolian.bsky.social on Threads, where it has had just 105 engagements, as opposed to the 18k+ here

[image or embed]

— Dave Earley (@earleyedition.bsky.social) November 26, 2024 at 10:30 PM

The New York Times

hard to exaggerate how nuts the engagement is on Bluesky compared to 𝕏. a vastly smaller user base (at least officially), but just look at these stats for one of the biggest newspapers on Earth. Musk has absolutely trashed the platform. folks, you are not locked in on 𝕏. not even a little.

[image or embed]

— Kevin Rothrock (@kevinrothrock.me) November 23, 2024 at 1:21 AM
Open-source Web Dev

We have 6% of the followers here compared to the 100k in X. The vite 6.0 announcement in bluesky already got half the reposts and a third of the likes. And most of the comments and quotes from OSS maintainers happened here. I don't know about other communities, but OSS web dev is a bluesky game now.

[image or embed]

— patak (@patak.dev) November 27, 2024 at 8:01 AM
Democracy Docket

Traffic from Bluesky to @democracydocket.com is surging while X is falling and Threads remains largely irrelevant. This is powering rapid growth of both free subscribers and paid members.

— Marc Elias (@marcelias.bsky.social) November 27, 2024 at 5:31 AM

Join us: bsky.app/download. Publishers, you can find our press FAQ here.

Thursday, 28. November 2024

auth0

Empower Your Enterprise Customers to Set up Their Own SSO Implementations

Self-Service Single Sign-On (SSO) reaches General Availability (GA) status
Self-Service Single Sign-On (SSO) reaches General Availability (GA) status

KuppingerCole

Security in the Era of Rapid Digitalization in Operational Technology Environments

by John Tolbert The Rapid Digitalization of OT, ICS, and IoT: Opportunities and Security Risks In many enterprises, Industrial Control Systems (ICS) and Operational Technology (OT) systems were kept isolated from IT environments, both logically and physically. ICS is generally considered a subset of OT. Internet of Things (IoT) devices, however, were designed to be networked, enabling real-time

by John Tolbert

The Rapid Digitalization of OT, ICS, and IoT: Opportunities and Security Risks

In many enterprises, Industrial Control Systems (ICS) and Operational Technology (OT) systems were kept isolated from IT environments, both logically and physically. ICS is generally considered a subset of OT. Internet of Things (IoT) devices, however, were designed to be networked, enabling real-time or latent data transmissions to applications to generate insights and to provide remote control capabilities. The connectivity of OT, ICS, and IoT systems to the cloud or corporate networks has increased across many industries, from manufacturing and pharmaceuticals to oil and gas and aerospace.

While this sea change in network connectivity and access policies offers benefits such as predictive maintenance, asset optimization, and enhanced productivity, it also dramatically expands the attack surface. Cyber attacks targeting OT, ICS, and IoT systems are no longer hypothetical. Attacks can have direct and severe consequences, from halting production lines to causing environmental damage or even endangering lives. Cybersecurity in OT and ICS needs to address unique constraints, including:

Reliability requirements: OT systems often operate on very strict schedules and have uptime requirements that cannot be violated without severe safety and financial consequences. Security updates or patches need to be carefully planned to avoid disrupting critical processes. Allowing real-time patch updates directly from vendors is most often prohibited. Legacy systems: Many OT systems run on outdated hardware and software that lack the capacity or compatibility for modern security solutions. This means performing timely security updates may be practically impossible. Other measures may be needed to protect and contain such legacy systems. Physical access: In industrial environments, devices and sensors may be spread across large areas or even in distant, isolated locations, which makies physical security, network segmentation, and secure remote access imperative.

To address these limitations, security strategies must be adapted to meet the unique requirements of OT/ICS/IoT, with specific attention paid to the differences from standard IT infrastructure.

Key Differences in Securing OT, ICS, and IoT Environments

Despite the overlap between IT and OT, the two are distinct in their technological requirements, operational demands, and security challenges.

IT Security: IT security solutions rely on a variety of well-established tool types like firewalls, EPDR, SIEM, SOAR, and IAM to safeguard data integrity and confidentiality. IT environments tend to prioritize agility, which allows more frequent software updates and rapid deployment of new security measures without significant downtime. IT tools use common protocols like HTTPS, SMTP, SMB, LDAP, etc., and for which many security solutions already exist. IoT Security: IoT devices can be found in a wide range of environments, from smart homes to warehouses to industrial facilities. They are often resource-constrained, with limited processing power and memory, which can restrict the type and complexity of security protocols they can support. Many IoT devices were simply not designed with security in mind. IoT devices use protocols such as CoAP, MQTT, and XMPP, which are less common in traditional IT and thus, IT security tools are less likely to have out-of-the-box support for. Vendor-provided or third-party IoT security solutions generally focus on ensuring data integrity, communication confidentiality over IoT protocols, protecting against device spoofing, and managing device identities and access. OT/ICS Security: OT/ICS systems are generally custom-engineered for specific applications, often running on special or proprietary protocols like ModBus, DNP3, OPC-UA, and S7. Security in OT/ICS environments focuses on maintaining uptime, integrity, and safe operations, with stringent requirements to avoid disruptions. Certain OT protocols lack built-in support for encryption or authentication, requiring additional protective measures. In most ICS and Critical Infrastructure Systems (CIS), safety of workers and the surroundings takes precedence over even computing security.

Security strategies for IT and OT therefore need to account for these differences. IT security focuses more on malware prevention via endpoint protection detection and response (EPDR), identity and access management (IAM), and network segmentation, while OT security demands robust intrusion detection, continuous monitoring, and a deep understanding of OT/ICS/IoT protocols to detect anomalous or malicious behavior.

Navigating the Divide Between OT Engineering and IT Software Engineering

Another difficulty in securing OT, ICS, and IoT environments is the difference in worldviews between OT engineers and IT software engineers. OT engineers prioritize reliability and safety, because failures in OT environments can have immediate and severe consequences. Conversely, software developers tend to prioritize rapid innovation and adding functionality, which can be a higher priority for their IT customers.

This culture clash can lead to friction in implementing security measures for IT and OT systems. Some challenges include:

Risk tolerance: OT engineers have a low tolerance for change and untested solutions, while IT software developers are accustomed to coding and testing new technologies frequently to keep up with IT customers’ demands. Update and patch schedules: Software vendors may push regular software updates to deploy new features and security patches, whereas OT engineers have to schedule patches and updates comparatively infrequently, perhaps just one or two times per year, and see these as potential disruptions to uptime or performance.

Organizations can take two different approaches here. The first is to leverage IT security systems where they make sense: deploying EPDR agents where permitted by OT vendors, using OT/ICS/IoT-aware Network Detection and Response (NDR) solutions to find and stop malicious actors, using SIEM and SOAR systems for collection and analysis of all telemetry and additional response actions. The other approach is to implement dedicated OT/ICS security solutions. These OT/ICS security solutions can cover additional functions such as asset discovery and classification, scanning of USB devices (used for updating firmware) for malware, as well as monitoring and anomaly detection, and are designed to work in these environments with HMIs, PLCs, SCADA, and IoT devices.

Keeping Pace with Digitalization: Adaptive Security Strategies

As OT digitalization accelerates, security measures need to be agile, capable of adapting to emerging threats, and proactive in addressing potential vulnerabilities. Key strategies include:

Zero Trust Architecture: Zero Trust models work on the principle of “never trust, always verify,” ensuring that every request for access is authenticated and authorized. This approach reduces lateral movement in networks, limiting the scope of damage if a device is compromised. Zero Trust Network Access is particularly important for securing remote access by vendors and contractors into OT/ICS networks. Network Segmentation: Network segmentation divides the network into isolated segments or zones. In OT, this means separating different parts of the production floor or critical control systems from non-critical zones, thus limiting the exposure of sensitive systems to potential threats. OT centric security solutions are often designed to enforce separation in accordance with the Purdue Enterprise Reference Architecture. Behavioral Analytics and Anomaly Detection: IT and OT systems can benefit from anomaly detection tools that learn regular patterns of behavior and trigger alerts when unusual activity occurs. Since some OT components lack basic security features like authentication, monitoring for deviations in traffic and user behavior can help detect and contain potential threats before they escalate. Conclusion

Securing OT/ICS/IoT environments in the current era of rapid digitalization is a multifaceted challenge that requires a tailored approach for each organization. Join us at cyberevolution in Frankfurt, Germany on 3-5 December to hear more about OT and ICS security.


Ocean Protocol

2024 Mexican Grand Prix: Formula 1 Prediction Challenge Results

Introduction The Formula 1 Prediction Challenge: 2024 Mexican Grand Prix brought together data scientists to tackle one of the most dynamic aspects of racing — pit stop strategies. Participants used historical data from past Mexican Grand Prix events and insights from the 2024 F1 season to create machine-learning models capable of predicting key race elements. With every second on the track criti
Introduction

The Formula 1 Prediction Challenge: 2024 Mexican Grand Prix brought together data scientists to tackle one of the most dynamic aspects of racing — pit stop strategies. Participants used historical data from past Mexican Grand Prix events and insights from the 2024 F1 season to create machine-learning models capable of predicting key race elements. With every second on the track critical, the challenge showcased how data can shape decisions that define race outcomes.

The challenge focused on predicting four essential components of pit stop strategies: the number of stints, tire compound choices, laps per stint, and average lap times. Using innovative approaches and advanced algorithms, participants modeled scenarios accounting for starting grid positions, driver performance, and unpredictable race conditions like weather changes or mid-race interruptions. The goal was to provide actionable insights for teams navigating the complexities of modern Formula 1 strategy.

The challenge demonstrated the intersection of sports and data science by combining real-world datasets with predictive modeling. It highlighted the importance of adaptability and precision as models needed to handle variations in track conditions, driver strategies, and car performance. This competition emphasized leveraging analytics in one of the world’s fastest and most data-intensive sports.

2024 Mexico GP Prediction Challenge — Top 10 Podium 1st Place: Aleksandr Lazutin [Poland]

Aleks used three Random Forest Regression models to predict stints, tire life, average lap time, and a Random Forest Classifier to predict tire compounds. The model incorporated predictions for individual drivers and the entire grid, offering flexibility in application for race strategy. By organizing predictions into a modular structure, Aleksandr ensured each component could function independently while supporting the broader model.

He accounted for driver and team variability by including performance metrics, historical data, and team-specific strategies. The model incorporated external factors like weather and mid-race incidents, ensuring it adapted to dynamic race conditions. Outputs provided detailed stint breakdowns and timelines to support decision-making.

Aleks ensured the model could be implemented without complications by delivering structured outputs and comprehensive documentation. This design enabled the evaluation team to apply the model efficiently, ensuring its top ranking in the challenge.

2nd Place: Yuichiro “Firepig” [Japan]

Firepig created a three-step model that used decision trees, linear regression, and random forests to predict tire strategies, laps per stint, and average lap times. The model started with tire compound predictions, followed by stint and lap estimates, and ended with lap time calculations. Firepig’s approach allowed it to adapt to changing race conditions, such as weather or race interruptions.

The model integrated data like grid position, tire compounds, and driver performance to align predictions with real-world racing strategies. Firepig included options for mid-race updates by allowing inputs like current laps, stint numbers, and weather conditions. This structure ensured the model could adjust to unpredictable scenarios during the race.

Firepig refined predictions using detailed feature engineering and cross-validation. The model secured second place in the competition by designing a tool that handled race variability and provided practical outputs.

3rd Place: Yunus Gümüşsoy [Türkiye]

Yunus’ model combined XGBoost, LightGBM, and CatBoost to predict stints, tire compounds, laps per stint, and average lap times. Yunus focused on building a robust data pipeline, merging historical and current-season data to create a comprehensive dataset. The model incorporated track-specific factors like altitude and straights to align predictions with the unique demands of the Mexican Grand Prix.

He integrated weather data, driver inputs, and car performance metrics to handle dynamic race scenarios. This adaptability allowed the model to remain effective under varying conditions. The implementation included clear input guidelines and outputs designed for practical use in race-day strategy planning.

Yunus secured third place by delivering a flexible, well-documented solution that bridged data science and Formula 1 strategy. His focus on track-specific insights and comprehensive data preparation set the model apart.

2024 Championship

Our challenges offer prize pools from $10,000 to $20,000, distributed among the top 10 participants. Our points system for the championship allocates between 100 and 200 points to the top 10 finishers in each challenge, with each point valued at $100. Participants accumulate these points toward the 2024 Championship. Last year, the top 10 champions received an additional $10 for each point they had earned.

Current 2024 Championship Standings

Additionally, the top 3 participants in each challenge can collaborate directly with Ocean to develop a profitable dApp based on their algorithm. Data scientists maintain their intellectual property rights while we provide support in monetizing their innovations.

About Ocean Protocol

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data.

Follow Ocean on Twitter or Telegram to stay up to date. Chat directly with the Ocean community on Discord, or track Ocean’s progress on GitHub.

2024 Mexican Grand Prix: Formula 1 Prediction Challenge Results was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


KuppingerCole

Cloud Security Posture Management (CSPM)

by Mike Small The KuppingerCole Leadership Compass on Cloud Security Posture Management (CSPM) is an essential guide for IT professionals seeking to navigate the complexities of securing cloud environments in today’s rapidly evolving digital landscape. It offers a comprehensive analysis of the CSPM market, highlighting the latest trends, key drivers, and challenges, essential requirements of CSM s

by Mike Small

The KuppingerCole Leadership Compass on Cloud Security Posture Management (CSPM) is an essential guide for IT professionals seeking to navigate the complexities of securing cloud environments in today’s rapidly evolving digital landscape. It offers a comprehensive analysis of the CSPM market, highlighting the latest trends, key drivers, and challenges, essential requirements of CSM solutions and provides detailed assessments of leading vendors.

Ocean Protocol

DF117 Completes and DF118 Launches

Predictoor DF117 rewards available. DF118 runs Nov 28 — Dec 5th, 2024 1. Overview Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor. Data Farming Round 117 (DF117) has completed. DF118 is live today, Nov 28. It concludes on December 5th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE&nbs
Predictoor DF117 rewards available. DF118 runs Nov 28 — Dec 5th, 2024 1. Overview

Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor.

Data Farming Round 117 (DF117) has completed.

DF118 is live today, Nov 28. It concludes on December 5th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF118 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF118

Budget. Predictoor DF: 37.5K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and Predictoor

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF117 Completes and DF118 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 27. November 2024

KuppingerCole

Don’t Let the Endpoints Become the Entry Door for Attackers

Most cyberattacks are identity-based and come in via endpoints. Identity Security on one hand and Endpoint Protection on the other thus are cornerstones of every successful cybersecurity strategy. EPDR (Endpoint Protection, Detection & Response) has evolved as a unified approach that goes beyond traditional anti-malware and EPP (Endpoint Protection Platform) and adds detective and responsive c

Most cyberattacks are identity-based and come in via endpoints. Identity Security on one hand and Endpoint Protection on the other thus are cornerstones of every successful cybersecurity strategy. EPDR (Endpoint Protection, Detection & Response) has evolved as a unified approach that goes beyond traditional anti-malware and EPP (Endpoint Protection Platform) and adds detective and responsive capabilities. It also closely integrates with further detective and responsive technologies such as XDR (eXtended Detecton & Response).

In this webinar, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the status and future of EPDR, on what to consider when defining the own approach for an comprehensive and integrated approach on cybersecurity, and how the vendor landscape looks like. He will discuss the state of the market and the approaches on endpoint security, from unified solutions to integrating / orchestrating different best-of-breed solutions from EPP to Email Security and UEM (Unified Endpoint Management), but also the interplay of EPDR with SIEM, SOAR, and XDR.




Indicio

How decentralized digital identity is creating simpler, more streamlined air travel

The post How decentralized digital identity is creating simpler, more streamlined air travel appeared first on Indicio.
The inexorable growth in passenger numbers has driven the travel industry to an overwhelming conclusion: the only way forward is decentralized identity, digital wallets, and Verifiable Credentials. In the first trial of its kind, with Delta Airlines and the Government of Aruba, SITA and Indicio showed how well they work and how easy they are to implement.

By Trevor Butterworth

With yearly passenger numbers expected to grow from a little over four billion this year to eight billion by 2040 — or sooner — “the travel industry has decided that the future of identity is digital wallets and verifiable credentials,” said Michael Zureik, Head of Digital Travel Strategy and Innovation at SITA, at a recent Indicio Meetup.

To handle this demand and make travel less stressful and more streamlined, SITA — a global supplier of IT to airlines and airports — has worked with Indicio to develop trusted, authenticated, digital travel documents that can be seamlessly authenticated.

First implemented in Aruba, these digital credentials take the data embedded in a passport, combine it with liveness check, authenticate both, and then return the data to the passenger in the form of a Digital Travel Credential or DTC, a specification for deriving a digital passport from a physical passport’s embedded chip, established by the International Civil Aviation Organization (ICAO), a global body that regulates travel documents.

The Government of Aruba is the first sovereign government to accept a DTC, which means a passenger can present their DTC from home, get preauthorization for travel, and then cross the border simply by looking at a camera.

The focus of the Meetup was on the next steps in this digital journey, which were successfully completed with a recent trial combining an ICAO-compatible DTC with One ID, a digital credential standard created by the International Air Transport Association (IATA) for seamless airport and travel services (but which doesn’t include border crossing).

Working with Delta Airlines and the Government of Aruba, SITA and Indicio built a system to first create and issue the DTC and One ID then combined both credentials to add check-in, bag drop, lounge access, and boarding to booking, travel authorization, security, and immigration.

One of the key goals of the trial, said Zureik, was to show how different credentials can easily work together and complement each other to streamline the traveler experience on an international flight.

The trial showed just how easy it is to enroll in both at the same time with a passport and mobile phone, and then use them for instant, seamless authentication through each step of the passenger journey from home to destination.

What we learned, said Zureik, is that these technologies are ready. IATA’s One ID fits easily into the DTC ecosystem, and both were able to be implemented into airport, airline, and border gate processes quickly — six weeks — and without requiring any party to adopt new hardware or systems.

It was, said Zureik, “paramount” that Verifiable Credentials can be easily integrated and interoperate with existing airport infrastructure.

Mike Ebert, Indicio’s Director of Software Engineering, described how this was made possible by combining two types of Verifiable Credential formats — AnonCreds and SD-JWTs — and two types of communication protocols — DIDComm and OpenID4VC. This meant that the credentials were compatible with emerging European eIDAS identity standards but that they also provide strong privacy-preservation.

One key aspect of the Indicio-SITA implementation is that it is fully decentralized. Relying parties do not need to subscribe to or access a centralized database to verify traveler information. This unique architecture is not shared by other travel technology providers, but it is critical for the safe and secure management of people’s biometric data.

With a Verifiable Credential, biometric data doesn’t need to be centrally stored so that there’s something to check when a passenger looks into a camera. Instead, the passenger stores their biometric data securely on their phone and they can elect to share it in a way that can be verified without pinging stored data in a central repository.

As Ebert noted, this reduces the risk of a single point of failure (the database of biometric data goes offline), identity theft (if you don’t have to store people’s biometric data, it can’t be stolen), and it also eliminates the possibility of centralized tracking and provides the privacy protection that people and regulators now demand.

Acuity Market Intelligence described Indicio’s implementation of biometrics in Verifiable Credentials as “masterful” in its 2024 Prism Project Report.

To watch a demonstration of the DTC and One ID and learn more about the benefits of managing biometric data with Verifiable Credentials, and the wider use cases for “government-grade” digital identities in tourism, watch this fascinating episode of the Indicio Meetup.

####

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post How decentralized digital identity is creating simpler, more streamlined air travel appeared first on Indicio.


Biometric travel in the US has public support, needs unified standards

Biometric Update The post Biometric travel in the US has public support, needs unified standards appeared first on Indicio.

Thales Group

Thales Alenia Space to lead Carb-Chaser project, the first French constellation to monitor human-induced CO₂ emissions

Thales Alenia Space to lead Carb-Chaser project, the first French constellation to monitor human-induced CO₂ emissions tas Wed, 11/27/2024 - 14:31 Cannes, November 27, 2024 – Thales Alenia Space, the joint venture between Thales (67%) and Leonardo (33%), is pleased to unveil the Carb-Chaser project. This innovative program is based on a constellation of new-generation satellites spe
Thales Alenia Space to lead Carb-Chaser project, the first French constellation to monitor human-induced CO₂ emissions tas Wed, 11/27/2024 - 14:31

Cannes, November 27, 2024 – Thales Alenia Space, the joint venture between Thales (67%) and Leonardo (33%), is pleased to unveil the Carb-Chaser project. This innovative program is based on a constellation of new-generation satellites specially designed to detect and measure human-induced carbon dioxide (CO₂) emissions, in particular from industrial sites.

Carb-Chaser’s compact architecture will combine efficiency and cost control to meet the needs of carbon monitoring markets.

The project is funded by the French government as part of the France 2030 stimulus plan and will allow the company to mature the payload, finalize constellation sizing and define the precursor satellite.

Image of the Earth from Meteosat Third Generation first imaging satellite (MTG-I1). Image unveiled by EUMETSAT & ESA in May 2023 © EUMETSAT & © ESA

Optical technology at the cutting edge of innovation

Each Carb-Chaser satellite will carry a hyper-compact multispectral interferometer. These highly innovative instruments are made possible by miniaturizing key technologies used in major programs such as the Meteosat geostationary weather satellites and Copernicus, with its 12 European environmental monitoring missions. They will offer the capability to locate individual CO₂ plumes and attribute their source to a specific industrial facility, even in complex atmospheric conditions (wind, aerosols, water vapor, etc.).

Based on a Thales Alenia Space proprietary patented technology, this multispectral interferometry approach marks a breakthrough in terms of dependability and performance, further enhancing the ability of these satellites to offer reliable operational data with shorter revisit cycles to establish an overview of industrial sites on a global scale.

Certified data for strategic applications

The future Carb-Chaser constellation will provide independent, verifiable and certified CO₂ measurements spanning the entire value chain, including carbon services markets. Thanks to its high-precision geolocation capability, emissions will be accurately attributed to specific industrial facilities. These data will then be verified by in-situ surveys performed directly at the sites concerned.

Measurements will also be certified by the French Space Agency (CNES), the European Space Agency (ESA) and scientific experts specializing in atmospheric studies. This official validation will ensure these data can be included in regulatory frameworks, especially for carbon quota systems and carbon border adjustment mechanisms.

Complementary fit with major European space missions for environmental monitoring

Carb-Chaser will operate in synergy with existing European programs dedicated to measuring carbon emissions, such as MicroCarb and CO2M. While MicroCarb is a scientific mission to assess CO₂ fluxes on a global scale, and CO2M will measure human-induced CO₂ on a regional scale, Carb-Chaser will monitor local-scale emissions. Carb-Chaser data will also be used in conjunction with data from the CO2M program to compile atmospheric inventories and track progress toward climate goals.

These three missions, while distinct, will complement and feed into each other to provide a global, integrated picture of carbon emissions and support international efforts to reduce the impact of human activities on the climate.

 

A French consortium at the heart of industrial innovation

Led by Thales Alenia Space, the Carb-Chaser project brings together a consortium of dynamic French SMEs such as U-Space, WaltR, Everimpact, SPASCIA and QAIrbon, as well as the IRT Saint Exupéry technological research institute. Together, the partners will combine their expertise to accelerate the ecological transition while strengthening Europe’s technological sovereignty. In addition to the scientific advances it will deliver, Carb-Chaser will have a direct economic impact on key regions of the French space industry, including Occitania, Brittany and the PACA region (Provence-Alpes-Côte d’Azur).

As part of the ambitious France 2030 strategy, Carb-Chaser reflects France and Europe’s determination to become world leaders in carbon emissions monitoring. This pioneering program marks a decisive step forward in efforts to combat climate change and opens the way to new markets for space technologies.

About France 2030

Devised in consultation with local and European business and academic partners, France 2030 offers the country exceptional resources to meet the ecological, demographic, economic, industrial and social challenges of today’s changing world. This unprecedented plan for innovation and industry reflects a dual ambition. First, sustainably transform key sectors of our economy — such as energy, automotive, aerospace, digital and space — through innovation and industrial investment. And second, position France not just as a player, but as a leader in the economy of the future.

ABOUT THALES ALENIA SPACE
Drawing on over 40 years of experience and a unique combination of skills, expertise and cultures, Thales Alenia Space delivers cost-effective solutions for telecommunications, navigation, Earth observation, environmental management, exploration, science and orbital infrastructures. Governments and private industry alike count on Thales Alenia Space to design and build satellite-based systems that provide anytime, anywhere connections and positioning, monitor our planet, enhance management of its resources and explore our Solar System and beyond. Thales Alenia Space sees space as a new horizon, helping to build a better, more sustainable life on Earth. A joint venture between Thales (67%) and Leonardo (33%), Thales Alenia Space also teams up with Telespazio to form the parent companies’ Space Alliance, which offers a complete range of services. Thales Alenia Space posted consolidated revenues of approximately €2.2 billion in 2023 and has around 8,600 employees in 8 countries, with 16 sites in Europe.

/sites/default/files/database/assets/images/2022-10/New_Banner.jpg 27 Nov 2024 Thales Alenia Space Space to observe and protect Type Press release Structure Space Cannes, November 27, 2024 – Thales Alenia Space, the joint venture between Thales (67%) and Leonardo (33%), is pleased to unveil the Carb-Chaser project. This innovative program is based on a constellation of new-generation satellites specially designed to d... Hide from search engines Off Don’t overwrite with Prezly data Off Canonical url https://www.thalesaleniaspace.com/en/press-releases/thales-alenia-space-lead-carb-chaser-project-first-french-constellation-monitor

KuppingerCole

Feb 18, 2025: The Evolution of SOAR: Trends, Leaders, and the Path Forward

The Security Orchestration, Automation, and Response (SOAR) landscape is rapidly evolving as automation and AI reshape cybersecurity operations. With the growing complexity of threats, organizations face challenges in optimizing incident response and enhancing security efficiency. This webinar explores how cutting-edge SOAR solutions are redefining SecOps, enabling faster, smarter, and more effecti
The Security Orchestration, Automation, and Response (SOAR) landscape is rapidly evolving as automation and AI reshape cybersecurity operations. With the growing complexity of threats, organizations face challenges in optimizing incident response and enhancing security efficiency. This webinar explores how cutting-edge SOAR solutions are redefining SecOps, enabling faster, smarter, and more effective threat management.

Thales Group

IIT Madras and Thales unveil top 6 teams developing eco-friendly technology for Carbon Zero Challenge (CZC 4.0)

IIT Madras and Thales unveil top 6 teams developing eco-friendly technology for Carbon Zero Challenge (CZC 4.0) Language English piyush.prakash Wed, 11/27/2024 - 07:13 Thales’s CSR project “Carbon Zero Challenge 4.0” with IIT Madras sees six teams emerge on the top, These teams will receive a start-up seed funding of up to ₹10 lakh to develop their pr
IIT Madras and Thales unveil top 6 teams developing eco-friendly technology for Carbon Zero Challenge (CZC 4.0) Language English piyush.prakash Wed, 11/27/2024 - 07:13 Thales’s CSR project “Carbon Zero Challenge 4.0” with IIT Madras sees six teams emerge on the top, These teams will receive a start-up seed funding of up to ₹10 lakh to develop their prototypes further, They were selected from the initial 25 teams who embarked on a rigorous six-month journey to develop sustainable prototypes across various sectors, including energy, materials, agriculture, air, and water.

Indian Institute of Technology Madras (IIT Madras), in association with Thales, has announced the top six teams developing eco-friendly technology from the fourth cohort of the Carbon Zero Challenge (CZC 4.0), a nationwide contest to boost innovation in this sector. As part of Thales’s CSR and solidarity efforts in India, Thales supported this transformative eco-innovation and entrepreneurship challenge.

The top six teams will receive a start-up seed funding of up to ₹10 lakh. One other team has also been recognised with a ‘special mention’ for notable achievements. The CZC challenge aims to accelerate groundbreaking solutions to address climate change and foster sustainability. The third edition was supported by Thales and Aquamap (Centre for Water Management and Policy at IIT Madras) and reached out to over 1,600 students and researchers from 600 universities and 270 start-ups across India. In line with Thales’ Environmental, Social, and Governance (ESG) strategy, Thales supported the programme for a second consecutive year, for its fourth edition, showcasing its commitment to building a safer, greener, and more inclusive world.

The final teams were shortlisted from the initial list of 25 teams announced in April 2024. These teams embarked on a rigorous six-month journey to develop sustainable prototypes across various sectors, including energy, materials, agriculture, air, and water. These teams were mentored on business aspects by Sustainability Mafia, a leading community of climate entrepreneurs out of India. They were invited to IIT Madras to showcase their innovations at the CZC 4.0 Grand Expo, held from 26–28 October 2024. The CZC initiative encourages deep-technology and circular economy solutions to combat pressing environmental issues. To date, the CZC has supported around 100 prototypes.

 

“Thales is proud to have supported IIT Madras’ Carbon Zero Challenge, an initiative that not only stimulates transformative eco-innovation but also resonates closely with our vision of advancing sustainable solutions for the future. Our collaboration on CZC with IIT Madras has been to empower young innovators across India to address critical environmental challenges and pave the way for development of impactful, resource-efficient technologies, in line with our long-term commitment towards nurturing a cleaner, greener world. We congratulate all the participants and look forward to the continued progress of these exceptional teams in shaping a sustainable tomorrow”, said Mr. Ashish Saraf, VP and Country Director for India, Thales.

 

Prof. Indumathi Nambi, Coordinator, Carbon Zero Challenge Coordinator, IIT Madras, said “With a focus on fostering eco-startups addressing global challenges like climate change, pollution, and food security, CZC 4.0 attracted over 2,000 participants from 775 universities and 430 startups across India. Thirty startups have emerged from CZC’s previous cohorts, with another 35 advancing toward commercialisation. Participating teams received up to ₹500K in funding and mentorship to develop their prototypes.”
Prof. Indumathi Nambi added, “With the success of CZC 4.0, IIT Madras and its partners continue to push the boundaries of innovation, fostering a generation of startups ready to address some of the world’s most pressing environmental issues through sustainable technology.”

The top six teams and the team with special mention recognised for their contributions to sustainable technology are:

Gudlyf Mobility Pvt Ltd – H2ARWASTE: Developing hydrogen storage cylinders using agricultural waste. EESAN – CBG for Sustainability: Enabling cleaner bio-methane for homes and small businesses. Electropulse Innovations – Wastewater Treatment: Using high-voltage pulse generators for efficient wastewater management. Thaal Chemy Innovations Pvt Ltd – Sustainable Packaging: Producing nano-cellulose from agricultural residues. ReWinT – End-of-Life Turbine Blades: Transforming wind turbine blades using eco-friendly chemical and thermal processes. Chrissron Biomass Solutions – Plant-Based Resin: Manufacturing sustainable resin from plant waste.

Special Mention
Team YoTuh Energy was awarded a special mention for their groundbreaking electrified refrigeration technology for cold logistics vehicles, highlighting their rapid traction in investment and commercialisation.

The Photographs of the Top Six Teams with their Prototypes can be viewed here.

The Carbon Zero Challenge represents an unparalleled opportunity for the brightest minds to converge, channel their creativity, and contribute meaningfully towards shaping a sustainable future for our planet. Together, we can ignite the spirit of entrepreneurship, protect our environment, and move closer to achieving a carbon-neutral world.

 

About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies specialising in three business domains: Defence & Security, Aeronautics & Space and Cybersecurity & Digital identity.
It develops products and solutions that help make the world safer, greener and more inclusive.
The Group invests close to €4 billion a year in Research & Development, particularly in key innovation areas such as AI, cybersecurity, quantum technologies, cloud technologies and 6G.
Thales has close to 81,000 employees in 68 countries. In 2023, the Group generated sales of €18.4 billion. About Thales in India
Present in India since 1953, Thales is headquartered in Noida and has other operational offices and sites spread across Delhi, Bengaluru and Mumbai, among others. Over 2200 employees are working with Thales and its joint ventures in India. Since the beginning, Thales has been playing an essential role in India’s growth story by sharing its technologies and expertise in Defence, Aerospace and Cybersecurity & Digital Identity markets. Thales has two engineering competence centres in India - one in Noida focused on Cybersecurity & Digital Identity business, while the one in Bengaluru focuses on hardware, software and systems engineering capabilities for both the civil and defence sectors, serving global needs. About IIT Madras
Indian Institute of Technology Madras (IITM) was established in 1959 by the Government of India as an ‘Institute of National Importance.’ The activities of the Institute in various fields of Science and Technology are carried out in 18 academic departments and several advanced interdisciplinary research academic centres. The Institute offers undergraduate and postgraduate programmes leading to B.Tech., M.Sc., M.B.A., M.Tech., M.S., and Ph.D., degrees in a variety of specialisations. IITM is a residential institute with more than 600 faculty and 9,500 students. Students from 18 countries are enrolled here. IITM fosters an active entrepreneurial culture with strong curricular support and through the IITM Incubation Cell.
Recognized as an Institution of Eminence (IoE) in 2019, IITM has been ranked No.1 in the ‘Overall’ Category for the sixth consecutive year in India Ranking 2024 released by National Institutional Ranking Framework, Ministry of Education, Govt. of India. The Institute has also been ranked No.1 in the ‘Engineering Institutions’ category in the same Rankings for nine consecutive years – from 2016 to 2024. It was also adjudged as the ‘Top innovative Institution’ in the country in Atal Ranking of Institutions on Innovation Achievements (ARIIA) in 2019, 2020 and 2021. ARIIA Ranking was launched by the Innovation Cell of Ministry of Education.
Follow IIT Madras on FACEBOOK / TWITTER / LINKEDIN / INSTAGRAM / YOUTUBE     /sites/default/files/database/assets/images/2024-11/Top%20teams%20of%20IIT%20Madras%20CZC4.0.JPG Contacts Pawandeep KAUR, Thales, Communications in India 27 Nov 2024 India Corporate Responsibility India Type News Hide from search engines Off

Tuesday, 26. November 2024

KuppingerCole

Building Secure APIs with Standards like FAPI, OAuth2, and OpenID Connect

This Videocast episode explores the complexities and advancements in digital identity standards, focusing on FAPI, OAuth, and OpenID Connect. Martin Kuppinger and Joseph Heenan, CTO of Authlete, discuss the origins and purpose of FAPI, its adoption across various regions, and its significance in enhancing security and interoperability in financial services. They also highlight the role of Authlete

This Videocast episode explores the complexities and advancements in digital identity standards, focusing on FAPI, OAuth, and OpenID Connect. Martin Kuppinger and Joseph Heenan, CTO of Authlete, discuss the origins and purpose of FAPI, its adoption across various regions, and its significance in enhancing security and interoperability in financial services. They also highlight the role of Authlete in simplifying the implementation of these standards for developers and the emerging trends in decentralized identity and verifiable credentials. 




2024 PAM Market Insights & Vendor Analysis

Join us for a comprehensive webinar on the 2024 Leadership Compass for Privileged Access Management (PAM), where we’ll unpack the latest insights and vendor evaluations shaping the PAM landscape. Discover which vendors lead the market in innovation, product strength, and scalability, and explore emerging capabilities like Just-in-Time (JIT) access and Cloud Infrastructure Entitlement Management (C

Join us for a comprehensive webinar on the 2024 Leadership Compass for Privileged Access Management (PAM), where we’ll unpack the latest insights and vendor evaluations shaping the PAM landscape. Discover which vendors lead the market in innovation, product strength, and scalability, and explore emerging capabilities like Just-in-Time (JIT) access and Cloud Infrastructure Entitlement Management (CIEM). Gain a deeper understanding of how PAM solutions can secure critical assets across multi-cloud and on-premises environments and learn best practices for selecting a solution that aligns with your organization’s security and compliance needs.

Takeaways:

Key leaders in Privileged Access Management and what sets them apart How innovations like JIT access and CIEM are reshaping PAM Insights into market trends and emerging PAM solutions Essential capabilities buyers should consider in PAM tools Selecting the right PAM solution for scalability and future-proofing


liminal (was OWI)

The Age-Verified Internet: Strategies for Safer Online Experiences

The post The Age-Verified Internet: Strategies for Safer Online Experiences appeared first on Liminal.co.

Spruce Systems

Key Topics Shaping the Future of Digital Identity

Learn about some of the top topics the identity industry is abuzz with and our takeaways from the most recent Internet Identity Workshop.

Earlier this month, members of the SpruceID team attended the 39th installment of the Internet Identity Workshop, or IIW. The biannual conference is on the cusp of its third decade, and one reason we love it is that it still embodies the collaborative, grassroots spirit of its 2005 founding era. This ethos still guides the open, standards-based world of identity, making IIW an ideal place to check in on important developments and ideas.

Held at the Computer History Museum near Google’s campus in Mountain View, California, each installment of IIW begins with an iconic opening circle to introduce all attendees and solicit session proposals on the fly. This “unconference” structure means you never know quite what you’ll see at IIW until it starts – and input was on hand from every corner, from Microsoft and Google to solo entrepreneurs and the government administrators bringing the next wave of identity to life.

Over 3 days and 177 discussion sessions, the breadth of topics at IIW was huge, but a few key themes came into focus for us: Collaboration and convergence across groups of stakeholders; the new concept of “personhood credentials”; and the cryptographic innovation known as Zero Knowledge Proofs.

Personhood Credentials

SpruceID may be a bit biased, since Wayne Chang, SpruceID CEO was part of the team that rolled out the idea in a whitepaper earlier this year, but it was gratifying to see a lot of discussion of “personhood credentials” at IIW. Broadly, a personhood credential is a kind of verifiable digital credential that shows its holder is a natural person, without revealing other personal information. The broad goal is to help combat disinformation and spam online by making it easy to identify content posted by a real human.

Various breakouts delved into technical details of implementing personhood credentials and potential applications, such as in “know your customer” procedures for financial services. But the discussion also turned to deeper quandaries, including a challenge to the premise of the personhood credential: Why is the burden of proof on humans? One panel on “approved AI agents” explored how digital credentials could be used to identify autonomous agents online, sparking a lively debate about trust and accountability in the digital age.

Zero Knowledge Proofs

Finally, there was both a wealth of discussion and a significant piece of news about Zero Knowledge Proofs, a recent innovation in privacy-enhancing cryptography. ZKPs remain largely theoretical, but would make it possible to do something wildly interesting with digital information: prove the truth of a claim, without revealing the underlying details. For example, a ZKP-based digital credential could be presented at a bar to prove you’re old enough to buy a drink, without revealing your specific date of birth.

There were sessions presenting things like digital wallets built to handle ZKPs in verifiable credentials, and software libraries that will make the technology easier to implement. But probably most exciting was the announcement that Google is hard at work on building ZKPs that work on the mDoc credential standard, using existing hardware. The search giant announced that it plans to make their techniques open-source in early 2025, which could spark a flurry of further technical advances and even real-world implementations.

Collaboration in Overdrive

The most interesting part of IIW 39 may not have been a technical topic at all, but the powerful mixing and collaboration on display everywhere you looked. That’s particularly notable because attendees represented a cross-section of the identity world in every sense. Founders of the first IIW 20 years ago rubbed elbows with young engineers bringing those pioneers’ ideas to life.  Government staffers leading the charge on mobile drivers’ licenses shared their issues with vendors building the tools they need. 

Perhaps most importantly, representatives of key standards came together to share insights and reconcile approaches. Teams developing mDocs/mDL, OpenID, European identity groups, the Open Wallets Foundation, and the Decentralized Identity Foundation kibitzed and compared notes with an eye towards getting these systems to work together better. With everyone in the same room, there were significant breakthroughs in finding shared solutions to sticky problems.

With digital identity gaining real-world traction in recent years, it's exciting to see the spectrum for digital credentials shifting from being discussions of theory, to competing standards, to now who wins/how we all win by moving into the marketplace of implementation.

From Theory to Practice

This new work on ZKPs embodies perhaps the single overarching theme of IIW 39: a lot of things that the identity world has spent years talking about and refining are now actually becoming reality. For example, we saw intense interest in our work on California’s mobile driver’s license (though again, we’re biased) and discussion of strong privacy requirements that would be considered for Utah’s state digital ID. Utah appears to be truly committed to protecting the privacy of users, a gratifying payoff to decades of commitment to safety-centric design in digital ID.

The passage from ideas to reality even capped off this year’s IIW: many attendees went from Mountain View straight to Sacramento, where the California DMV was hosting an mDL hackathon. After days focused on aligning the principles and architecture of digital identity, developers were able to get their hands dirty building real-world tools and exploring ways digital identity can fulfill its promise of better security, privacy, and trust in the digital age.

Turning Conversations into Solutions

Wrapping up these recent discussions, we're energized by the progress and collaboration happening in the world of digital identity. The transition from theory to implementation is becoming more tangible, with advancements like personhood credentials and Zero-Knowledge Proofs paving the way for privacy-first solutions. As we continue to tackle challenges and refine standards, we’re excited to contribute to a future where secure, user-controlled digital interactions are the norm.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.


Elliptic

Crypto regulatory affairs: UK Government to progress regulatory updates for stablecoins and crypto from early 2025

The United Kingdom is planning to consult with the private sector on a planned regulatory framework for stablecoins, along with other crypto-related regulatory updates, from early 2025. 

The United Kingdom is planning to consult with the private sector on a planned regulatory framework for stablecoins, along with other crypto-related regulatory updates, from early 2025. 


Dock

Dock and Youverse Partner to Advance Private and Secure Biometric Authentication

We’re excited to announce our partnership with Youverse, a pioneer in privacy-preserving biometric solutions. Youverse is redefining biometric authentication with its innovative, decentralized, and zero-knowledge architecture. Unlike traditional centralized databases, Youverse’s approach eliminates the risks associated with storing sensitive biometric data in a single location.

We’re excited to announce our partnership with Youverse, a pioneer in privacy-preserving biometric solutions.

Youverse is redefining biometric authentication with its innovative, decentralized, and zero-knowledge architecture. Unlike traditional centralized databases, Youverse’s approach eliminates the risks associated with storing sensitive biometric data in a single location. Their cutting-edge technology, independently certified as top-tier for accuracy by international benchmarks, ensures unmatched levels of privacy, accuracy, and trust. Using multi-party computation, biometrics are securely distributed across nodes and only reconstructed on the user’s device, enhancing both security and convenience.

Through this partnership, Youverse will leverage Dock’s verifiable credential capabilities to empower relying parties within closed ecosystems to securely verify consumer data, ensuring that sensitive information remains under the sole control of its rightful owner. Any ecosystem participants using Dock will now be able to verify credential data that is biometrically bound to an individual’s unique biometric while never exposing biometric information which is securely owned by the user’s device.

Together, Dock and Youverse are setting a new standard for secure, private, and user-controlled biometric authentication. 

Stay tuned as we work to revolutionize identity verification with our combined technologies.


KuppingerCole

Jan 15, 2025: Synthetic Data Market Analysis and Analyst Insights

Join us for a webinar on KuppingerCole’s latest Leadership Compass report on Synthetic Data. Discover how synthetic data is revolutionizing data security by mitigating risks associated with real data usage. We'll explore the leading capabilities in this space, examine innovative approaches, and discuss how synthetic data is being applied across industries to enhance machine learning models, ensure
Join us for a webinar on KuppingerCole’s latest Leadership Compass report on Synthetic Data. Discover how synthetic data is revolutionizing data security by mitigating risks associated with real data usage. We'll explore the leading capabilities in this space, examine innovative approaches, and discuss how synthetic data is being applied across industries to enhance machine learning models, ensure compliance, and protect sensitive information.

Aergo

Blocko, Aergo’s Key Technical Partner, Earns Top Tech Rating: Advancing Enterprise Blockchain…

Blocko, Aergo’s Key Technical Partner, Earns Top Tech Rating: Advancing Enterprise Blockchain Innovation We’re thrilled to share that Blocko, Aergo’s trusted technical partner, has achieved a TI-3 rating in Korea Evaluation Data’s(KoDATA) Tech Credit Bureau(TCB) assessment. This recognition highlights Blocko’s solid technical foundation, business potential, and innovative capabilities. The TCB r
Blocko, Aergo’s Key Technical Partner, Earns Top Tech Rating: Advancing Enterprise Blockchain Innovation

We’re thrilled to share that Blocko, Aergo’s trusted technical partner, has achieved a TI-3 rating in Korea Evaluation Data’s(KoDATA) Tech Credit Bureau(TCB) assessment. This recognition highlights Blocko’s solid technical foundation, business potential, and innovative capabilities.

The TCB rating system, designed to evaluate a company’s technology, market potential, and scalability, ranks from TI-1 to TI-10. Achieving a TI-3 rating positions Blocko within the top tier of innovative enterprises. This rating also qualifies Blocko for KOSDAQ — the secondary trading board of the Korea Exchange — under its tech-specialized listing program.

Driving Innovation with Advanced Enterprise Manager (AEM)

Blocko’s Advanced Enterprise Manager(AEM), which provides real-time infrastructure monitoring, seamless node operations, chain-specific permissions, and administrative features, has been a game-changer for blockchain infrastructure management. The capabilities make blockchain deployment and management significantly more accessible and efficient, allowing enterprises to focus on building value rather than navigating technical complexities.

A Shared Vision for the Future

Blocko has been a foundational partner for Aergo since the platform’s beginning, working hand-in-hand to develop and deploy enterprise blockchain solutions. This partnership allows Aergo to focus on its mission of delivering enterprise-grade blockchain networks and related solutions while leveraging Blocko’s technical expertise in infrastructure and node management.

This milestone is just the beginning. As Blocko continues to grow, Aergo remains committed to supporting its technical partner and expanding the impact of our blockchain platform. By combining Aergo’s vision with Blocko’s technical expertise, we are creating an ecosystem that drives meaningful transformation in the blockchain space.

Blocko, Aergo’s Key Technical Partner, Earns Top Tech Rating: Advancing Enterprise Blockchain… was originally published in Aergo blog on Medium, where people are continuing the conversation by highlighting and responding to this story.


Aergo Network Voting Rewards and What’s Next

Since its launch, the Aergo Network Voting Reward program has been a cornerstone of our efforts to engage and reward the community and network participants. Designed to foster participation in staking and governance, the program has grown stronger with each passing year, thanks to the dedication of our users. A Quick Recap of the Program’s Journey: 2019–2020: Launch of the first staking&nb

Since its launch, the Aergo Network Voting Reward program has been a cornerstone of our efforts to engage and reward the community and network participants. Designed to foster participation in staking and governance, the program has grown stronger with each passing year, thanks to the dedication of our users.

A Quick Recap of the Program’s Journey: 2019–2020: Launch of the first staking rewards 2020–2021: Continuation of the program 2021–2022: The third phase upheld previous terms 2022–2023: Extension of rewards 2024: Community vote to determine the next phase of rewards [AIP-18] What’s Next?

The voting for the next phase of the Aergo Network Voting Reward program has officially begun! We remain committed to fostering a network built on collaboration and engagement. You directly steer the next chapter of Aergo’s growth by casting your vote.

Get involved today and make your voice heard!

The vote begins 2024–12–02 at 08:00 UTC and ends 2024–12–04 at 07:59 UTC.

Vote now:

Aergo Voting

Aergo Network Voting Rewards and What’s Next was originally published in Aergo blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Monday, 25. November 2024

KuppingerCole

Overcoming Stress and Building Resilience in a High-Stakes Environment

In this webinar on Mental Health in Cybersecurity, we'll explore the unique challenges faced by professionals in this high-stakes field. As cyber threats continue to evolve and intensify, so does the pressure on those tasked with defending against them. This constant state of vigilance, coupled with the potential catastrophic consequences of a breach, creates an environment ripe for stress, burnou

In this webinar on Mental Health in Cybersecurity, we'll explore the unique challenges faced by professionals in this high-stakes field. As cyber threats continue to evolve and intensify, so does the pressure on those tasked with defending against them. This constant state of vigilance, coupled with the potential catastrophic consequences of a breach, creates an environment ripe for stress, burnout, and other mental health issues.

In this session, we'll look at specific factors that make cybersecurity particularly susceptible to mental health challenges, from the relentless pace of technological change to the weight of responsibility in protecting sensitive data. We'll also discuss practical strategies for individuals and organizations to promote mental wellness in the cybersecurity workplace, drawing on insights from industry experts and the latest research in occupational psychology.




IDnow

5 takeaways from the ‘Why you’re doing remote onboarding wrong’ webinar.

A simple compliance requirement that needs to be completed asap or the most important part of the customer journey? Industry experts have their say. The customer onboarding stage is arguably the most important touch point between a bank and its customer. Unfortunately, it’s also the part that a lot of banks are doing wrong, which […]
A simple compliance requirement that needs to be completed asap or the most important part of the customer journey? Industry experts have their say.

The customer onboarding stage is arguably the most important touch point between a bank and its customer. Unfortunately, it’s also the part that a lot of banks are doing wrong, which can lead to compliance fines, fraud attacks and loss of reputation and revenue. 

To discuss how to create an optimal onboarding experience that can both fight fraud and improve user experience, we partnered with Transform Finance to organize the ‘Why you’re doing remote onboarding wrong’ webinar. 

Moderated by our very own Head of Product Marketing and Customer Communications, Ellie Burns, the webinar featured insights from Anna Stylianou, Founder of AML Cube and Bertram Storr-Paulsen, Head of KYC Services LC&I Denmark, Nordea. 

Now available on-demand, the hour-long webinar covers a variety of topics, from how to meet regulatory compliance requirements and secure your onboarding process to how to build a trustworthy and convenient user experience. 

Missed the webinar? Here’s our five key takeaways!

Why you’re doing remote onboarding wrong Are you doing onboarding wrong? Our eclectic mixture of panelists challenge conventional methods and reveal innovative ways to balance fraud prevention with user convenience. Watch now 1. Relationships with regulators need to improve.

“We’re not even halfway there,” appeared to be the general feeling during the webinar. However, according to participants, there are signs that the relationship between banks and regulators is trending in the right direction.  

For example, the Anti-Money Laundering Authority in Frankfurt (AMLA) is likely to make a significant impact, offering a more unilateral and consistent regulatory perspective. Having an open environment where banks can discuss what is failing; what is working well; and how learnings can be exchanged will only improve the relationship between banks and regulators regarding anti-money laundering and other fraud risks.

2. Change is inevitable. Is your culture ready to adapt accordingly?

As one of the biggest challenges of entering new markets is complying with different regulations and requirements, banks need to have a culture that is willing to innovate quickly and adapt accordingly. 

Onboarding customers the old way – via traditional Know Your Customer (KYC) processes like photocopying and stamping documents – is no longer acceptable; banks need to embrace new identity verification methods and onboarding procedures to fight fraud and cut costs in the modern age. 

For some reason, in financial services, compliance and fraud are always treated separately, with separate teams etc, but they’re actually inextricably linked, especially during the onboarding stage.  

Head of Product Marketing and Customer Communications, Ellie Burns

“So, how can banks ensure compliance teams and fraud teams are collaborating to make processes and onboarding flows as secure, trusted and seamless as possible for the customer?” asked Ellie.

3. The importance of balancing fraud and compliance.

Balancing effective fraud prevention with an onboarding process that works for all, regardless of risk level, is no easy task. The reality is that some customers are just not tech savvy or literate enough to use certain solutions, so banks need to be prepared to still ‘handhold’ the more vulnerable customers and offer more traditional onboarding options too. 

However, it’s also important to remember that when doing so, banks need to be prepared for the repercussions of these ‘old-fashioned’ approaches, such as increased fraud. 

 Communication is key, especially between different departments with different goals. However, despite appearances, there are many common goals that should demand alignment between compliance teams and fraud teams. As such, these departments need to work together to find solutions that are both compliant and prevent fraud. It should never be an either/ or.

4. Technology has a major part to play. But so too do humans!

There is no such thing as the ‘perfect onboarding solution’, not only due to different regulatory requirements but also customer preferences. Even across the European region there are different approaches to customer onboarding. For example, in the UK there are data checks and document checks, while in Germany, there is video verification and of course eID.  It’s also worth bearing in mind that as people tend to be multi-bankers, they’re often faced with multiple ‘perfect solutions’ following different standards and steps. Plus, of course, what is perfect for one person may not be for another. 

While a lot of solutions focus on things like multi-factor authentication to make onboarding smoother, faster and more automated, there are other solutions that use live facial detection, which requires in-person assistance and face-to-face interaction.  

Webinar participants agreed that there is still a danger in relying too heavily on fully automated processes as artificial intelligence is still not to be 100% trusted yet, especially with social engineering like APP scams. The value that video verification can provide should not be underestimated.

5. Is fraud prevention just a game of Whac-A-Mole?

Of course, the aim of banks is to stop fraud dead in its tracks – but the reality is that fraud is a constant, never-ending game of cat and mouse, with fraudsters evolving and developing ever-sophisticated attacks to penetrate defenses and vulnerabilities. So, if the banks can’t stop 100% of fraud, then the aim of the game is to make it as difficult as possible 

So, how exactly can banks make it difficult for fraudsters? As bad actors often work around the clock using increasingly sophisticated fraud attacks, it can be difficult for banks to fight back. As such, there needs to be a more connected approach where banks are incentivized and feel willing to share information and learnings with one another. A multi-layered approach to fraud prevention is necessary as fraudsters work in a similar way!

Check out other webinar wrap-ups, like ‘5 takeaways from the ‘Sign of the times: The digital signature revolution’ webinar.’

By

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn


Indicio

AI, Chat, Decentralized Identity, and Digital Travel

The post AI, Chat, Decentralized Identity, and Digital Travel appeared first on Indicio.

KuppingerCole

KELA Cyber Threat Intelligence Platform

by Alexei Balaganski KELA Cyber Threat Intelligence Platform scans the environments where cybercriminal activities are most prevalent for intelligence that helps defend against emerging threats, leveraging both automation and expert analysis. The modular platform offers extensive capabilities — such as attack surface management and identity protection — without requiring changes to internal system

by Alexei Balaganski

KELA Cyber Threat Intelligence Platform scans the environments where cybercriminal activities are most prevalent for intelligence that helps defend against emerging threats, leveraging both automation and expert analysis. The modular platform offers extensive capabilities — such as attack surface management and identity protection — without requiring changes to internal systems, making it especially suitable for large enterprise customers in regulated industries.

Spherical Cow Consulting

Every Company is an IAM Company

This post advocates for joining IDPro®, a professional association focused on digital identity management. It emphasizes that all organizations with a digital presence are, in essence, technology companies managing complex identity-related systems. IDPro provides crucial resources, including a vendor-neutral Body of Knowledge, CIDPRO® certification, and a vibrant community for practitioners to sha

Full disclosure: this post is all about encouraging you to become a member of IDPro®. They didn’t ask me to write it, but they’re a client, and I’ve been a fan long before we started working together.

If your company has a digital presence, at some level, you’re a technology company. That might not seem obvious if you’re running a retail chain or a healthcare clinic, but it’s true. The systems that underpin your operations—whether they’re managing customer logins, ensuring secure employee access, or verifying partner identities—are deeply rooted in the principles of digital identity.

And yet, for many organizations, the people working on these systems may not even realize they’re part of a larger field called “identity management.” They’re solving complex problems in access control, authentication, and identity proofing—often in isolation, without the benefit of shared best practices or peer guidance. That inefficiency? It makes me sad—especially because there’s a better way.

That’s where professional organizations like IDPro come in. I’ve been an IDPro member since long before I started contracting with them, and their value to practitioners and companies alike is impressive.

Why IDPro?

What is IDPro? It’s a professional association dedicated to fostering ethics and excellence in digital identity management. It provides tools, resources, and a vibrant community for anyone working in this space, whether they’re seasoned veterans or just discovering that identity is part of their job.

IDPro offers a lot:

1. A Vendor-Neutral Body of Knowledge

IDPro’s freely available Body of Knowledge (BoK) is a Big Deal. It’s a Creative Commons-licensed, vendor-neutral resource designed to help identity practitioners level up their expertise. Whether you’re trying to understand the basics of multi-factor authentication or grappling with complex federation protocols, the BoK offers practical, accessible guidance. I helped design the publication process, ensuring the BoK includes only the best, peer-reviewed material in the field.

2. CIDPRO® Certification

For companies that want to invest in their staff’s professional development, the CIDPRO certification is an excellent foundation-level credential. It’s built by practitioners, for practitioners, and is designed to validate a broad understanding of identity management concepts. Certified employees bring enhanced credibility and capability to their organizations. There are great resources on the website that walks you through what the exam is like and the material it covers. You can even sign up to take a test exam!

3. A Thriving Community

IDPro’s member-only virtual discussions are some of the most valuable professional conversations I’ve had. The organization fosters a community where identity practitioners can exchange ideas, troubleshoot challenges, and share best practices in a thoughtful and respectful environment. This sense of connection is invaluable, especially in a field as fast-changing and complex as identity management. From authentication and IGA to identipets (because what’s a community without pet photos?), the channels are where some of the best identity conversations—and laughs—happen.

4. Advocacy and Networking

IDPro isn’t just about individual growth—it’s about lifting the entire field of identity management. From advocating for the industry with policymakers to hosting facilitated gatherings at major conferences like Identiverse, IDPro helps promote the conversation around identity while providing meaningful networking opportunities. Whether it’s a hallway chat at a conference or a casual meetup at the pub, the networking opportunities here are second to none.

Why Companies Should Care

When companies invest in organizations like IDPro, they’re not just supporting their employees—they’re ensuring their own success. Digital identity is foundational to security, compliance, and customer trust. By giving your teams access to IDPro’s resources, certification programs, and community, you’re equipping them to solve identity challenges more effectively. Go, team!

And let’s not forget: investing in professional development helps attract and retain top talent. Identity professionals who feel supported and connected are more likely to stay with your organization and bring their best to the table.

A Call to Action

If you’re reading this and wondering if IDPro membership is right for your organization, of COURSE it is. I would go so far as to say that if you’re not ready to dive into the deep end of standards development, this is a great way to start engaging with the smartest people in the identity world. Every company with a digital presence has a stake in the future of identity management; IDPro is the best partner I can imagine to help you navigate that future. Membership offers value at every level, from individual practitioners to corporate teams.

Seriously, get your company an IDPro membership—you won’t regret it. And when you do, tell the team at membership@idpro.org that I sent you!

The post Every Company is an IAM Company appeared first on Spherical Cow Consulting.

Sunday, 24. November 2024

KuppingerCole

Beyond the Firewall: Proactive Cybersecurity with CTI and ASM

Join Matthias Reinwarth and Alexei Balaganski as they dive into the changing world of cybersecurity. In this episode, they talk about Cyber Threat Intelligence (CTI) and Attack Surface Management (ASM), exploring how security is moving from old-school models to more proactive, real-time threat detection. They also discuss how AI is shaking things up in cybersecurity and why understanding the dark

Join Matthias Reinwarth and Alexei Balaganski as they dive into the changing world of cybersecurity. In this episode, they talk about Cyber Threat Intelligence (CTI) and Attack Surface Management (ASM), exploring how security is moving from old-school models to more proactive, real-time threat detection. They also discuss how AI is shaking things up in cybersecurity and why understanding the dark web is more important than ever. The takeaway? Organizations need to tap into expert CTI and ASM services to stay ahead of today’s complex cyber threats.



Friday, 22. November 2024

Anonym

Anonyome Wins Prestigious SuperNova Award for Digital Wallet that Will Transform Agriculture

A digital wallet co-developed by Anonyome Labs and Indico which will transform trusted data sharing in the agriculture industry has won a prestigious Constellation Research SuperNova Award. The Trust Alliance New Zealand (TANZ) Digital Farm Wallet took out the award in the “Digital Safety, Governance, Privacy, and Cybersecurity” category of the long-running awards program which […] The post Anon

A digital wallet co-developed by Anonyome Labs and Indico which will transform trusted data sharing in the agriculture industry has won a prestigious Constellation Research SuperNova Award.

The Trust Alliance New Zealand (TANZ) Digital Farm Wallet took out the award in the “Digital Safety, Governance, Privacy, and Cybersecurity” category of the long-running awards program which recognizes disruptive and transformative solutions for end users.

TANZ’s Digital Farm Wallet uses verifiable credentials to create a secure data-sharing ecosystem in which farmers, growers, and other parties in the value chain (such as food producers, processors, retailers and exporters) can easily capture and share data across the sector while keeping it secure, protected and controllable.

The wallet allows farmers to securely hold critical data for their farms, such as their farm ID, greenhouse gas emissions, and farm boundaries, and share it directly and securely with reliant parties. Using the wallet eliminates the need for large third party databases and repetitive and time-consuming manual information sharing and prevents farmers’ data from being shared without their consent and to the detriment of their business. 

In fact, the TANZ Digital Farm Wallet is set to transform New Zealand’s agriculture industry. The project trial proved that directly sharing authenticated information between farmers and distributors in a secure, privacy-preserving way has significant cost benefits. Farmers in the trial spent less time filling out forms and managing data and more time farming. Going forward, the data-sharing ecosystem will also achieve a more streamlined, transparent supply chain, in which farmers can prove their promises about their produce (such as organic status) and consumers can verify the claims for themselves at the time of purchase.

Learn more about verifiable credentials (also called reusable credentials).

TANZ says the Digital Farm Wallet has already won buy-in from important players in the industry, including banks, regional councils, and meat packagers.

The TANZ Digital Farm Wallet project was prompted by the recognition that trusted data sharing is vital to maintaining and growing New Zealand’s primary sector. It is an excellent case study for the agriculture sectors of other countries and for other industries that rely on trusted data sharing. Discover 17 Industries with Viable Use Cases for Decentralized Identity.

Anonyme Labs’ Chief Technology Officer, Dr Paul Ashley, says the company is proud to be leading the way with the increasingly popular decentralized identity technology of verifiable credentials: “This project has shown that replacing legacy paper-based documents and processing with a solution based on digital verifiable credentials increases trust, reduces costs, and opens new avenues for participants to interact in a secure and privacy preserving way.” If you would like to learn more about the TANZ Digital Farm Wallet or discuss your own needs for a digital wallet solution, we’d love to talk to you. Contact us today and head to our web site for a live demo video of what we offer.

The post Anonyome Wins Prestigious SuperNova Award for Digital Wallet that Will Transform Agriculture appeared first on Anonyome Labs.


liminal (was OWI)

Industry Highlights – Week of November 18

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage. Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments. Here are the main industry […] The post Industry Highlights – W

Liminal members enjoy the exclusive benefit of receiving daily morning briefs directly in their inboxes, ensuring they stay ahead of the curve with the latest industry developments for a significant competitive advantage.

Looking for product or company-specific news? Log in or sign-up to Link for more detailed news and developments.

Here are the main industry highlights of this week.

🪄Innovation and New Technology Developments

Maryland Launches Mobile ID App for Secure Age Verification and Digital ID Adoption

Maryland has launched the Mobile ID Check by MD app, allowing businesses to verify mobile driver’s licenses (mDLs) and digital IDs for age verification without extra hardware. Compliant with ISO/IEC standards, the app promotes secure data sharing and supports Maryland’s mDL initiatives that started in 2018. Businesses, including those at BWI Airport, are using the app for alcohol age checks. Collaborations with organizations like the TSA and DHS position Maryland as a leader in mDL standards and infrastructure, including the Digital Trust Service for efficient authentication. (Source)

China Launches Biometric Fast Lanes for Seamless Travel in Greater Bay Area

China is testing document-free fast lanes at Shenzhen Bay Port and Gongbei Port for travelers between Mainland China, Hong Kong, and Macao, using facial and fingerprint biometrics for verification. Eligible users include Mainland Chinese residents aged 14 and older with valid multi-entry visas and residents of Hong Kong and Macao with Mainland travel permits. While the system aims to streamline border crossings, travelers must still carry physical documents. This initiative supports the Greater Bay Area strategy to enhance regional connectivity and follows similar biometric advancements in Myanmar, Malaysia, and Indonesia. (Source)

New Zealand Launches Digital Identity Framework for Secure, User-Controlled Data Sharing

The New Zealand government has finalized its Digital Identity Services Trust Framework, promoting secure and privacy-focused digital identity services. It emphasizes user control over personal information, requiring consent for data sharing and ensuring data encryption in accredited digital wallets. The framework offers secure digital options like a digital driving license and bank ID, allowing citizens to choose what information to share. While accreditation for providers is voluntary, the framework aims to enhance confidence in safe and user-friendly digital identity systems. (Source)

Moldova to Launch EU-Compliant Biometric ID Card for Seamless Digital and Cross-Border Services

Moldova has approved a biometric ID card set to launch on March 31, 2025, pending parliamentary approval. It aligns with EU standards and will facilitate access to public services and digital authentication without in-person visits. The card includes a chip with facial and fingerprint data but does not include domicile details. Moldovans abroad will also have remote access to digital services. Citizens aged 14 and above must carry the new ID, supporting Moldova’s integration into the EU’s Digital Identity Wallet framework. (Source)

💰 Investments and Partnerships

Silverfort Acquires Rezonate to Launch Unified Identity Security Platform

Silverfort has acquired Rezonate (acquired by Silverfort) to create a unified identity security platform that integrates Rezonate’s cloud capabilities with Silverfort’s solutions for protecting both human and non-human identities across on-premises and cloud environments. This platform aims to eliminate identity security silos, providing comprehensive visibility and real-time controls, while addressing identity security aspects like ITDR, ISPM, and entitlement management. Fueled by a $116M Series D funding and rapid customer acquisition, Silverfort aims to enhance operational efficiency and strengthen security, protecting all identities and assets, including legacy systems, from a single platform. (Source)

Hopae Secures $6.5M to Expand Blockchain-Based Digital Identity Solutions in U.S. and Europe

Hopae, a digital identity company, has secured $6.5 million to expand into the U.S. and Europe, focusing on compliance with international regulations like the EU’s eIDAS 2.0. Utilizing its patented Digital Credential eXpress (DCX) architecture, the company leverages blockchain for secure and scalable digital identity solutions. Founded by developers of Korea’s national DID system, Pae aims to enhance government and private sector verification by streamlining digital credential issuance, verification, and revocation. (Source)

Cyera Raises $300M Series D, Valued at $3B, to Advance AI-Driven Data Security Platform

Cyera, a data security platform provider, has raised $300 million in Series D funding, increasing its valuation to $3 billion and total funding to $760 million since its 2021 founding. Led by Accel and Sapphire Ventures, the funding will support growth, including the recent $162 million acquisition of Trail Security to enhance its Data Security Posture Management capabilities. (Source)

Nuvei Goes Private in $3 Billion Acquisition Led by Advent International to Drive Global Growth

Nuvei has been acquired by Neon Maple Purchaser Inc., formed by Advent International, for $34.00 per share. This acquisition makes Nuvei a private company, with ownership stakes of approximately 46% by Advent, 24% by Philip Fayer, 18% by Novacap, and 12% by CDPQ. Philip Fayer, Nuvei’s Founder and CEO, remains a major shareholder after rolling over 95% of his shares. Following the acquisition, Nuvei’s shares will be delisted from the Toronto Stock Exchange and Nasdaq, and the company will deregister its shares under U.S. and Canadian securities laws, focusing on global growth through investments and acquisitions. (Source)

Bitsight Acquires Cybersixgill for $115M to Bolster Dark Web Threat Intelligence and Cyber Risk Management

Bitsight, a cybersecurity firm specializing in cyber risk management, has acquired Cybersixgill, a dark web threat intelligence provider, for $115 million. This acquisition aims to enhance Bitsight’s capabilities in assessing cyber risks by leveraging Cybersixgill’s expertise in analyzing dark web activities. Based in Israel, Cybersixgill monitors invite-only messaging groups and other platforms for emerging threats. Bitsight plans to integrate Cybersixgill’s technology and team to further develop its AI-driven cybersecurity products. (Source)

Thales Targets €25B Revenue by 2028 with Defense and Cybersecurity Growth Amid Market Challenges

Thales, Europe’s largest defense technology company, aims for 5%-7% annual revenue growth, targeting €25 billion by 2028, driven by rising global defense spending and cybersecurity demand. CEO Patrice Caine emphasized opportunities from increased defense investments and premium services for critical sectors, supported by acquisitions like Gemalto and Imperva. The company seeks to raise operating margins to 13%-14% by 2028, focusing on high-margin products. While analysts anticipated stronger growth, Thales prioritizes long-term demand for technologies like fighter radars over short-term spikes. Challenges in Europe’s satellite market persist, but talks with Airbus and Leonardo may offer solutions. (Source)

UltraPass Partners with Philippine DOTr to Pilot Biometric Identity Verification in Airports

Ultrapass Identity Corp, a US digital identity company, is partnering with the Philippine Department of Transportation (DOTr) to pilot a biometric identity verification solution at airports. This initiative aims to enhance security, streamline passenger processing, and improve the travel experience. The program aligns with international aviation standards, reduces wait times, and ensures data privacy. Originating from a US-Philippines trade mission, this collaboration supports regional connectivity and highlights the role of US technology in ASEAN’s digital transformation while respecting national data sovereignty. (Source)

⚖️ Policy and Regulatory

DOJ Pushes for Google Chrome Sale in Landmark Antitrust Battle

U.S. Department of Justice Office of the Inspector General (DOJ) is pushing for a federal judge to require the sale of Google’s Chrome browser as part of its antitrust case against the company. The DOJ argues that Google’s deals with phone makers like Apple to secure default search positions and the integration of Chrome with its search engine maintain its illegal monopoly in online search, which constitutes 90% of global searches. The agency also wants court oversight of Google’s Android division or its divestiture, and for websites to have the option to opt out of contributing data to Google’s AI models. Google argues that these proposals would hinder innovation and harm consumers. A court decision is expected in 2025 after a hearing in April. (Source)

Finastra Investigates Data Breach of Secure File Transfer Platform, Impacting Global Banks

Finastra, a London-based financial software provider for global banks, is investigating a data breach involving its Secure File Transfer Platform (SFTP). The breach, disclosed on November 8, resulted in the exfiltration of data, with a hacker claiming to have obtained 400GB of client files and documents, reportedly from IBM Aspera. Finastra has not confirmed the number of affected customers or the specific data types, and initial investigations suggest the breach may stem from compromised credentials. The company is working to identify impacted customers and assess the breach’s extent and cause. (Source)

US Charges Hackers in Global Cybercrime Spree Targeting Tech and Crypto Firms

The U.S. Department of Justice has charged five individuals, including one arrested in Spain, for a multi-year hacking spree targeting tech companies, cryptocurrency platforms, and telecommunications providers. The accused, linked to groups 0ktapus and Scattered Spider, allegedly used phishing, SIM swapping, and fake Okta portals to steal credentials and cryptocurrency worth millions. Victims included organizations in entertainment and virtual currency, with one losing $6.3 million. Prosecutors describe the group as a financially motivated network employing advanced social engineering tactics to breach at least 45 companies worldwide. Additional suspects are yet to be identified. (Source)

New NIST Drafts Aim to Strengthen Federal Identity Verification with Enhanced Security and Interoperability Standards

NIST has released final drafts of SP 800-157 and SP 800-217 to enhance identity verification for federal agencies. SP 800-157 expands the use of Derived PIV Credentials beyond mobile devices, introducing phishing-resistant multi-factor authentication. SP 800-217 outlines requirements for federating PIV credentials between agencies, focusing on protocols and trust agreements. Both documents aim to improve security and standardization in digital identity management. Public feedback is welcomed until January 10, 2025. (Source)

DocuSign Phishing Surge Exploits Trust in Regulatory Communications, Highlighting Gaps in Verification Security

Researchers report a 98% increase in phishing attacks since November 8, primarily targeting businesses through Docusign impersonations. These scams exploit trust by mimicking legitimate agencies like the Department of Health and Human Services, sending urgent, fraudulent requests via authentic-looking DocuSign templates. Victims are pressured to respond quickly, with attacks using accurate terminology to evade security. This situation highlights the need for stronger verification protocols and staff training to reduce risks, as businesses face both immediate financial losses and long-term disruptions. Robust validation processes for sensitive communications are essential. (Source)

Vietnam Enforces Stricter Social Media Rules with Mandatory Identity Verification, Raising Privacy Concerns

The Vietnamese government will implement stricter social media regulations starting December 25, 2024, requiring user identity verification via registered phone numbers. All users, including those on international platforms, must authenticate their identities to post or share content. Parents must register accounts for children under 16 and monitor their online activity. Platforms are obligated to remove illegal content, and companies must comply with user data requests from authorities. Critics voice concerns about privacy, government overreach, and accessibility for those in remote areas with limited telecommunications. (Source)

Roblox Strengthens Parental Controls and Safety Measures Amid Child Protection Scrutiny

Roblox has introduced new parental controls and content safeguards amid concerns about child safety, following allegations that it prioritizes growth over user protection. Parents can now manage daily usage limits, block game genres, and access ratings for games. Users under 13 will be unable to text chat outside of games, in addition to an existing voice chat ban. Roblox claims these features were planned before the Hindenburg report and denies any inflated user metrics. The company has faced criticism from child advocacy groups and regulatory challenges, including a ban in Turkey for alleged child exploitation content. These updates reflect a wider industry trend toward stronger protections for minors. As of September, Roblox reported 88.9 million daily active users, with 40% under 13. (Source)

T-Mobile Targeted in Alleged Chinese Cyberattack on Wiretap Systems Amid Espionage Concerns

T-Mobile has reportedly been targeted in a cyberattack linked to the Chinese state-sponsored hacking group Salt Typhoon, as part of a broader campaign against U.S. and international telecom companies. The focus was on wiretap systems used for government access to customer data. T-Mobile stated that its systems and customer data remain secure, but it did not confirm its ability to fully assess potential breaches. The FBI and CISA have warned of ongoing Chinese cyber espionage efforts targeting sensitive communications. This incident is the ninth known cyberattack on T-Mobile in recent years, following a 2023 breach that exposed the personal information of 37 million customers. (Source)

The post Industry Highlights – Week of November 18 appeared first on Liminal.co.


HYPR

How to Prevent Evilginx Attacks Targeting Entra ID

Attackers continually refine their methods to compromise user identities and gain unauthorized access to sensitive systems. One particularly insidious threat is Evilginx, a phishing framework designed to bypass traditional multi-factor authentication (MFA) by operating as an adversary-in-the-middle (AitM) — sometimes known as man-in-the-middle (MitM) — proxy. Evilginx intercepts and man

Attackers continually refine their methods to compromise user identities and gain unauthorized access to sensitive systems. One particularly insidious threat is Evilginx, a phishing framework designed to bypass traditional multi-factor authentication (MFA) by operating as an adversary-in-the-middle (AitM) — sometimes known as man-in-the-middle (MitM) — proxy. Evilginx intercepts and manipulates communication between users and legitimate sites, enabling attackers to steal credentials, session cookies, and other sensitive data. It’s a favorite tool of threat groups such as the Russian-based Star Blizzard, as warned in a joint advisory from CISA, the UK National Cyber Security Centre, the Australian Cyber Security Centre, and the Canadian Centre for Cyber Security, among other governmental security bodies.

Threat researchers and incident response teams have reported a noticeable surge in phishing campaigns utilizing Evilginx, exploiting MFA’s reliance on session validation. Even with MFA in place, Evilginx captures session cookies after authentication is complete, granting attackers unauthorized access to accounts. In many cases, it can also bypass Windows Hello for Business. This makes it a particularly effective tool for targeting Microsoft Entra ID environments. This article peels back the layers on Evilginx, looking at how it  operates, why it’s effective, and the best defenses to help keep your organization secure.

The Evolution of Evilginx

Originally developed as a pentesting tool to demonstrate the vulnerabilities of traditional MFA, Evilginx has evolved to become a cornerstone of sophisticated phishing campaigns. Using a modified version of the open-source nginx web server software, early versions focused on basic credential harvesting. Newer iterations, however, incorporate advanced features like session cookie interception and real-time proxying to bypass MFA entirely. Now named Evilginx 3 and written in Go, the framework is stable, adaptable and set up to target platforms like Microsoft Entra ID. It comes with built-in “phishlets” to easily configure identical login experiences for Microsoft 365, Citrix, Okta, and other sites.

Understanding Reverse Proxies

Reverse proxies are a legitimate, widely-used technique where a proxy server handles requests and responses on behalf of the origin server. It sits between an endpoint, such as a user’s desktop, and public facing traffic and websites. Requests from the endpoint are intercepted by the reverse proxy server, which then sends the requests on to the origin server. This helps organizations manage incoming traffic, distribute loads across servers, and strengthen security by shielding the internal server structure. It also allows organizations to cache content that may be commonly used by their users, saving loading time. 

Reverse Proxy Flow

How Evilginx Works

Evilginx leverages the concept of a reverse proxy, but configured specifically to capture a user’s credentials and session cookies once they are tricked into accessing the Evilginx URL instead of the legitimate target server.

The process goes something like this.

1. Phishing lure: The attacker lures the victim into clicking on a phishing link sent by email or SMS, which takes them to the Evilginx-created phishing site:

2. Fraudulent site: The phishing site consists of a fake login page that looks and behaves exactly like the legitimate site, complete with a valid TLS certificate and lock icon. When the user tries to log in, Evilginx forwards the request to the real service:

3. Credential harvesting: The user enters their username and password on the fake page, which Evilginx captures and sends to the genuine site. Evilginx also collects and passes back second factor authentication factors, such as OTPs and out-of-band authentication (eg. push notification to the MS Authenticator app).

4. Session hijacking: If successfully authenticated, the legitimate service will return session credentials (tokens, session cookie), which Evilginx intercepts. The attacker uses the captured credentials and session cookies to directly access the user’s account.

5. Account takeover: Once the attacker has control of the session, they can change the user’s password and other information, locking the victim out.

Handling Federation Redirects

But what if Entra ID is configured to redirect to a different IdP (like ADFS) to perform federated authentication?

The flow is very similar to the simpler flow above, except Entra is going to return a 302 redirect to the downstream IdP. As long as Evilginx is configured to be aware of the redirect host, it will spin up a new “host” under its subdomain, and proxy the redirect to the browser to go there instead:

So even if the user enters their credentials in the downstream IdP, the result is the same. The downstream IdP issues a federation token (eg. SAML or OIDC) which Evilginx uses to get the final session tokens from Entra ID:

How Attackers Use Evilginx

Attackers leveraging Evilginx often start by targeting the weakest link: unprotected personal devices. A common scenario involves a phishing email sent to an employee’s personal email address, which is less likely to be secured by corporate defenses. For example, if you work for Acme.com, you might receive a spear-phishing email that appears relevant to your role or recent activities. Once you click the link, expecting to authenticate, the attacker’s Evilginx server intercepts the login process as described above, capturing credentials and session cookies, and eventually locking you out of your account entirely.

Generative AI has made these attacks easier and far more effective. By mining public data about employees — such as their social media profiles, published work, and LinkedIn connections — attackers can craft highly convincing, customized phishing campaigns (aka “spear phishing”) within minutes. Moreover, Evilginx makes it easy to set up the phishing site, providing exact replicas of login pages for Microsoft Entra ID, Okta and other popular services.

Inside an Evilginx Attack on Entra ID

In this attack demo, you can see how easy it is to hack into and take over an Entra ID account using Evilginx, even with “stronger” MFA with number matching turned on.

 

 

Defending Against Evilginx

Protecting against Evilginx attacks starts with basic, foundational defenses like two-factor authentication (2FA). While not immune to compromise — attackers can still steal session cookies — 2FA adds a layer of difficulty that may deter some threats. Another critical measure is network traffic inspection, particularly for enterprises. Monitoring where traffic is directed can help identify phishing URLs and flag malicious activity, though detection often occurs after users have already clicked on links.

Employee phishing awareness training can also reduce the risk of falling for phishing attempts, although it’s unrealistic to expect perfect vigilance. Mistakes are inevitable, especially as attackers craft increasingly targeted, convincing lures.

The most effective strategy lies in adopting FIDO passkeys for authentication. Passkeys use domain binding, which ensures that authentication attempts will only succeed if the domain matches the one the passkey was registered with. This effectively renders reverse proxy tools like Evilginx useless, as they cannot impersonate the bound domain.

What About Windows Hello for Business?

Although Windows Hello for Business (WHfB) is a FIDO2 compliant authenticator, the way it is usually configured makes it vulnerable to Evilginx attacks. Most organizations set up WHfB to be the primary authentication method, with a more insecure fallback option, such as password plus an SMS OTP or Microsoft Authenticator. To make this worse, there are Evilginx phishlets available that specifically bypass WHfB  authentication (in case it was used last time by the user) by forcibly downgrading the flow to use the more vulnerable fallback methods. 

The key is to enable policies in Conditional Access that don’t allow a less-secure (non-phishing-resistant) fallback option. If you do, the attackers will exploit it, making it pointless for deploying WHfB in the first place.

How HYPR Thwarts Evilginx Attacks

HYPR is designed to outsmart the most sophisticated AitM tactics, including Evilginx attacks. HYPR Enterprise Passkeys leverage FIDO passkey standards, binding the domain to the key so that only login attempts on the correct domain can succeed. This effectively shuts down reverse proxy tools that rely on intercepting session cookies or credentials. HYPR only uses phishing-resistant, FIDO Certified passwordless MFA methods — it never falls back to a shared secret that can be phished or intercepted. It can be used as the primary authentication method or a phishing-resistant fallback for Windows Hello for Business.

See what this protection looks like during the same phishing attack demonstrated above.

 

 

More Layers of Identity Protection

On top of our leading passwordless architecture, our identity risk engine, HYPR Adapt, adds another layer of security by detecting and responding to risk signals — even if the correct credentials are used. Account recovery is another area frequently exploited by attackers. They employ social engineering to impersonate a legitimate user and convince the help desk to provision new credentials. HYPR’s identity verification solution prevents this by ensuring someone is the rightful account owner before allowing credentials to be issued. 

Read more about HYPR’s continuous, end-to-end identity assurance for your Microsoft Entra ID and hybrid environments or arrange a custom demo to see it in action.

 


Thales Group

Press release

Press release prezly Fri, 11/22/2024 - 14:45 Thales confirms that the Parquet National Financier (PNF) in France and the Serious Fraud Office (SFO) in the United Kingdom have initiated an investigation in relation to four Thales entities located in France and the UK, regarding the performance of a contract in Asia. Thales denies the allegations brought to its knowledge. The Gr
Press release prezly Fri, 11/22/2024 - 14:45

Thales confirms that the Parquet National Financier (PNF) in France and the Serious Fraud Office (SFO) in the United Kingdom have initiated an investigation in relation to four Thales entities located in France and the UK, regarding the performance of a contract in Asia.

Thales denies the allegations brought to its knowledge.

The Group is fully cooperating with the PNF in France and the SFO in the UK.

Thales complies with all national and international regulations.

/sites/default/files/prezly/images/sans%20A-1920x480px_54.jpg Documents [Prezly] 22112024_Thales press release.pdf Contacts Cédric Leurquin 22 Nov 2024 Type Press release Structure Investors Group Thales confirms that the Parquet National Financier (PNF) in France and the Serious Fraud Office (SFO) in the United Kingdom have initiated an investigation in relation to four Thales entities located in France and the UK, regarding the performance of a contract in Asia. prezly_707670_thumbnail.jpg Hide from search engines Off Prezly ID 707670 Prezly UUID 481953db-dbae-41b9-8013-bbdd172d6cfc Prezly url https://thales-group.prezly.com/press-release Fri, 11/22/2024 - 15:45 Don’t overwrite with Prezly data Off

KuppingerCole

Oracle Access Governance

by Nitish Deshpande This KuppingerCole Executive View report looks at the current state and emerging trends of Access Governance. A technical review of the Oracle Access Governance is included.

by Nitish Deshpande

This KuppingerCole Executive View report looks at the current state and emerging trends of Access Governance. A technical review of the Oracle Access Governance is included.

auth0

What's New in the Auth0 Terraform Provider?

The Auth0 Terraform provider has many new features and updates. Learn all about what's new.
The Auth0 Terraform provider has many new features and updates. Learn all about what's new.

PingTalk

How to Use CIAM to Elevate the Customer Experience

The right customer identity and access management (CIAM) strategy can help you steer a safe course to a secure, seamless customer experience.

Digital channels, including websites, mobile apps, and social media, have become the primary touchpoint for establishing new customer relationships. In fact, 91% of adults ages 18 to 49 have purchased products or services online using a smartphone, according to Consumer Affairs.1 It’s crucial to make a good first impression during these customer interactions if you hope to build a loyal customer base.

 

This shifting dynamic creates new challenges and opportunities for businesses looking to attract and retain customers. The right customer identity and access management (CIAM) strategy can help you provide a positive customer experience.

Thursday, 21. November 2024

KuppingerCole

Passkeys in a Zero Trust World – Blessing or Curse?

In the modern digital landscape, organizations are confronted with growing cybersecurity challenges that demand stronger authentication methods. Zero Trust frameworks have become essential for bolstering security postures, placing a significant emphasis on identity verification. As traditional passwords become more vulnerable, passkeys are gaining traction for their phishing-resistant capabilities

In the modern digital landscape, organizations are confronted with growing cybersecurity challenges that demand stronger authentication methods. Zero Trust frameworks have become essential for bolstering security postures, placing a significant emphasis on identity verification. As traditional passwords become more vulnerable, passkeys are gaining traction for their phishing-resistant capabilities and their potential to transform authentication within Zero Trust environments.

Implementing passkeys, however, is not without its hurdles. Organizations must navigate evolving software ecosystems, inconsistent user experiences, and complex recovery processes. Balancing security requirements with user convenience remains a key challenge. This webinar will explore the various types of passkeys, their benefits, and the trade-offs between security and usability in achieving passwordless authentication.

Alejandro Leal, Research Analyst at KuppingerCole, will discuss the shift towards identity-centric security measures and the role of passkeys in building resilient digital environments. He will provide insights into how passkeys contribute to minimizing attack surfaces and enhancing overall security postures within Zero Trust frameworks.

Andre Priebe, Chief Technology Officer at iC Consult, will offer a high-level explanation of Zero Trust benefits from passkey adoption. He will explain passkey technologies, current implementation challenges, and best practices for adopting and scaling passkeys within organizations, focusing on improving security without compromising user experience.




Dock

Dock is partnering with Daon to streamline ID verification

We’re thrilled to announce that Dock is partnering with Daon to streamline ID verification and more! Since 2000, Daon has been at the forefront of digital identity assurance technology. From its early days in Ireland, Daon has grown to become a trusted global partner

We’re thrilled to announce that Dock is partnering with Daon to streamline ID verification and more!

Since 2000, Daon has been at the forefront of digital identity assurance technology. From its early days in Ireland, Daon has grown to become a trusted global partner in both the public sector and for some of the world’s most iconic brands, securing over 2 billion identities on 6 continents.

Through this partnership, Daon will leverage Dock’s Decentralized ID technology to unify verified data from sources collected during the digital identity verification process—government-issued digital IDs, bank-issued IDs, and more—into a single, proven verifiable credential. This reusable credential will accelerate further ID verification processes and provide simple, secure account access across businesses and siloed systems within a closed ecosystem, creating a seamless experience for users. 

Additionally, Daon will explore Dock's biometric-bound credential capabilities, tying biometrics, secured by advanced liveness detection, directly to the credentials to ensure they can only be used by the intended individual. 

Together, we’ll explore the future of mobile driver’s licenses (mDL) and eIDAS verification, unlocking the potential of decentralized ID for both Europe and America.

We’re excited to be working together on the future of digital identity verification!


Elliptic

Key insights from Elliptic's Global Crypto Regulation Landscape: 2024 Review

2024 has proved to be a year of fast-moving regulatory and policy change impacting the cryptoasset space. Across the globe, regulators have been working to address the opportunities and challenges presented by cryptoassets, creating new regulatory frameworks or updating existing ones in the process.

2024 has proved to be a year of fast-moving regulatory and policy change impacting the cryptoasset space. Across the globe, regulators have been working to address the opportunities and challenges presented by cryptoassets, creating new regulatory frameworks or updating existing ones in the process.


KuppingerCole

Managed Detection and Response (MDR)

by Warwick Ashford This KuppingerCole Leadership Compass provides an overview of the Managed Detection and Response (MDR) market. It examines solutions that detect, analyze, investigate, and respond to cybersecurity threats quickly and efficiently, including Security Operations Center as a Service (SOCaaS) solutions and Managed eXtended Detection and Response (MXDR) solutions. It provides an asses

by Warwick Ashford

This KuppingerCole Leadership Compass provides an overview of the Managed Detection and Response (MDR) market. It examines solutions that detect, analyze, investigate, and respond to cybersecurity threats quickly and efficiently, including Security Operations Center as a Service (SOCaaS) solutions and Managed eXtended Detection and Response (MXDR) solutions. It provides an assessment of the capabilities of these solutions to meet the needs of all organizations to detect, analyze, mitigate, and respond to cybersecurity threats.

Ocean Protocol

DF116 Completes and DF117 Launches

Predictoor DF116 rewards available. DF117 runs Nov 21 — Nov 28th, 2024 1. Overview Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor. Data Farming Round 116 (DF116) has completed. DF117 is live today, Nov 21. It concludes on November 28th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE&n
Predictoor DF116 rewards available. DF117 runs Nov 21 — Nov 28th, 2024 1. Overview

Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor.

Data Farming Round 116 (DF116) has completed.

DF117 is live today, Nov 21. It concludes on November 28th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF117 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF117

Budget. Predictoor DF: 37.5K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and Predictoor

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF116 Completes and DF117 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 20. November 2024

KuppingerCole

Transforming SOCs: The Power of SOAR Solutions

Cyberattacks are becoming increasingly sophisticated, requiring innovative approaches to cybersecurity. This webinar will explore how Security Orchestration, Automation, and Response (SOAR) platforms can revolutionize incident response by providing security teams with advanced threat detection and mitigation tools. We'll discuss the challenges of traditional SIEM systems and the transformative pot

Cyberattacks are becoming increasingly sophisticated, requiring innovative approaches to cybersecurity. This webinar will explore how Security Orchestration, Automation, and Response (SOAR) platforms can revolutionize incident response by providing security teams with advanced threat detection and mitigation tools. We'll discuss the challenges of traditional SIEM systems and the transformative potential of integrating generative AI into SOAR solutions. 

Join this webinar to learn:

The evolution of cyber threats and the need for advanced responses. How SOAR platforms streamline incident response and enhance SOC efficiency. The integration of generative AI to automate and improve security operations. Key considerations for selecting the right SOAR solution for your organization. Best practices for leveraging SOAR to mitigate risks in today’s dynamic threat landscape.


Redefining Cybersecurity: Facing the Next Generation of Threats

by Nitish Deshpande As technology continues to evolve at a breakneck pace, so do the risks lurking in the shadows of digital transformation. The cybersecurity landscape is no longer just about firewalls and antivirus software—it’s a high-stakes chess game with increasingly cunning adversaries. To stay ahead, we must not only understand these next-generation threats but also embrace smarter, more

by Nitish Deshpande

As technology continues to evolve at a breakneck pace, so do the risks lurking in the shadows of digital transformation. The cybersecurity landscape is no longer just about firewalls and antivirus software—it’s a high-stakes chess game with increasingly cunning adversaries. To stay ahead, we must not only understand these next-generation threats but also embrace smarter, more adaptive strategies.

The New Face of Cyber Threats

AI-Driven Cyberattacks: Smarter, Faster, and More Dangerous

Artificial intelligence (AI) is no longer just a tool for innovation—it’s becoming a weapon in the hands of cybercriminals. AI automates attacks, identifies vulnerabilities at lightning speed, and creates malware that learns to outsmart detection systems. Defenders can’t afford to play catch-up. Staying proactive with AI-powered countermeasures is the only way to level the playing field.

Deepfakes: Trust Eroded in the Digital Age

What if you could no longer trust what you see or hear online? Deepfake technology has weaponized deception, enabling attackers to impersonate executives, manipulate public opinion, and execute devastating social engineering attacks. The fallout includes financial fraud, reputation damage, and a society questioning the authenticity of all digital content.

IoT: Billions of Devices, Billions of Risks

The Internet of Things (IoT) has revolutionized our lives, connecting everything from home appliances to critical infrastructure. But this connectivity comes at a price. Many IoT devices are built with weak—or nonexistent—security measures, making them easy targets. Worse, these devices can serve as backdoors to larger networks, amplifying the threat.

Ransomware: Evolving and Escalating

Ransomware has shifted gears, becoming more calculated and destructive. Attackers now employ double extortion tactics—encrypting data while also threatening to leak it unless hefty ransoms are paid. This evolution demands more robust defenses, including smarter recovery plans and airtight data backups.

Strategies to Outpace the Threats

Leveraging AI to Fight AI

If attackers are arming themselves with AI, so must defenders. AI-powered security tools can sift through massive data sets, detect anomalies, and react to threats faster than any human team ever could. Machine learning ensures systems grow smarter with every attack, turning past threats into future advantages.

Zero Trust: A Security Framework Built for Complexity

Zero Trust flips the traditional security model on its head: trust no one and verify everyone. By constantly authenticating users and devices, this model minimizes risks like unauthorized access and lateral movement. Yet, it’s no magic wand—Zero Trust is complex to implement at scale, which explains its slow adoption rate.

Behavioral Analytics: The Power of Predictive Insight

In cybersecurity, behavior often reveals intent. Analyzing user actions—like irregular login patterns or unusual data transfers—can flag potential threats before they escalate. Behavioral analytics provides the critical early warnings organizations need to respond swiftly and decisively.

Setting the Bar Higher for IoT Security

The IoT ecosystem needs more than innovation; it needs standards. Industry collaboration is essential to enforce stricter measures like device authentication, end-to-end encryption, and regular firmware updates. Securing billions of connected devices isn’t just desirable—it’s non-negotiable.

Ransomware Resilience: A Comprehensive Playbook

To stay resilient against ransomware, preparation is key. Think regular backups, segmented networks, and well-trained employees. Add a strong incident response plan, and you’ve got the foundation for bouncing back without caving to criminal demands.

Building Resilience for an Unpredictable Future

The battle between cybersecurity professionals and threat actors isn’t going anywhere—it’s only intensifying. Agility, collaboration, and innovation are non-negotiable in this fight. By adopting advanced technologies and forward-thinking strategies, we can fortify our systems and stay one step ahead of the adversaries shaping tomorrow’s threats.

Join us in December in Frankfurt at our cyberevolution conference, where we will continue to discuss the cyber threat landscape and its future.


Anonym

The Top 10 Ways Bad Actors Use Your Stolen Personal Information

A bad actor isn’t only a poorly skilled thespian (ha ha). It’s also a person (or group) who intentionally acts to cause harm to a person or organization via computers, devices, systems or networks. This type of bad actor most commonly affects individuals when they steal their personal information, such as name, address and credit card details […] The post The Top 10 Ways Bad Actors Use

A bad actor isn’t only a poorly skilled thespian (ha ha). It’s also a person (or group) who intentionally acts to cause harm to a person or organization via computers, devices, systems or networks.

This type of bad actor most commonly affects individuals when they steal their personal information, such as name, address and credit card details in a data breach (though not all data breaches are malicious).

To date, more than 60% of Americans have been the victim of a data breach. In 2023, data breaches in the US increased by a massive 78% over 2022, and impacted an estimated 353,027,892 people.

Breaches don’t discriminate by industry. In fact, no industry is safe, with public administration, finance and healthcare the most at-risk industries for data compromise.

What’s more, data breaches don’t only happen on the internet. Personal information can be exposed via Bluetooth, text message, and the good old-fashioned stolen wallet or phone, too.

So, once a bad actor has your personal information, what do they do with it? Here are the top 10 things going on right now:

Identity theft: Using your stolen information to impersonate you for financial gain or to commit crimes Financial fraud: Accessing your bank accounts, credit card information, or other financial accounts to make unauthorized transactions Phishing: Sending fraudulent emails or messages pretending to be from legitimate organizations to trick you into revealing more information or clicking on malicious links Social engineering: Manipulating you into divulging confidential information, often by posing as someone you trust or using your stolen information to build credibility Account takeover: Gaining unauthorized access to your online accounts (email, social media, etc.) using your stolen usernames and passwords Tax fraud: Using stolen personal information to file fraudulent tax returns and claim refunds Medical identity theft: Using your stolen information to get medical services and prescriptions, or to fraudulently file insurance claims Employment fraud: Using your stolen information to illegally gain employment or benefits Blackmail or extortion: Threatening to expose your sensitive information unless you pay a ransom Creating fake identities: Using your stolen information to create new identities for various fraudulent purposes.

So, with so many ways to be scammed, how do you keep your information safe online and off? The simplest fix is to use MySudo.

MySudo is the world’s only all-in-one privacy app that lets you protect your information, secure your chat, and organize your life.

You protect your information with secure digital identities called Sudos, each with its own phone, email, handle, private browser and payment card. Anywhere you’d normally use your personal phone number, email or payment card, use your Sudos instead. Sign up for deals and discounts, book rental cars and hotel rooms, pay for concerts or a coffee, all without giving away your personal information.

Then, you secure your chat by calling, texting and emailing securely inside the app with other users using your Sudo handle—or communicate standard outside the app with everyone else. Your Sudo phone and email work just like your private ones and they protect you from spam and scams.

You can also use MySudo to organize your life. Shop through a Sudo, sell through a Sudo, eat through a Sudo and live through a Sudo. The power of Sudos lies in compartmentalization, separating your information into different silos or Sudos to reduce the impact if a data breach strikes and helping you keep all your activity contained within a dedicated Sudo purpose.

Once you know how many Sudos you need, choose one of our awesome value plans for a privacy set-up that’s right for you. Check out MySudo.

Want even more tools to protect your personal information? Try RECLAIM.

RECLAIM, powered by MySudo, is a new personal data removal service that uses machine learning and artificial intelligence to help you reclaim control of your personal information from the companies that store and sell it.  

RECLAIM scans your email subject lines and senders to identify which companies have your personal details, such as phone, address, and credit card details, and then instructs you in either switching out your personal information for Sudo information or asking the company to delete your data altogether. 

Remember, Sudos are secure digital profiles with phoneemail, and payment cards to use instead of your own. You create your Sudos in the MySudo all-in-one privacy app, part of the same app family as RECLAIM. 

Just released in beta, RECLAIM is a great place to start reducing the online exposure of your personally identifiable information and digital footprint, and boosting your data privacy. Check out RECLAIM. 

Here are more great tips for what to do if you’re caught in a data breach.

And why not download MySudo VPN to encrypt your internet connections while you’re at it? You’re on a roll!

Want even more? Check out our blog and popular podcast.

The post The Top 10 Ways Bad Actors Use Your Stolen Personal Information appeared first on Anonyome Labs.


auth0

Native Login with Passkeys Is Now in Limited Early Access for Android Applications!

Native login with passkeys allows you to integrate passkeys into your native applications and offers a smooth user experience with all the benefits of passkeys.
Native login with passkeys allows you to integrate passkeys into your native applications and offers a smooth user experience with all the benefits of passkeys.

Spherical Cow Consulting

Rethinking Identity Management: The Role of Non-Human Identities in Academic Research

Academia is facing challenges in managing non-human identities (NHIs), which are essential for modern research systems but often treated like human users. As NHIs grow in complexity, issues like token sprawl, access management misalignments, and compliance difficulties arise, especially in collaborative environments like high-performance computing. Traditional directories fail to manage these iden

Academia has always been about pushing boundaries—whether in knowledge, technology, or collaboration. But as research grows more complex and reliant on technology, so too does the need to address a hidden layer of identity management. I’m talking about non-human identities (NHIs): those workloads, APIs, batch jobs, and software systems that work tirelessly behind the scenes. This is more than service accounts and bots. This is the underlying infrastructure for modern IT systems.

NHIs aren’t a new concept, but how we manage them today isn’t just outdated—it’s risky. Let’s dig in.

What Are NHIs?

Think about the processes that underpin research in a university. Automated data collection? That’s an NHI. Research simulations running on high-performance computing (HPC) systems? Also NHIs. APIs that manage sensitive student and research data? You guessed it—NHIs. These identities are everywhere, yet we still treat them like human users in many cases, with joiner/mover/leaver workflows and directory mappings.

And while this “fit them into the human box” approach might work on a small scale, it doesn’t secure the infrastructure they’re tied to. That’s a problem.

Why NHIs Are a Challenge

NHIs often inherit the same challenges as their human counterparts, only amplified by scale and complexity. Here’s a snapshot of the issues:

Token Sprawl: OAuth account tokens being passed around like candy at Halloween. (I feel like I need to make an analogy about cavities and decay, but I’ll just leave that here because iew.) Access Management: Misaligned permissions, often shared across workloads, create opportunities for breaches. Auditing and Compliance: Many HPC environments and collaborative research projects struggle to track what access NHIs have, much less prove compliance with regulations. Security Gaps: Relying on directories and manual processes doesn’t cut it when workloads operate across different systems and organizations.

A common example? Research collaboration in HPC environments. These systems often involve shared resources accessed by NHIs with wildly varying permissions. Without precise controls, compliance becomes a nightmare, and auditing feels like playing whack-a-mole with invisible targets.

Directories: The Bottleneck We Can’t Ignore

But wait! We have directories to keep everything organized! Won’t that help? (All my enterprise IAM friends just did a full-body cringe reading that.)

Here’s the thing about directories: they’re fantastic for managing human identities in traditional environments. But when it comes to NHIs, directories quickly become a bottleneck. Why? Because they assume every identity—human or non-human—can be neatly slotted into a joiner-mover-leaver model.

For NHIs, this model is fundamentally flawed:

No Natural Lifecycle: Workloads, APIs, and batch jobs don’t “move” or “leave” in the same way people do. They’re created and destroyed based on operational needs, often spinning up and down in milliseconds. A directory simply can’t keep pace with this churn. Token Dependency: OAuth tokens are often used as a workaround, passed around to grant temporary access. But this approach doesn’t scale—it’s prone to sprawl, lacks visibility, and creates security risks when tokens are misused or stolen. Lack of Context: Directories were designed for human-centric workflows, meaning they lack the context required to manage the nuanced relationships NHIs have with systems, resources, and data.

The result? Academic IAM systems often end up overburdened and unable to scale to the demands of modern, complex environments. Imagine trying to cram a sprawling HPC infrastructure into a directory originally built to manage faculty and students—it’s like forcing a square peg into a round hole.

The Role of DevOps, IT, and IAM Teams

Managing NHIs isn’t a one-team job—it’s a cross-functional effort. DevOps and IT teams usually own the operational infrastructure, while IAM teams handle policy enforcement. But these groups often speak different “languages,” making collaboration tricky.

That’s where standards and architecture frameworks come in. Efforts like the IETF’s WIMSE draft aim to create a shared understanding of how to secure NHIs in multi-system environments. It’s a step in the right direction, but adoption isn’t straightforward.

Building Better NHI Management

So, how can academia start tackling the NHI problem more effectively?

Establish Clear Ownership: Decide who is responsible for managing NHIs, from provisioning to decommissioning. Adopt Standards: Leverage frameworks like SPIFFE and WIMSE to create consistent, scalable trust models. Learn how to use the Shared Signals Framework and the Continuous Access Evaluation Profile (CAEP). Invest in Automation: Automate the boring stuff, like token issuance and revocation, to reduce human error. (Hot take: CAEP can help here, too.) Foster Collaboration: Create spaces for DevOps, IT, and IAM teams to align on priorities and processes. Looking Ahead

The future of NHIs in academia isn’t just about solving today’s problems—it’s about enabling the next generation of research. Imagine a world where workload identities are as dynamic as the systems they operate in, seamlessly supporting complex collaborations across institutions. Standards and open-source tools will be key to making that vision a reality.

But here’s the catch: it’s not just a technical challenge. NHIs require governance, funding, and attention from leadership to ensure they’re managed sustainably. Without these, even the best tools won’t fix the problem.

I’ll be talking about this at the 2024 Internet2 TechEx in Boston. If you’d like my slides, drop me a note on LinkedIn and I’ll be happy to share!

Reach out if you want to learn more about navigating this process or need support with standards development. With my experience across various SDOs, I’m here to help guide you through the complexities of Internet standards development.

The post Rethinking Identity Management: The Role of Non-Human Identities in Academic Research appeared first on Spherical Cow Consulting.


Dock

Dock is partnering with Socure to revolutionize digital identity verification

We're excited to share that Dock is partnering with Socure to revolutionize digital identity verification! Socure’s mission has always been clear: verify 100% of good identities in real-time and eliminate identity fraud. With over 2,600 customers across financial institutions, government agencies,

We're excited to share that Dock is partnering with Socure to revolutionize digital identity verification!

Socure’s mission has always been clear: verify 100% of good identities in real-time and eliminate identity fraud. With over 2,600 customers across financial institutions, government agencies, and leading enterprises, they’re proud to be the gold standard in digital identity verification.

Now, by teaming up we’re taking these capabilities to the next level. 

The partnership allows us to combine their AI-driven analytics with our decentralized identity infrastructure to offer a more flexible, secure, consumer-centric identity solution.

We’re thrilled about what’s ahead and can’t wait to see the innovative solutions we’ll build together. 

Stay tuned for more updates on how we’re redefining trust in the digital world!

Tuesday, 19. November 2024

KuppingerCole

Identity Security and Management – Why IGA Alone May Not Be Enough

Organizations are confronted with unprecedented challenges in managing and securing identities across hybrid environments due to the growing complexity of the digital landscape. While Identity Governance and Administration (IGA) solutions provide a foundation, the increasing complexity of identity ecosystems demands a more comprehensive approach to maintain visibility, security and control. Mo

Organizations are confronted with unprecedented challenges in managing and securing identities across hybrid environments due to the growing complexity of the digital landscape.

While Identity Governance and Administration (IGA) solutions provide a foundation, the increasing complexity of identity ecosystems demands a more comprehensive approach to maintain visibility, security and control.

Modern identity management requires solutions that can bridge the gap between IGA and directory management. Advanced tools can consolidate visibility across hybrid environments, provide fine-grained control, and enhance delegation capabilities. These solutions complement IGA by addressing the limitations of native directory management and improving overall security posture.

Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at the challenges of breadth vs. depth in managing target systems, but also the common scenario of different teams being responsible for different parts of the infrastructure such as the IGA solution vs. Microsoft Active Directory. He will provide insights not only when to use multiple solutions, but also discuss approaches on a TOM (Target Operating Model) that leads to consistent management of diverse environments.

Robert Kraczek, Global Strategist at One Identity will showcase how solutions like Active Roles can serve as connectors to various directories, providing a single pane of glass for hybrid environments. He will demonstrate how these tools enhance security, improve efficiency, and complement existing IGA solutions to address the complexities of modern identity ecosystems.




Radiant Logic

ITGC Controls: Why Are They Essential And How To Execute Them?

ITGCs are an essential part of your strategy for securing and enforcing access rights. Find out why... And how to optimize them! The post ITGC Controls: Why Are They Essential And How To Execute Them? appeared first on Radiant Logic.

CyberArk Privilege Cloud: Protect your Privileged Accounts with a SaaS Solution

Learn more about the benefits of CyberArk's Privilege Cloud, a PAM solution in SaaS mode, and discover ways to extend its capabilities. The post CyberArk Privilege Cloud: Protect your Privileged Accounts with a SaaS Solution appeared first on Radiant Logic.

Are User Access Review And Access Recertification The Same Thing?

The user access review is a control function that is separate from the recertification of access rights. Learn more about why and when to use it. The post Are User Access Review And Access Recertification The Same Thing? appeared first on Radiant Logic.

Is Your European Company Prepared For The Digital Operational Resilience Act (DORA)?

Uncover DORA regulations, five key focus areas, and the significance of operational resilience in finance get compliant with Radiant Logic's secure software solutions. The post Is Your European Company Prepared For The Digital Operational Resilience Act (DORA)? appeared first on Radiant Logic.

Reducing IAM Technical Debt with an Identity Data Fabric Approach 

Gartner lists 5 key challenges that result from IAM technical debt; get our four step approach to a solution based on our Identity Data Fabric. The post Reducing IAM Technical Debt with an Identity Data Fabric Approach  appeared first on Radiant Logic.

ISMG Survey Finds that Many Identity Teams Lack Visibility and Operational Maturity

ISMG research surveyed over 100 IT leaders on their IAM challenges, and we’re pleased to share the results with you. The post ISMG Survey Finds that Many Identity Teams Lack Visibility and Operational Maturity appeared first on Radiant Logic.

Spring is Springing: What’s New from Radiant Logic in Spring 2024

Learn what Radiant Logic is bringing to identity in 2024. Our spring release makes it easy to connect, manage, and govern identity data—see what AI can do for identity. The post Spring is Springing: What’s New from Radiant Logic in Spring 2024 appeared first on Radiant Logic.

Making Identity Hygiene a Non-Negotiable for Organizational Security

Identity hygiene is the number one common denominator in any IAM program.  Without clean data there are no accurate results.   The post Making Identity Hygiene a Non-Negotiable for Organizational Security appeared first on Radiant Logic.

Artificial Intelligence and Identity and Access Management

Dive into the powerful influence will AI-Driven IAM, IGA, Generative AI for IAM have in 2024, and what advantages will you find with an IAM Copilot on your side. The post Artificial Intelligence and Identity and Access Management appeared first on Radiant Logic.

Revolutionizing IAM with RadiantOne AI and AIDA

Learn how generative AI technology will revolutionize the way organizations govern and visualize identity data with unprecedented speed and accuracy. The post Revolutionizing IAM with RadiantOne AI and AIDA appeared first on Radiant Logic.

Tokeny Solutions

Tokeny’s Talent | Satjapong’s Story

The post Tokeny’s Talent | Satjapong’s Story appeared first on Tokeny.
Satjapong Meeklai is Senior DevSecOps Engineer at Tokeny.  Tell us about yourself!

Hi guys. My name is Satjapong Meeklai. I’m Thai, born and live in Bangkok. I’ve always been passionate about technology since I was young so I spent most of my time using computers and the internet to learn new things. After finishing high school, I decided to study computer science at a university in Thailand. And fortunately after graduating, I got a Japanese government scholarship to continue my higher education in Tokyo. After obtaining a master degree, I came back to Thailand and devoted myself as a technician because I love doing hands-on works, trying various types of roles in this field and eventually, decided to focus on becoming a DevSecOps engineer who work in Fintech and Web3 startups because I believe in the industries so I’m trying to make some contributions to this major shift to happen which hopefully will create positive impacts to other people around the world.

What were you doing before Tokeny and what inspired you to join the team?

After completing my master’s degree, I was drawn to data science and AI, so I pursued a role as a data scientist. I joined an early-stage startup focused on sentiment analysis, where I wore many hats due to the small team. Besides building machine learning models, I handled data cleaning, preprocessing, backend development, and DevOps. Through this experience, I discovered a passion for DevOps, leading me to shift my career in that direction.

I continued working in startups, valuing their fast-paced, impactful environments. For four years, I was the lead DevOps engineer at Opn, a Thai fintech company that became a unicorn. Managing a team of nine, I contributed meaningfully to the company’s success, which remains one of my proudest achievements.

While at Opn, I became interested in Blockchain and Web3, eventually leaving to join a small Web3 startup in digital asset custody. Although the company closed due to market challenges, my interest in Web3 grew. This led me to Tokeny, a platform for tokenizing traditional assets, which I see as a bridge to open finance in the Web3 era. I’m excited to help drive this transformation.

How would you describe working at Tokeny?

So far it has been very pleasant for me. People here are kind, nice, but work hard. They’re good at what they do. I can feel the determination of what we want to build and deliver to the community. We are here to create changes. That is what I can tell after working here for several months.

What are you most passionate about in life?

I think not dying in vain would probably be something I’m passionate about the most. I want the existence of myself to have a positive impact and influence on people around me. I no longer dream of changing the world myself but I’d like to support, contribute, and be a part of that something together with others to create positive results for the community, society, country, and/or the world instead. In the end, what I care about the most is myself being in a position where I’m proud and happy about myself, the decisions I made, the things I do, and do not regret how I live and what I’ve done to people around me.

What is your ultimate dream?

Be one of the early employees of an incredibly successful tech company while being a good, caring leader to my family.

What advice would you give to future Tokeny employees?

First you should believe in your own vision. Then try to align that vision with the company. Then you will find that whatever you do, either for yourself or the company, is meaningful by themselves.

What gets you excited about Tokeny’s future?

I’m excited about our mission to build the world of open finance and how this will change the world of traditional finance. It’s pretty interesting to see what will change in 5 to 10 years from now with the power of the Web3 industry and Tokeny.

He prefers: check

Coffee

Tea

Movie

check

Book

Work from the office

Work from home

check

Hybrid

check

Dogs

Cats

Call

check

Text

check

Burger

Salad

check

Mountains

Ocean

Wine

check

Beer

check

Countryside

City

check

Slack

Emails

check

Casual

Formal

check

Crypto

Fiat

Night

check

Morning

More Stories  Tokeny’s Talent|Xavi’s Story 19 March 2021 Tokeny’s Talent | Fabio 16 February 2024 Tokeny’s Talent|Tony’s Story 18 November 2021 Tokeny’s Talent | Gonzalo 24 November 2023 Tokeny’s Talent|Joachim’s Story 23 April 2021 Tokeny’s Talent|Alexis’ Story 26 October 2022 Tokeny’s Talent|Barbel’s Story 17 December 2021 Tokeny’s Talent | Cristian 13 June 2024 Tokeny’s Talent | Jordi’s Story 1 November 2024 Tokeny’s Talent|Thaddee’s Story 2 June 2022 Join Tokeny Solutions Family We are looking for talents to join us, you can find the opening positions by clicking the button. Available Positions

The post Tokeny’s Talent | Satjapong’s Story appeared first on Tokeny.


KuppingerCole

Analyst's View: Synthetic Data

by Anne Bailey Synthetic data generation is a highly innovative solution to challenges of test data quality, data sharing, and data privacy and security. Senior Analyst Annie Bailey shares insights from the inaugural Leadership Compass on Synthetic Data on the dynamic development of this market.

by Anne Bailey

Synthetic data generation is a highly innovative solution to challenges of test data quality, data sharing, and data privacy and security. Senior Analyst Annie Bailey shares insights from the inaugural Leadership Compass on Synthetic Data on the dynamic development of this market.

Monday, 18. November 2024

Spruce Systems

Industry Spotlight: Top 10 Ways Verifiable Digital Credentials Can Transform Government

Explore how verifiable digital credentials can address challenges in government identity systems, offering secure, efficient, and privacy-focused solutions for a range of applications.
A Need for Verifiable Digital Credentials in Government

Government agencies face significant challenges in delivering secure, reliable identity credentialing and verification processes that are built for today’s digital world. Protecting residents' data from unauthorized access is essential, as is providing secure, accessible ways for residents to easily verify their identities across digital and physical channels as they go about their day-to-day.

The outdated, paper-based systems that exist today slow down government processes and introduce vulnerabilities, such as fraud, inefficiencies, and elevated administrative costs. These challenges not only affect the security and privacy of residents’ data, but also put a strain on government resources. We believe that to meet the demands of a digital-first society, agencies must transition away from paper-based credentials, which are vulnerable to tampering, to secure, verifiable digital credentials. Read on to learn more about the top 10 real world applications in government today, and how SpruceID is helping partner with agencies for digital transformation.

Today’s Top 10 Real-World Applications

When it comes to verifiable digital credentials in government, 10 use cases is just barely scratching the surface. However, the list below outlines several in-demand applications today where digital credentials bring significant advantages, greatly benefiting both government entities and the people they serve:

Mobile Driver’s License (mDL): Physical IDs may be the norm, but they are easily lost, stolen, or damaged, making residents vulnerable to identity theft and fraud. Law enforcement, businesses, and government agencies spend valuable time verifying IDs, and the reliance on physical cards slows down services and increases errors. With high-assurance verifiable digital credentials (VDCs), verification becomes faster, more secure, and far less vulnerable to tampering with. The added convenience and security offered by a mobile driver’s license creates a streamlined, fraud-resistant environment where residents don’t have to rely on easily compromised physical cards. Read more about how SpruceID helped the State of California implement their mobile driver’s license program, and the benefits they’ve seen so far. Outdoor Licenses and Permits: Today’s outdoor licenses and permits (such as boating or fishing licenses) are largely paper-based, which are easy to lose or counterfeit, and enforcing them can be difficult. Conservation officers lack real-time verification tools, making enforcement difficult and allowing illegal activities to go unchecked. Digital permits with VDCs provide instant, reliable proof with an easy way to verify the credentials, supporting conservation efforts and reducing illegal activities—all while protecting public lands and waters. Learn about how SpruceID worked with Utah to launch digital off-road vehicle permits and how they’ve benefitted. Incarcerated Individuals and Criminal Justice and Law Enforcement: Today, approximately 27% of formerly incarcerated individuals are unemployed. This statistic highlights the significant barriers to employment these individuals face, particularly in accessing proper identification. The criminal justice system’s reliance on outdated, paper-based records not only creates vulnerabilities in identity management and record accuracy but also complicates access to essential rehabilitative services. These inefficiencies lead to security risks, identity errors, and hindered re-entry support. Verifiable digital credentials can help facilitate access to job applications, housing, and social services, while removing barriers to re-enter society and rebuild their lives. Marriage and Birth Certificates: Paper marriage certificates, birth certificates, and even social security cards are essential but vulnerable to loss, damage, and forgery, which complicates access to legal rights and government services. Verifying these documents can also be a slow process, creating roadblocks for individuals needing to prove familial status for health benefits, citizenship, and legal matters. VDCs ensure secure, instant access to these vital records, protecting individuals’ identities and preventing fraudulent claims. They can also help streamline processes such as enrolling your new baby onto your health insurance — as discussed in our recent blog post. Social Services Access (SNAP/Medicaid): Accessing social services with paper-based documentation is cumbersome and prone to errors. Individuals who qualify may face delays or rejections, while ineligible recipients can exploit the system, diverting funds from those in need. By using VDCs, agencies can improve efficiency and reduce fraud by allowing for real-time verification of eligibility, ensuring benefits reach the right individuals faster and reducing strain on the social services infrastructure. Civic Participation: Fraud and manipulation risks increase, threatening the integrity of civic participation such as responding to RFCs (requests for comments) or submitting feedback to political representatives. Verifiable digital credentials create a secure, accessible way to ensure that for example, someone is a resident and not a bot, without oversharing information. This approach has also been considered for simultaneously improving our voting systems’ security and engagement with the new generation. Land and Property Records: Paper-based land records can be misplaced, tampered with, or falsified, leading to property disputes, unclear ownership, and legal issues that impact families and businesses. To mitigate these issues and more, VDCs provide a secure way to manage property records, ensure property rights are protected, and enhance transparency in property ownership. Disaster Relief: In times of disaster, quickly verifying the identity and eligibility of individuals seeking relief is crucial but challenging with traditional paper documents. When someone loses their paper documents, aid can be delayed, misallocated, or vulnerable to fraud, hindering the response and leaving affected people without timely support. VDCs allow for quick, secure verification of those in need, ensuring relief reaches the right people and enable response teams to act efficiently during critical moments. Our credentials are accessible even in remote areas, without wifi or cell service. Government Employee Access and Verification: Current reliance on physical IDs for government employees and veterans can lead to unauthorized access, fraud, and security breaches. Verifiable digital credentials provide a secure way to verify identity of government employees such as military or veterans, protecting restricted spaces and sensitive information, while allowing instant access to necessary services and benefits that are exclusive to military and veterans, among other government employees. Cross-Border Travel Credentials: Physical cross-border travel documents such as customs clearance forms, visas, and health certificates and more are vulnerable to forgery and theft, creating security risks and causing delays at border crossings. VDCs offer a way to consolidate identity, customs, and health credentials into one streamlined verification process. This speeds up clearance, improves safety, and enhances global security and health compliance, delivering a more efficient experience for travelers and border authorities alike.

SpruceID’s Solution

SpruceID works with a variety of public sector agencies to issue verifiable digital credentials, creating a system of trust, security, and convenience that can be applied across numerous government applications. Our Credible platform supports issuing a range of digital credentials, from mobile driver’s licenses (mDLs) to professional certifications. These credentials use cryptographic digital signatures, ensuring that they cannot be falsified, shared through screenshots, or recreated by AI-generated deepfakes.

Our solutions prioritize minimal disclosure of personal data, enabling residents to verify credentials with only essential information (for example, only needing to show your age to enter a bar while keeping your personal address hidden). This keeps personal data secure and compliant with privacy regulations, all while eliminating government tracking or surveillance. In addition, Credible helps to drive increased efficiency, as digital processes streamline verifications and reduce administrative bottlenecks, ultimately saving time for both agencies and residents. By minimizing reliance on paper, agencies significantly lower overhead costs related to printing, mailing, and administrative handling, creating a cost-effective, privacy-centric solution.

Shaping the Future of Digital Identity in Government

We envision a future where government agencies fully leverage verifiable digital credential solutions that align with standards and advance alongside open-source industry collaborations. 

Through partnerships with agencies such as the California DMV, we demonstrate our commitment to creating scalable, interoperable solutions. By embracing VDCs, government agencies can protect citizens, enhance services, and reduce administrative burdens, empowering everyone securely and efficiently. To learn more about how SpruceID could help your government agency, visit our website and get in touch with us.

Contact Us

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.


liminal (was OWI)

Solving for Trust by Design: The Identity Authorization Network Opportunity

The post Solving for Trust by Design: The Identity Authorization Network Opportunity appeared first on Liminal.co.

The Market for Identity Authorization Networks

The post The Market for Identity Authorization Networks appeared first on Liminal.co.

Sunday, 17. November 2024

KuppingerCole

Cyber Hygiene in the Age of AI

Matthias and Christopher discuss the critical importance of cyber hygiene in the corporate context, especially in light of evolving threats such as AI-driven attacks, deepfakes, and ransomware. They emphasize the need for organizations to train employees on recognizing and responding to these threats, as well as the role of technology in both perpetrating and preventing cybercrime. The discussion

Matthias and Christopher discuss the critical importance of cyber hygiene in the corporate context, especially in light of evolving threats such as AI-driven attacks, deepfakes, and ransomware. They emphasize the need for organizations to train employees on recognizing and responding to these threats, as well as the role of technology in both perpetrating and preventing cybercrime. The discussion also touches on the growing issue of disinformation and the necessity for vigilance in verifying information.



Friday, 15. November 2024

Holochain

The Holochain Foundation is Coming of Age

Organizational Shifts to Support Delivery

In the open-source world, there is a well-known dilemma: it’s very difficult to find funding for deep infrastructure-level projects. We knew, when envisioning Holochain, what we wanted to bring into the world — the capacity for groups of people to create digital spaces in which to engage without the need for any intermediaries or web servers. We wanted it to work with nothing but the computers of the very groups of people wanting to engage.

Well, that counts as a deep open-source infrastructure-level project. So we came up with a strategy to create a company that needed Holochain’s new infrastructural capacity, and could market its business proposition and plan. But instead of being owned by venture capital, it would be owned by an open-source foundation on behalf of all the eventual users of that infrastructure.

That vision led us to launch Holo as a distributed cloud hosting company for Holochain apps, that would also use Holochain itself to manage that cloud infrastructure, and do the value accounting between hosts and app providers. This was a complex and tall order.  And so for the past years, all of us in the Holo/Holochain world have been driving primarily to meet Holo’s needs, as we’ve been implementing Holochain itself. Admittedly, it’s taken us significantly longer than we initially thought to build out the depth of the Holochain feature set, along with the complex infrastructure that Holo needed to offer generalized Holochain-based cloud hosting. It’s been hard going. In the meantime, the world has also changed around us, revealing new demands of where and how Holochain actually wants to be used in today’s market, demands that are different from what we initially envisioned.

To meet these changes, and to increase our capacity to deliver, we are updating our strategy, which means a significant organizational restructuring. You can read the announcement of this restructuring on the Holo.host press site.

But what does this mean more specifically for the Holochain Foundation? Foremost, the Foundation will move from being a passive holder of the Holochain intellectual property, on behalf of the community, into being the active operational entity supporting and managing the Holochain development team.

Part of our “coming of age” is realizing that we can’t do everything we might like. Focus matters. Our strategic plan for delivering on our mission of “fostering the evolution and thriving of the Holochain framework and related ecosystems”, begins with just one thing: The stability and reliability of Holochain, such that it can be deployed as industrial-strength, mission-critical infrastructure by commercial projects as well as our community stakeholders. What this means in practice is testing, testing, testing! This includes:

Continued build-out of our “Wind Tunnel” performance testing framework so that we can verify that Holochain’s operating envelope, across each one of its features, meets or exceeds the demands of the specific projects currently bringing Holochain applications to market. Ensuring the sufficiency of testing code coverage of each of Holochain’s key features and undertaking any refactors necessary to bring them in line with our stakeholder’s needs. Upgrading our release patterns so that stakeholders delivering mission-critical apps can conditionally enable the more experimental and not-fully-tested features, while those stakeholders who are on the bleeding edge can help develop and test those very features.

We believe that the Holochain Foundation’s coming-of-age shifts us into delivering on our mission by serving our stakeholders better. We are deeply committed to our partners and ecosystem stakeholders that are currently delivering or developing Holochain apps, both the newer ones like the Volla and its Messages app for the new Quintus Volla Phone, data provenance solutions from Kwaxala, verified data for semi-fungbile token solutions including the recently released Jade City vaults, decentralized game data for esports, the new Visible Verification project, and the a project with Carbistry in the voluntary carbon market domain; and also to those partners who’ve been with us for a long time, like Darksoil Studio, Humm Hive, Neighbourhoods, Coasys, Lightningrod Labs, Carbon Farm Network, Valueflows, and others; and of course, supporting the features needed by the reorganized Holo and HoloFuel organizations. We are also preparing for larger-scale adoption of Holochain solutions in 2025, including collaborations with major players in the industrial supply chain and media industries.

As part of the reorganization and living into our commitment to focus, I will be stepping in as Executive Director of the Holochain Foundation. This will allow our current Executive Director, Mary Camacho, to concentrate on Holo’s new direction, as well as her passion of enabling commercial projects both directly and via new structures within the Foundation.

There’s much more in store for the Foundation going forward, especially around expanded and more formal structures for stakeholder involvement and engagement in Holochain’s development. This will take us a while to roll out, but you can expect more details in the next months. If your work depends on Holochain and you have feedback for what you would like to see from the Foundation going forward, please email me and Paul at feedback2024@holochain.org [Editor: we have changed this address since publication; please try this new address if you couldn't get through before].

Thanks for being with us as we grow up and into our next phase.

– Eric Harris-Braun

PS: We’ve been working on an update to the Holochain White Paper this year, and it’s finally published! It makes the claim for a practical Byzantine fault tolerant system for everyday use, as distinct from systems that are robust but costly in practice. It’s accompanied by another paper, Players of Ludos, which tells the story of how Holochain works through the activities of a group of nomadic board game players.

Cover photo by Anton Sobotyak on Unsplash


KuppingerCole

Jan 21, 2025: Navigating the End of SAP IDM: Future-Proofing Identity Security and Compliance

The impending end-of-life for SAP Identity Management (IDM) presents a critical juncture for organizations relying on this solution. As support winds down by 2027, with extended maintenance until 2030, businesses face urgent challenges in maintaining robust identity and access management frameworks. This transition period offers a unique opportunity to modernize and unify identity security and gove
The impending end-of-life for SAP Identity Management (IDM) presents a critical juncture for organizations relying on this solution. As support winds down by 2027, with extended maintenance until 2030, businesses face urgent challenges in maintaining robust identity and access management frameworks. This transition period offers a unique opportunity to modernize and unify identity security and governance strategies.

IDnow

Fraud in 2024: IDnow customers have their say.

We explore some of the challenges our customers have faced this year and how they plan to tackle fraud in 2025. By the end of this year, more than 70 billion identity verification checks will have been made. In a world of just 8 billion, these numbers appear absolutely staggering.   However, when you consider how […]
We explore some of the challenges our customers have faced this year and how they plan to tackle fraud in 2025.

By the end of this year, more than 70 billion identity verification checks will have been made. In a world of just 8 billion, these numbers appear absolutely staggering.  

However, when you consider how frequently people have their identity verified in this ‘always on, always connected’ world, the number is perhaps not as high as it would originally seem. 

Nowadays, people have their identity verified and reverified without giving it much thought, undergoing data and document checks and age verification to use most digital services. In the not-too distant past, if you wanted to open a bank account, rent a vehicle or use a particular service, you would invariably be required to visit a brick-and-mortar store, clutching at least two forms of paper identification. Even then, the process was unlikely to conclude on the same day, with prospective customers often needing to wait a further series of days until their identity could be verified and they could access said service.  

Nowadays, thanks to a range of automated and in-person identity verification services, this can be done in a matter of minutes, affording unrivalled convenience that many would have thought impossible just a decade ago. Striking a balance between offering an identity verification process that is secure for the business but convenient for the customer is essential. Without it, the business runs the risk of fraud attacks, which can impact its reputation and bottom line and ultimately lead to customer abandonment. 

To discover the challenges that our customers have been facing in 2024 and what next year may look like, we conducted the inaugural IDnow Customer Survey 2024, featuring a number of clients across the UK, France and Germany. Respondents held a variety of positions from Product Managers to Head of Compliance.

Top 3 identity verification challenges in 2024. Increasing operational efficiencies and cutting costs (53%). 
  Keeping conversion rates high (47%). 
  Managing the volume and wide range of different types of fraud attacks / Keeping up with technological developments in fraud and identity verification (both 41%). How our customers tackled fraud in 2024.

The costs of a business falling victim to fraud go way beyond financial. Yes, fraud impacts the bottom line, but it can also have a disastrous effect on company reputation and lead to customers losing trust in the brand.    

To safeguard against this and prevent fraud, six out of 10 of our customers said they had conducted training sessions to enable staff to better identify internal and external fraud risks, while 53% said they had invested in new fraud prevention technologies. Just over a third (35%) said they had deployed multi-layered identity verification procedures, including data, biometric and database checks, such as for PEPs and Sanctions.

UK Fraud Awareness Report 2024 Learn more about the British public’s awareness of fraud and their attitudes toward fraud-prevention technology. Read now Preparing for fraud challenges in 2025.

When asked what the biggest fraud challenge for the year ahead was, an equal number of respondents (59%) cited reputational damage from fraud attacks and the financial cost of tackling and managing fraud. This was followed very closely by just over half (53%) who said they were concerned about how a lack of consumer awareness could lead to increased fraud risks.  

Regarding the types of fraud that customers were most concerned about, 24% of businesses seemed to be most worried about social engineering, such as phishing, while around the same number cited ID document forgery and manipulation. To a lesser extent, customers said that money mules and identity theft (both 18% each) were the primary fraud challenges in 2025. Interestingly, just 12% cited deepfake attacks (despite it becoming an increasingly commonplace method), while just 6% of respondents cited insider threats as the top fraud challenge for 2025. 

When asked how they planned to fight fraud in 2025, the majority of respondents ranked effective training and upskilling staff as the most important action to be taken, followed by access to AI technologies. Internal appointment of new people responsible for fraud fighting and risk mitigation was considered the least important action to take. 

Interestingly, while some businesses have already deployed multi-layered anti-fraud solutions this year, a large majority of businesses expect it to be very important (70%) and somewhat important (12%) going forward. Only 6% claimed that it was not important to them at all. 

At IDnow, we recognize the importance of keeping up to date with the latest developments and techniques in fraud and run regular training sessions and courses for our clients. 

To learn more about how our industry-leading fraud prevention technology can help you fight fraud to safeguard against fake IDs, synthetic identities, deepfakes, social engineering, money mules and more, check out our blog on the role of identity verification in the fight against fraud.

Or for more insights from industry insiders and thought leaders from the world of fraud and fraud prevention, check out one of our interviews from our Spotlight Interview series below.

Jinisha Bhatt, financial crime investigator Paul Stratton, ex-police officer and financial crime trainer Lloyd Emmerson, Director of Strategic Solutions at Cifas Or, discover all about the rise of social media fraud, and how one man almost lost a million euros to a pig butchering scam in our blog, ‘The rise of social media fraud: How one man almost lost it all.’

By

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn


KuppingerCole

Passwordless Authentication for Enterprises and Consumers: HID​

by Alejandro Leal The password is a remnant of an era before hacking and credential-based attacks became a widespread problem. Although the internet has changed significantly since the early days, passwords have only become longer and more complicated. In parallel, cybercriminals have targeted operating systems with increasing sophistication and frequency as computers have become more accessible w

by Alejandro Leal

The password is a remnant of an era before hacking and credential-based attacks became a widespread problem. Although the internet has changed significantly since the early days, passwords have only become longer and more complicated. In parallel, cybercriminals have targeted operating systems with increasing sophistication and frequency as computers have become more accessible worldwide. For years, IT professionals have discussed the idea of eliminating passwords because they can easily be compromised. In addition, passwords can be costly, time-consuming, and difficult to manage, often resulting in poor user experience. Furthermore, the fact that password reuse is a common practice among customers and employees, only exacerbates the problem. In the context of Customer Identity and Access Management (CIAM), passwordless authentication solutions should have features and capabilities to detect, prevent, and minimize fraudulent activities and unauthorized access within an organization. Effective fraud prevention measures are crucial for protecting both the financial and reputational assets of a business. Passwordless authentication solutions should also support a variety of consumer devices, including smartphones, tablets, laptops, and desktop computers, ensuring seamless access across different platforms and operating systems.

PingTalk

Verifiable Credentials in Decentralized Identity

Understanding API and automated credentials and how they related to decentralized identity 

It’s an exciting time in the world of digital identity. We’re witnessing the convergence of user identification, authentication, and authorization in the palm of our hand – through our biometrically secure mobile devices and digital wallets. As an identity provider taking part in this paradigm shift (commonly referred to as decentralized identity), understanding the types, configuration, and ecosystem of verifiable credentials is crucial. Let’s start with some definitions.

Thursday, 14. November 2024

KuppingerCole

Understanding the Impact of AI on Securing Privileged Identities

Understanding the impact of AI on securing privileged identities has become a critical concern in today's rapidly evolving cybersecurity landscape. As artificial intelligence continues to advance, it presents both opportunities and challenges for organizations striving to protect their most sensitive access points. The rise of AI-powered threats has significantly altered the traditional identity a

Understanding the impact of AI on securing privileged identities has become a critical concern in today's rapidly evolving cybersecurity landscape. As artificial intelligence continues to advance, it presents both opportunities and challenges for organizations striving to protect their most sensitive access points. The rise of AI-powered threats has significantly altered the traditional identity attack chain, requiring a fundamental shift in how we approach privileged identity security.

To combat these emerging threats, organizations must leverage cutting-edge technologies and adopt innovative strategies. By implementing AI-driven security solutions, companies can enhance their ability to detect and respond to sophisticated attacks targeting privileged identities. These advanced systems can analyze vast amounts of data in real-time, identifying anomalous behavior and potential security breaches before they escalate. Additionally, machine learning algorithms can continuously adapt and improve security measures, staying one step ahead of evolving AI-powered threats.

Martin Kuppinger, Principal Analyst at KuppingerCole, will provide expert insights into the changing landscape of privileged identity security in the age of AI. He will discuss the latest trends in AI-driven threats, their impact on the identity attack chain, and offer strategic recommendations for organizations to strengthen their security posture. Martin will also explore the potential of AI as a defensive tool and how it can be leveraged to enhance privileged access management.

Morey J. Haber, Chief Security Advisor at BeyondTrust will share practical experiences and best practices for safeguarding privileged identities against AI-powered threats. He will present three key tips that organizations can implement to protect themselves from emerging AI-driven attacks. Morey will also discuss real-world case studies demonstrating successful strategies for integrating AI into existing security frameworks to bolster privileged identity protection.




TBD on Dev.to

What is Web5?

Web 5 is a decentralized platform that provides a new identity layer for the web to enable decentralized apps and protocols. In the current web model, users do not own their data or identity. They are given accounts by companies and their data is held captive in app silos. To create a new class of decentralized apps and protocols that put individuals at the center, we must empower them wit

Web 5 is a decentralized platform that provides a new identity layer for the web to enable decentralized apps and protocols.

In the current web model, users do not own their data or identity. They are given accounts by companies and their data is held captive in app silos. To create a new class of decentralized apps and protocols that put individuals at the center, we must empower them with self-owned identity and restore control over their data.

Components of Web 5

There are three main pillars of the decentralized web platform, all of which are based on open standards.

Decentralized Identifiers

The identifiers we know and use today are owned by the government, a company, an organization, or some other intermediary. For example, our email addresses and social media handles are identifiers associated with us but are owned and controlled by the service providers. These companies have the right to ban, disable, or delete these identifiers and we have little to no control over this.

So before we can realize truly decentralized applications, we need decentralized identifiers that users own and control. This removes the dependency on centralized entities to authenticate and represent us.

​​Decentralized Identifiers (DIDs) are a W3C standard. They have a standardized structure that essentially links to you and your information.

They are a long string of text that consists of three parts:

the URI scheme identifier, which is did the identifier for a DID method the DID method-specific identifier

DIDs are the only component of Web5 that touch a blockchain, which is generally limited to anchoring the keys/endpoints linked to the ID.

That being said, anchoring DIDs on Bitcoin (or any blockchain) is not a requirement. In fact, what's great about having the standardized formatting for DIDs is that they can be anchored anywhere or not anchored at all and this still works, although with varying levels of decentralization.

Here are examples of DIDs on the Bitcoin blockchain, the Ethereum blockchain, and the web. Notice they all use the same format: scheme, DID method, and DID method-specific identifier.

did:btcr:xyv2-xzpq-q9wa-p7t did:ens:some.eth did:web:example.com

Because personal data is not stored on the blockchain, the DID essentially acts as a URI that associates the subject of the DID (the person, company, or object being identified) with a DID document that lives off-chain.

DID Documents are JSON files stored in decentralized storage systems such as IPFS, and describe how to interact with the DID subject. The DID Document contains things like the DID subject's public keys, authentication and verification methods, and service endpoints that reference the locations of the subject’s data.

{ "@context": "https://www.w3.org/ns/did/v1", "id": "did:ion:EiClkZMDxPKqC9c-umQfTkR8", "verificationMethod": [ { "id": "did:ion:EiClkZMDxPKqC9c-umQfTkR8", "type": "Secp256k1VerificationKey2018", "controller": "did:ion:EiClkZMDxPKqC9c-umQfTkR8" } ], "authentication": ["did:ion:EiClkZMDxPKqC9c-umQfTkR8"] } Verifiable Credentials

Verifiable Credentials are a fully ratified W3C standard that work hand in hand with Decentralized Identifiers to enable trustless interactions - meaning two parties do not need to trust one another to engage, but claims made about a DID subject can be verified.

For example, Alice needs to prove she has a bank account at Acme Bank. Acme Bank issues a cryptographically signed Verifiable Credential which would be stored in Alice's identity wallet.

The credential contains the issuer as Acme and the subject as Alice, as well as the claims, which are Alice's account number and full name.

Upon request for proof of banking, Alice presents the Verifiable Credential that's cryptographically signed by both Alice as well as her bank.

This is an easy, machine-readable way to share credentials across the web. The Verifier does not know or trust Alice, but they do consider Acme trustworthy, and they have essentially vouched for Alice therefore distributing trust.

Decentralized Web Nodes

Today, centralized entities act as our data stores. Applications hold all of our content and preferences on their servers.

Decentralized Web Nodes (DWNs) change this by allowing us to decouple our data from the applications that we use, and instead host our data ourselves in our own personal data stores.

BlueSky is a good example; it's a decentralized social media app. With BlueSky, your tweets and your connections aren't stored with the application. They are stored with you. So you can present your content on any decentralized social media app you want, not just BlueSky.

Your DWNs can hold both public and encrypted data. For example, in the case of a decentralized social media app, you'd want data like your posts and your connections to be public but things like your DMs to be private.

Your decentralized web nodes do not live on the blockchain. You can host your web nodes anywhere (your phone, computer, etc) and can replicate them across your devices and clouds and all data will be synced.

While self-hosting your DWNs provides a means for decentralizing your data, we recognize some users will be more comfortable with others hosting their web nodes for convenience sake. We envision there will be vendors offering to host your web nodes for you. The good part about that is you can encrypt any private data so unlike today where cloud hosts can scan everything that you host there, you can still maintain some privacy even if you have your web nodes hosted by intermediaries.

Your DWNs are associated with your Decentralized Identifiers and are listed in a DID document.

Notice the serviceEndpoint section of the DID doc specifies service endpoints and provides URIs to the decentralized web nodes.

{ "@context": "https://www.w3.org/ns/did/v1", "id": "did:web:example.com:u:alice", "service": [ { "id": "#dwn", "type": "DecentralizedWebNode", "serviceEndpoint": { "nodes": ["https://dwn.example.com", "00:11:22:33:FF:EE"] } } ], "verificationMethod": [ { "id": "did:web:example.com:u:alice", "type": "Secp256k1VerificationKey2018", "controller": "did:web:example.com:u:alice" } ], "authentication": ["did:web:example.com:u:alice"] }

Given an application has the address to your DWN, they can send you a request for data.

This represents a request from an application to obtain all objects within a DWN that follow the SocialMediaPosting schema:

POST https://dwn.example.com/ BODY { "requestId": "c5784162-84af-4aab-aff5-f1f8438dfc3d", "target": "did:example:123", "messages": [ { "descriptor": { "method": "CollectionsQuery", "schema": "https://schema.org/SocialMediaPosting" } }, {...} ] }

The data within DWNs are JSON objects that follow a universal standard, thus making it possible for any application to discover and process the data given its semantic type.

If this data is public, those objects will be automatically returned to the application, and if the data is private, the node owner would need to grant the application access to that data.

Identity Wallets

Obviously all of this is pretty complicated, especially for non-technical users. So we need a simplistic, easy to use interface that will allow people to access and manage their identity.

A well designed identity wallet would provide ways to manage the data stored in decentralized web nodes, the decentralized IDs and the context in which they should be used, verifiable credentials, and authorizations.

Decentralized Web Apps

Web 5 enables developers to build decentralized web applications (DWAs) on top of it and it’s all open source! You're free to use it as your foundation and focus your attention on what you really care about, your app. Web5 brings to DWAs what cloud and application servers bring to enterprise apps. It does the hard part. It brings decentralization. By building your apps on top of Web 5, you get decentralization and identity and data management as part of the platform.

This is definitely a fundamental change in how we exchange data, but it's not a total overhaul of the web we already know. This works like Progressive Web Apps, but you'd add the decentralized web node SDK and then applications are free to really go serverless because the data isn't stored with them.

The sky's the limit to what you can build on top of this platform, but here are some cool basic examples.

Music Applications

No one likes recreating their music playlists over and over again for different apps. With Web 5, you wouldn't have to do that.

In this example, Groove has access to write to Alice's decentralized web node and adds a new entry.

Tidal has access to read from Alice's DWN, so can read the new entry that was added by Groove, and now Alice has her playlist readily available on both apps.

With the continuous utilization of the data across apps, not only do Groove and Tidal get access to Alice's data, but they use it to improve her user experience, thus creating a stronger experience than Alice could have ever gotten had she not used this tech.

Travel Applications

Your travel preferences, tickets, and reservations are scattered across so many different hotels, airlines, rental car agencies and travel apps, making it really difficult to coordinate. Heaven forbid there's any hiccup in the system such as a delayed flight. You end up trying to get in touch with the car rental place to let them know you'll be late for your reservation, and if it's really late, you'd want to call the hotel to ask them not to give away your room. All while you're hustling and bustling at the airport.

Web 5 can help unify these various app experiences.

If Alice gives the hotel, the airline, and the rental car agency access to the Reservation and Trip objects in her DWN, they can react and adjust accordingly to any changes made.

These are just a few applications that can be realized by building on top of Web 5. There's so many more possibilities once the web is truly decentralized the way it was always intended to be.


California DMV Hackathon Win: Privacy-Preserving Age Verification

At the recent California DMV Hackathon, the Block team, represented by members from Square and TBD, won the Best Privacy & Security Design award for building a prototype of an instant age verification system. This solution utilizes mobile drivers’ licenses (mDLs) to provide secure, privacy-centric transactions for age-restricted purchases with Square’s Point of Sale (POS) system. In this po

At the recent California DMV Hackathon, the Block team, represented by members from Square and TBD, won the Best Privacy & Security Design award for building a prototype of an instant age verification system. This solution utilizes mobile drivers’ licenses (mDLs) to provide secure, privacy-centric transactions for age-restricted purchases with Square’s Point of Sale (POS) system.

In this post, we’ll explore the core technical components behind our solution, which centered on using TruAge technology to enable seamless, secure age verification.

How TruAge QR Code Verification Works

At the heart of our prototype is the ability to scan and verify a TruAge Age Token QR code. These QR codes contain a verifiable credential (VC) that confirms a person’s legal age without exposing unnecessary personal information. Here’s a breakdown of how we approached verifying these credentials in our solution.

Decoding the QR Code Payload

The first step in the verification process was reading the QR code provided by the customer. TruAge QR codes follow a standard format which encodes the verifiable presentation (VP) in a compact CBOR format.

Our team implemented a scanner using our open source web5-swift SDK that reads the QR code and decodes the CBOR-encoded payload. This CBOR format is efficient, allowing the verifiable presentation to be transmitted and processed quickly, minimizing any delays at the point of sale.

Converting CBOR to JSON

Once we decoded the CBOR data, the next step was to parse it into a JSON-based verifiable presentation using the W3C Verifiable Credentials (VC) Data Model v1.1. This model is critical to ensuring interoperability across different platforms and services, as it standardizes how credentials are represented and exchanged in a decentralized manner.

Validating the Issuer’s DID

After converting the data into a verifiable format, we needed to validate the digital signature on the credential. We retrieved the issuer’s Decentralized Identifier (DID) from the TruAge server, which provided us access to a sandbox environment containing their list of authorized DIDs.

Using DIDs, we were able to validate the cryptographic signature to ensure that the credential was issued by a trusted TruAge provider. This validation step is critical for ensuring that the credential has not been tampered with and is issued by a legitimate authority.

Credential Content Verification

Once the issuer’s signature was validated, the next step was to check the contents of the verifiable credential itself. In this case, we looked for proof that the individual was over 21 and verified that the credential had not expired.

This lightweight verification process ensures that businesses can quickly and easily confirm a customer’s legal age, while protecting their privacy by not exposing sensitive information like birthdates or addresses.

Building the Integration: Web5 and TruAge Libraries

To bring this solution to life, we used a few key technologies:

iOS: Our team developed the iOS implementation using the web5-swift library, which allowed us to efficiently handle the scanning, decoding, and parsing of the TruAge QR codes on Apple devices.

Android: For Android, we modified the TruAge library provided by Digital Bazaar to make it compatible with our solution. This involved adapting the library for seamless integration with our QR code parsing and validation logic.

Privacy and Security at the Forefront

Our approach ensures that personal information is protected at every stage of the transaction. By focusing solely on verifying the specific data point needed (in this case, whether someone is over 21), we avoid collecting or storing any unnecessary information. This is a win for both businesses and consumers, as it minimizes risk while maintaining a smooth user experience.

By integrating this technology into Square’s Retail POS system, we not only enhanced security but also brought innovative, privacy-preserving solutions to small businesses that need to comply with age verification laws. This prototype has the potential to extend to many other use cases, from secure employee onboarding to identity verification for suppliers and customers.


KuppingerCole

Privileged Access Management (PAM)

by Paul Fisher PAM is crucial for securing privileged access to critical resources, reducing the risk of breaches and insider threats. The market has seen rapid growth with the rise of cloud adoption, digital transformation, and the proliferation of identities across various platforms. Both established vendors and newer entrants are vying for market share, with some focusing on comprehensive ident

by Paul Fisher

PAM is crucial for securing privileged access to critical resources, reducing the risk of breaches and insider threats. The market has seen rapid growth with the rise of cloud adoption, digital transformation, and the proliferation of identities across various platforms. Both established vendors and newer entrants are vying for market share, with some focusing on comprehensive identity security platforms and others offering specialized point privileged access solutions.

Ocean Protocol

DF115 Completes and DF116 Launches

Predictoor DF115 rewards available. DF116 runs Nov 14— Nov 21th, 2024 1. Overview Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor. Data Farming Round 115 (DF115) has completed. DF116 is live today, Nov 14. It concludes on November 21st. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE&nb
Predictoor DF115 rewards available. DF116 runs Nov 14— Nov 21th, 2024 1. Overview

Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor.

Data Farming Round 115 (DF115) has completed.

DF116 is live today, Nov 14. It concludes on November 21st. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF115 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF116

Budget. Predictoor DF: 37.5K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and Predictoor

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF115 Completes and DF116 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.

Wednesday, 13. November 2024

KuppingerCole

Cloud Backup for AI Enabled Cyber Resilience

Organizations and society have become dependent upon digital services which has increased the business impact of cyber threats and hence the need for cyber resilience. Organizations need to take steps beyond preventing cyber-threats from impacting their digital infrastructure – they must also be able to respond to and recover when incidents occur.  Data backup solutions are an essential eleme

Organizations and society have become dependent upon digital services which has increased the business impact of cyber threats and hence the need for cyber resilience. Organizations need to take steps beyond preventing cyber-threats from impacting their digital infrastructure – they must also be able to respond to and recover when incidents occur.  Data backup solutions are an essential element of every organization’s cyber resilience plan.

In the webinar, Mike Small, Senior Analyst at KuppingerCole Analysts, will look at the status and future of Data Backup, on what organization should consider when defining their own approach cyber resilience, and what the vendor landscape looks like. He will discuss different requirements for Data Backup and solutions in the market meet these.




auth0

Demystifying Multi-Tenancy in a B2B SaaS Application

Why a Multi-Tenant approach is fundamental to B2B SaaS, and how using Auth0 and the Auth0 Organizations feature can help implement it.
Why a Multi-Tenant approach is fundamental to B2B SaaS, and how using Auth0 and the Auth0 Organizations feature can help implement it.

Indicio

Verifiable credentials mature with product launches, implementations

Biometric Update The post Verifiable credentials mature with product launches, implementations appeared first on Indicio.

KILT

KILT Community Update: End of Delegator Staking Rewards

The community has just voted to end KILT Delegator rewards now rather than later — marking a strategic move from incentives toward sustainable growth.The delegator rewards were originally planned to last two years after Golive, but the community extended them for another year. Now, the community has decided to end this additional phase ahead of schedule, signaling a shift in priorities: lower infl

The community has just voted to end KILT Delegator rewards now rather than later — marking a strategic move from incentives toward sustainable growth.The delegator rewards were originally planned to last two years after Golive, but the community extended them for another year. Now, the community has decided to end this additional phase ahead of schedule, signaling a shift in priorities: lower inflation over higher rewards.

What’s Changed?

Delegator Rewards Ended: Effective immediately, Delegator rewards are set to 0%, lowering inflation significantly. However, Delegators can continue staking and play a role in KILT’s governance.

Collator Rewards Remain: Collators keep the KILT network operational, and their rewards will continue to support network reliability.

Why the Change?

Delegator rewards were initially intended to incentivize participation and stake on the most reliable collators, but they were intended to eventually phase out. It was a critical step in KILT’s growth, and the role delegators have played has been invaluable in maintaining the reliability of the KILT network. Now, with a strong foundation in place, the community is ready to move forward by reducing inflation and focusing on KILT’s expanding utility.

With bonding curves, KILT is entering a new era of utility, making the delegator reward incentives no longer necessary.

What’s Next?

The KILT community’s decision showcases the power of decentralized governance in action, bringing about meaningful change that serves both current and future participants. Your input continues to be crucial as KILT rolls out new features and community-driven initiatives.

Gratitude to the KILT Community

A heartfelt thank you to all KILT Delegators, Collators, and community members for your unwavering support, valuable input, and dedication. Together, we’re crafting a stronger and more sustainable future for KILT. We invite you to join us in this exciting new phase as we continue to innovate, collaborate, and grow — powered by the community, for the community.

For more information on the proposal and to join the conversation, please visit: KILT Governance Proposal: https://kilt.polkassembly.network/referendum/45?tab=onChainInfo

About KILT Protocol

KILT is an identity blockchain for generating decentralized identifiers (DIDs) and verifiable credentials, enabling secure, practical identity solutions for enterprises and consumers. KILT brings the traditional process of trust in real-world credentials (passport, driver’s license) to the digital world while keeping data private and in possession of its owner.

KILT Community Update: End of Delegator Staking Rewards was originally published in kilt-protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


Lockstep

Australians becoming familiar with verifiable credentials

The Reserve Bank of Australia (RBA) recently released the 2024 Payments System Board Annual Report. It shows that Australian consumers are rapidly becoming familiar with verifiable credentials in the form of smart phone digital wallets. “The RBA continued to monitor the growth in mobile wallet card transactions… Payments using mobile wallets reached 39 per cent... The post Australians becoming f

The Reserve Bank of Australia (RBA) recently released the 2024 Payments System Board Annual Report. It shows that Australian consumers are rapidly becoming familiar with verifiable credentials in the form of smart phone digital wallets.

“The RBA continued to monitor the growth in mobile wallet card transactions… Payments using mobile wallets reached 39 per cent of card transactions in the June quarter 2024”.  Graph 2.1 from the report is reproduced above.

Whether it’s tap-to-pay at a merchant terminal or click-to-pay in a mobile app, most consumers are becoming comfortable with this digital experience. Thus, they are ready to click-to-present any important IDs in exactly the same way.

Consumers should be able to prove any important facts about themselves with the same security, speed and ease of use as they present their payment cards. So as Lockstep submitted in our submission on Australia’s 2030 cybersecurity strategy, the single most impactful thing that governments could do to make citizens safe online is simply give them the option of carrying their driver licences, Medicare cards, health IDs and social security numbers in standard digital wallets.

The post Australians becoming familiar with verifiable credentials appeared first on Lockstep.


KuppingerCole

Analyst's View: Identity and Access Governance

by Nitish Deshpande Identity and Access Governance concerns the access mechanisms and their relationships across IT systems. It is instrumental in monitoring and mitigating access-related risks. These risks most commonly include information theft and identity fraud through unauthorized changes and/or subversion of IT systems to facilitate illegal actions. Over recent years, security incidents have

by Nitish Deshpande

Identity and Access Governance concerns the access mechanisms and their relationships across IT systems. It is instrumental in monitoring and mitigating access-related risks. These risks most commonly include information theft and identity fraud through unauthorized changes and/or subversion of IT systems to facilitate illegal actions. Over recent years, security incidents have originated from poorly managed identities and proved the need to address these issues across all industry verticals.

Tuesday, 12. November 2024

KuppingerCole

Building Application Resilience Amidst Regulatory Shifts

In today’s fast-changing regulatory landscape, businesses must not only meet compliance standards but also ensure their applications are resilient against cyber threats. As regulations tighten and the risk environment evolves, organizations face growing pressure to safeguard their applications while staying compliant. The need to balance security with legal requirements has never been more critica

In today’s fast-changing regulatory landscape, businesses must not only meet compliance standards but also ensure their applications are resilient against cyber threats. As regulations tighten and the risk environment evolves, organizations face growing pressure to safeguard their applications while staying compliant. The need to balance security with legal requirements has never been more critical for IT professionals.

Modern technology plays a pivotal role in addressing these challenges. From AI-driven threat detection to advanced encryption techniques, innovative solutions can enhance both security and compliance. By leveraging these tools, businesses can create resilient applications that not only meet regulatory demands but also protect critical data from emerging threats.

Osman Celik, Research Analyst at KuppingerCole, will discuss the evolving regulatory compliance landscape, particularly focusing on the finance and public sectors. He will provide insights into recent developments in PCI-DSS, the EU AI Act, and other critical frameworks. Additionally, Osman will explore industry-specific best practices to help IT professionals navigate this complex environment.

Prakash Sinha, Senior Director & Technology Evangelist at Radware, will highlight actionable strategies to build resilience into your applications. He will discuss the practical implementation of advanced security measures, share case studies of successful organizations, and outline key steps to fortify applications against the growing landscape of cyber threats—all while maintaining compliance with regulatory standards.




Anonym

Can an Existing Digital Identity Wallet Leverage a Hardware Security Module to Meet New EU Standards?

Anonyome Labs will co-present a paper with Australia’s Queensland University of Technology (QUT) at the 8th Symposium on Distributed Ledger Technology in Brisbane, Australia from November 28–29, 2024. The paper, by Dr Paul Ashley, Ellen Schofield and George Mulhearn from Anonyome Labs, and Dr Gowri Ramachandran from QUT, considers how new European standards for the […] The post Can an Existing D

Anonyome Labs will co-present a paper with Australia’s Queensland University of Technology (QUT) at the 8th Symposium on Distributed Ledger Technology in Brisbane, Australia from November 28–29, 2024.

The paper, by Dr Paul Ashley, Ellen Schofield and George Mulhearn from Anonyome Labs, and Dr Gowri Ramachandran from QUT, considers how new European standards for the EU Digital Identity Wallet mandate support for a hardware security module (HSM) which can perform important cryptographic operations for very strong security and privacy protection for a user.

The paper outlines how an existing digital identity wallet can be enhanced to leverage an HSM, examining both inbuilt and external implementations, and presents a compatible matrix by analyzing the existing credential standards and different HSM cryptographic capabilities.

Watch this short video about the new European digital identity wallet.

The paper concludes that supporting the EU DI Wallet technical Architecture and Reference Framework (ARF)—common standards and technical specifications and common guidelines and best practices for a Digital Identity Framework—is feasible and practical for mobile digital identity wallet applications, but tradeoffs will occur in algorithmic compatibility, user experience, and performance.

We will publish the full paper after the symposium.

Anonyome Labs is a sponsor of the 8th Symposium on Distributed Ledger Technology. See the symposium program for more information.

Distributed ledger technology is an emerging technology, which provides the way to store and manage information in a distributed fashion. It enables the creation of decentralized crypto-currencies, smart contracts, eGovernance, supply chain management, eVoting and so on, over a network of computer systems without any human intervention.

Unprecedented reliability and security over other cryptographic schemes has expanded the application domains of blockchain including financial services, real estate, stock exchange, identity management, supply chain, and Internet of Things.

The symposium is a forum for researchers, business leaders and policy makers in this area to carefully analyze current systems or propose new solutions creating a scientific background for a solid development of innovative distributed ledger technology applications.


Explore Anonyome Labs’ digital identity wallet and reusable credentials solutions.

You might also like:

Aries VCX: Another Proof Point for Anonyome’s Commitment to Decentralized Identity  6 Facts About Digital Identities from One of the World’s Most-Streamed Cybersecurity Podcasts Gartner Confirms Anonyome Labs’ Solutions Offer Competitive Edge

The post Can an Existing Digital Identity Wallet Leverage a Hardware Security Module to Meet New EU Standards? appeared first on Anonyome Labs.


Indicio

Introducing Indicio Proven Digital Farming — a data management solution that frees farmers to do what they do best, farm

The post Introducing Indicio Proven Digital Farming — a data management solution that frees farmers to do what they do best, farm appeared first on Indicio.
A powerful, portable, privacy-preserving way to share and reuse authenticated data using Verifiable Credentials that saves farmers time, money, and tedium, while connecting stakeholders and unlocking value across the agriculture sector

SEATTLE, Nov. 6, 2024: With the launch of Indicio Proven® Digital Farming, authenticated data can now be shared instantly and reused endlessly across the agriculture value chain — suppliers, government agencies, financial services, and vendors —all while maintaining the farmer’s ownership of their data. 

Farming is data-intensive work, with multiple data sources, and regulatory, and market requirements. Each hour spent on data management takes farmers away from farming — with a measurable economic cost. To meet the challenges of data management in agriculture, Indicio developed a flexible and scalable ecosystem solution using Verifiable Credentials and decentralized identity. 

With a Verifiable Credential, a farmer can hold and manage authoritative, certified farm data from their phone and share it seamlessly with other stakeholders in the agricultural value chain all while maintaining data privacy and protection.

It’s an easy-to-implement solution that ensures farmers fully own their data. It eliminates the need for this data to be stored by third parties in order to be authenticated. Thanks to cryptography, the data shared from a credential cannot be tampered with — and the credential origin is always known. 

This means that data can be reused over and over again with the absolute certainty that those who need to see it can verify it as authentic. It gives farmers the power to be their own data platforms, while radically simplifying their data management burden. 

Benefits Farms and farmers hold and own their own data — not third parties. Capture authenticated data once in tamper-proof records that can be shared from a phone.  Consent to share data is built into privacy-by-design tech. Connect stakeholders across the agricultural value chain through seamless data sharing and authentication Simplify regulatory compliance Accelerate access to international markets Proven, award-winning success in New Zealand  Award winning

Indicio’s Digital Farming solution was first developed for Trust Alliance New Zealand (TANZ) , a nonprofit farming consortium. 

“Being able to quickly share data about their goods or emissions to these key relying parties provided a huge benefit to the farmers, saving them time, creating better connections between them and their customers, and reducing the amount of effort they have to spend filling out the same forms multiple times,” said Sharon Lyon-Mabbet Project Manager at TANZ. 

TANZ’s implementation has won a prestigious Constellation Research SuperNova Award for Digital Safety, Governance, Privacy, and Cybersecurity. This is the second time an Indicio customer has won a Constellation Award.

Learn more about the project here.

A simple solution to an annoying and costly problem

“Verifiable Credentials are the perfect data management tool for a sector that relies on connecting multiple data sources with multiple parties for multiple purposes,” said Heather Dahl, CEO of Indicio. “Farmers don’t want to spend hours and hours on data management, sending the same information to multiple agencies, suppliers, and vendors. And now they don’t have to. With Indicio Proven Digital Farming, we have a capture once, reuse often technology that gives farmers full control and ownership over their data. It’s a way to turn data from being an obstacle to being an opportunity to unlock value, because now it’s easy to share authenticated data in a frictionless way with those who need to use it.”

The farmer as their own digital platform

Decentralized identity and Verifiable Credentials allow farmers to hold and share all kinds of tamper-proof data that can be instantly authenticated by relying parties:

Farm borders Farm ownership Methane emissions Fertilizer application (soil nitrogen levels) Pesticide & herbicide usage Nutrient run-off Water management Implementation of food safety practices Records for contaminant testing Traceability information

Verifying software is simple to use and can be downloaded to a mobile device for instant in-the-field authentication.

What you get with Indicio Proven Digital Farming

We provide a complete solution that contains everything needed to get an entire data sharing ecosystem up and running fast, including digital wallet, mobile SDK, issuing, holding, and verifying software, hosting, support, constant updates, and even certified training. We can handle any customization for specialized use cases, and all our technology is built to meet current and emerging global decentralized identity standards, so you can be confident that your solution will work anywhere.

Indicio is the market-leader in decentralized identity and Verifiable Credential technology and has developed “government grade” digital identity and data sharing solutions for airlines, borders, banking and finance, health, and supply chains. 

Learn more about the solution at https://indicio.tech/digital-farming/, or contact our team to discuss ideas you have for a specifc project.

####

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post Introducing Indicio Proven Digital Farming — a data management solution that frees farmers to do what they do best, farm appeared first on Indicio.


Spruce Systems

Why We Build Digital Infrastructure in Rust

Memory-safe programming offers a safer, more secure future.

If you’re alive in 2024, you’re probably used to hearing a lot about cybercrime. Large hacks, such as thefts of customers’ personal information, seem nearly constant – and they’re only projected to accelerate in coming years.

Recent advances in software development tools, however, offer hope. In February, the White House Office of the National Cyber Director issued a memo encouraging the wider adoption of what are known as “memory-safe” programming languages. That shift could mitigate up to 70% of hacks, preventing attacks that are currently causing a shockingly large amount of economic damage.

SpruceID has been an early adopter of memory-safe programming since its founding in 2020 as part of our commitment to high standards of security. Just about all of our tools are built using the memory-safe language Rust. Read on to find out more about memory-safe programming, Rust – and why all software builders should be taking similar steps into a more secure future.

Death By a Thousand Memory Leaks

Hacks based on flawed memory management are a large part of the massive economic and social harm caused by hacking – what the Council on Foreign Relations has described as a “death by a thousand cuts.”  USAID estimated $8 trillion in economic damage from cybercrime worldwide in 2023. One analysis estimated that cyberattacks will cost the U.S. economy alone more than $350 billion this year. That’s more than 20 times what the U.S. federal government spends on feeding school kids.

Poor memory management is a common weakness in older but still widely-used programming languages like C and C++, and according to research by Google, memory is the root cause of roughly 70% of all system-level hacks. Very broadly, a program can be exploited when it loses track of a chunk of the short-term memory (RAM) that programs run on. Attackers can use uncontrolled or badly indexed memory to alter the intended behavior of a program. Spectre and Meltdown vulnerabilities, which exploit memory to inject malicious code, are still a threat years after their discovery.

Wider use of memory-safe programming languages is a system-wide way to address the ceaseless torrent of hacks. The White House notice (summarized here by Security Intelligence) follows a 2022 bulletin by the National Security Agency also encouraging the move towards memory-safe programming languages. It’s unusual for agencies like the NSA to issue specific software development advice, making this guidance particularly notable. 

The unusual push is justified because memory-safe programming presents the possibility of what might sound like a fantasy: dramatically reducing the prevalence of destructive hacks by attacking one of their root causes.

The Language of Choice for Secure and Reliable Solutions

SpruceID is committed to staying at the forefront of security standards. Our tools handle highly sensitive data and are trusted to verify its validity, often in high-security settings. With security as a top priority, we carefully design, develop, and deploy our solutions to meet these demands. That's why we build our secure applications in Rust, a programming language known for its memory safety and robustness. Its adoption by leading organizations highlights its suitability for building resilient, high-security systems, and we are glad to be part of this movement.

Rust is becoming increasingly recognized for its excellent design and is by far the most widely used memory-safe programming language. It has been integrated into critical components of Google, Linux, Windows, and Nvidia products. The February White House report can’t be seen as picking favorites, so it’s not explicit, but reading between the lines, it’s fairly clear that Rust is meant to be front and center for those mulling a path toward improved memory safety.

One of the more remarkable advantages of Rust, as Google reports, is that building new components with Rust provides security advantages even without re-writing or heavily modifying legacy codebases. That makes the transition far more efficient: Google began pushing Android development to memory-safe languages in 2019, and memory vulnerabilities have declined from more than 70% to just 24% of Android vulnerabilities in the years since - without overhauling existing code.

In November of last year, Microsoft announced that it was investing $10 million in improving developer tooling for Rust and integrating Rust into Windows and Azure environments. Microsoft also made a large contribution to the Rust Foundation, where SpruceID is also a member, and Microsoft engineers have said the Rust is mature enough to integrate into core components such as the OS kernel. Linux, the operating system that runs many industrial server systems, is also actively integrating Rust into its core architecture, shifting away from what devs consider “inherent weaknesses” in older languages.

While security is the headline, Rust does bring many other benefits. It leads to better performance in many circumstances, even in comparison to other modern languages like Go. Programmers also broadly consider it a pleasure to use: Rust is far and away the most “loved” programming language, according to a survey by Stack Overflow. Programmer Gregory Szorc has explained the appeal by describing Rust as a perfect mix of innovative ideas and user-friendliness. So an added benefit of Rust, and one we’ve definitely experienced at SpruceID, is that it makes it easier to attract and keep top coding talent.

One Important Piece of the Security Puzzle

While memory-safe programming languages like Rust are essential in reducing vulnerabilities, they’re only one component of a robust security program. At SpruceID, we recognize that creating secure systems goes beyond selecting a single language - it’s about designing, testing, and maintaining a multi-layered strategy for every stage of development and deployment.

Rust helps us uphold these high standards, but it’s integrated into a wider approach that includes rigorous protocols, continuous monitoring, and regular updates. Each of these components reinforces the security, reliability, and privacy that our users expect.

Rust is The Future

At SpruceID, we’re focused on building better identity systems, which are poised to become a more secure and more private system for managing our digital lives. Building on a secure foundation, and aiding the broader transition to memory-safe programming, is a natural extension of  SpruceID’s core mission.

This isn’t just about strong principles and good vibes, though - these recent government directives on memory safety are a strong signal that it’s the right strategic move, too. The White House sets guidelines for Federal contractors and procurement, so memory safety could become a requirement for those applications. Builders interested in working with the government should all be considering transitioning to memory-safe tools, and Rust is clearly at the top of that list.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.


Indicio

SITA, Idemia partner to build digital identity ecosystem for travel

PhocusWire The post SITA, Idemia partner to build digital identity ecosystem for travel appeared first on Indicio.

liminal (was OWI)

Market & Buyer’s Guide for Age Assurance 2024

The post Market & Buyer’s Guide for Age Assurance 2024 appeared first on Liminal.co.

Elliptic

Crypto regulatory affairs: Following the US elections, the industry anticipates regulatory clarity and move to pro-crypto stance

A sweep of the Presidency, Sentate, and House of Representatives by the Republican Party on the November 5 US elections has the US crypto industry confident that regulatory clarity is on the way, and that a period of aggressive regulatory enforcement will be ending.

A sweep of the Presidency, Sentate, and House of Representatives by the Republican Party on the November 5 US elections has the US crypto industry confident that regulatory clarity is on the way, and that a period of aggressive regulatory enforcement will be ending.


Datarella

Supply Chain Tracking in Action

This article is the fifth in a series of posts about how our probabilistic 360° supply chain tracking product, Track & Trust, works. We described how the system works at […] The post Supply Chain Tracking in Action appeared first on DATARELLA.

This article is the fifth in a series of posts about how our probabilistic 360° supply chain tracking product, Track & Trust, works. We described how the system works at a component level in our previous articles. Now, we dive into the challenging environment where our pilot operations have been executed. We selected Lebanon, one of the most difficult operational locations in the world, for our first pilot shipments to really prove the mettle of the system.

Aid Pioneers – an Ideal Pilot Partner

We have been working with our humanitarian partner Aid Pioneers for many months to prepare for these shipments. Aid Pioneers connects available resources from donors directly to recipient organizations. Through close collaboration with on the ground initiatives and the private sector, Aid Pioneers connects resources from donors directly with local organizations to foster sustainable, community-led change. They do this in places that need them most, making them a highly innovative humanitarian agency. They take an end-to-end approach to the supply chain, which we believe suits Track & Trust perfectly. Aid Pioneers needs to extend tracking of supplies beyond what typical supply chain tracking products can accomplish. We are helping them achieve this.

Supply Chain Tracking Challenges

Aid Pioneers‘ logistics environment provides a perfect showcase for what Track & Trust can do. When Aid Pioneers ships a container full of medical supplies or solar power generation equipment to a Lebanese clinic or school, they hire a freight forwarder to pick up the goods. The freight forwarder then organizes the delivery to a local port via semi-truck. After that, a freight forwarder loads the container onto a ship. The ship travels to a port of entry in Lebanon, and we track its progress using a typical tracking link. However, once the container clears customs, we take over. We actively track it and pick up where traditional systems stop working.

At this point we encounter tricky conditions. Aid Pioneers local lebanese partner Al-Manhaj breaks down containers into multiple pallets or depalletizes them. They do this before final delivery. After that they deliver goods to one location while others go to other locations at different times. To keep track of what was delivered when, we use probabilistic 360° supply chain tracking. We also developed strategies to deal with power and connectivity outages.

Outwitting Outages

These outages always happen at the wrong time so it’s important that the system is able to handle them. We do this with built in backup batteries and a battery management system. On top of that, the communications landscape is very challenging.  Sometimes there’s 4G connectivity and at other times there’s outages. Our mesh nodes can operate no matter, though, by caching incoming data locally. The nodes just wait until the data can be posted or handed off to other mesh nodes. This approach multiplies the effectiveness of our communications assets.  On top of that, we positioned one of our satellite uplinks at a local school. As a result, every event is (at the minimum) recorded and transmitted asynchronously – even when conditions are at their worst.

These logistics challenges are not unique to Aid Pioneers’ operations. However, they are particularly pronounced in the places where they work. We believe that if our system works there and brings value to freight forwarders and humanitarian organizations, it will work anywhere. As a result of this testing we’re confident in the capabilities of Track & Trust.

In our next post we’ll describe exactly how the our pilot operations went – and what the big value drivers are.

<<Previous Post

Next Post>>

The post Supply Chain Tracking in Action appeared first on DATARELLA.


KuppingerCole

cidaas Auth Manager

by Alejandro Leal In today's digital landscape, it is critical for every organization to have an agile and modern Identity and Access Management (IAM) solution. By providing complete visibility into who accesses what, when and how, modern IAM platforms enable organizations to better manage and mitigate risk. cidaas offers an IAM platform that is based on a microservices architecture with a core se

by Alejandro Leal

In today's digital landscape, it is critical for every organization to have an agile and modern Identity and Access Management (IAM) solution. By providing complete visibility into who accesses what, when and how, modern IAM platforms enable organizations to better manage and mitigate risk. cidaas offers an IAM platform that is based on a microservices architecture with a core set of services designed to address both customer and employee requirements. This architecture facilitates rapid updates and scalability, while ensuring the integration of user management and authentication processes.

Dock

The DOCK token migration to CHEQ is now live!

As you already know, Dock and cheqd are merging their tokens and blockchains to form a powerful alliance in the decentralized identity space. This partnership unites the blockchain capabilities of two industry leaders to accelerate the global adoption of decentralized identity and verifiable credentials, providing individuals and organizations worldwide with

As you already know, Dock and cheqd are merging their tokens and blockchains to form a powerful alliance in the decentralized identity space.

This partnership unites the blockchain capabilities of two industry leaders to accelerate the global adoption of decentralized identity and verifiable credentials, providing individuals and organizations worldwide with secure, trusted digital identities.

As part of this evolution, the Dock network will migrate its functionality and all tokens to the cheqd blockchain. This transition will enable Dock to leverage cheqd’s advanced infrastructure, delivering even greater value to both ecosystems.

During the migration, existing $DOCK tokens will be swapped for $CHEQ tokens at a conversion rate of 18.5178 $DOCK to 1 $CHEQ, ensuring a seamless and straightforward transition for all token holders.

How to migrate your DOCK tokens to CHEQ Before you start Ensure you have a compatible wallet for $CHEQ. If you don’t already have one, follow these instructions to set one up. We recommend using the Leap wallet, which has a browser extension and a mobile wallet on both Android and iOS, and can be easily connected during the migration process. There is another alternative which is to use the Keplr wallet. Update your wallet softwares to their latest versions. This ensures compatibility with the new system and reduces the likelihood of encountering bugs or issues during migration. Note that the migration must be done through the Dock browser-based wallet. If you use the Dock Wallet App or Nova Wallet, you can easily add your account to the Dock browser wallet by following these steps. If your $DOCK tokens are currently on an exchange, you’ll need to withdraw them to a Dock wallet to complete the token migration, as it can only be done from an address you own. Follow our guide on creating a Dock wallet account to get started. We are actively working with exchanges to allow them to handle the migration on behalf of users, and we’ll publish a list of participating exchanges as soon as it’s available. UPDATE 23/11/2024: KuCoin will support the migration of $DOCK tokens to $CHEQ. If you’re holding your $DOCK tokens on KuCoin, you don’t need to do a thing—KuCoin will handle the migration for you seamlessly. Read all the details here. Read and understand the migration's terms and conditions. Make sure you are familiar with the terms before proceeding. You can review them here. The migration service will only be available until March 15th, 2025. After this date, the migration will no longer be supported. Please ensure you complete the process before the deadline.

Migrating your DOCK tokens Access the migration page
Click here to visit the migration page and begin the process. Connect Leap or manually enter your cheqd account
Connecting the Leap wallet ensures that the tokens are sent to the cheqd account you control. If you do not see your Leap accounts in the dropdown, follow these steps to set up your Leap wallet for cheqd. Select your Dock account
If your account isn’t already added, follow these instructions to add it. Accept the Terms & Conditions
Once you've reviewed the T&Cs, click Submit to confirm your migration request.

The full balance of your Dock account will be migrated in a single transaction, partial amounts are not permitted. Once submitted, your $DOCK tokens will be burnt, and the converted $CHEQ tokens will be sent to your designated cheqd wallet using the swap ratio of 18.5178 $DOCK to 1 $CHEQ. 

The migration process typically takes 1-2 business days, after which your $CHEQ tokens will be available in your cheqd wallet. Please bear in mind that during the holiday season (mid-Dec 2024 to early Jan 2025) it might take a bit longer.

Please follow these steps carefully, and if you have any questions, feel free to reach out to our team at support@dock.io.

Note: If you need any transaction reports from the Dock blockchain for tax purposes, make sure to download them from our Subscan blockchain explorer before March 15, 2025.

The Future of Decentralized ID

Dock and cheqd will continue as independent companies serving distinct market sectors in unique ways. By merging their tokens, expertise, and strategic focus, they will drive their shared vision forward with unstoppable momentum.

This token merger is not just a change; it's a monumental leap forward. By merging the $DOCK token with $CHEQ, we are unlocking unprecedented opportunities for our community, positioning you at the cutting edge of decentralized identity innovation.

The future of decentralized digital identity is bright, and with your $CHEQ tokens, you'll be part of a dynamic, growing ecosystem that is set to lead the industry. 

Dock and cheqd will shape a world where secure, verifiable credentials are the norm, and your involvement is key to making this vision a reality. The journey ahead is filled with potential, and we are thrilled to have you with us as we pave the way for the next era of digital identity.


auth0

Authentication and Authorization Enhancements in .NET 9.0

With .NET 9.0, some interesting authentication and authorization features have been added to the platform. Let’s take an overview of them.
With .NET 9.0, some interesting authentication and authorization features have been added to the platform. Let’s take an overview of them.

Monday, 11. November 2024

KuppingerCole

Synthetic Data

by Anne Bailey The term synthetic data stands for artificially generated data that closely replicate the statistical properties, patterns, and characteristics of the real data. This replication mimics reality without including actual information about individuals or entities. As such, it becomes a secure and privacy preserving alternative to using raw, sensitive, or proprietary data. This data is

by Anne Bailey

The term synthetic data stands for artificially generated data that closely replicate the statistical properties, patterns, and characteristics of the real data. This replication mimics reality without including actual information about individuals or entities. As such, it becomes a secure and privacy preserving alternative to using raw, sensitive, or proprietary data. This data is used in training, testing, validation, and analytics. Artificial intelligence (AI) uses advanced algorithms to generate these datasets, preserving the statistical integrity of original data sources without exposing private information.

Unified Endpoint Management: HP

by John Tolbert In the IT landscape, managing a diverse array of devices such as smartphones, tablets, laptops, and IoT devices presents significant challenges. Device discovery can be difficult due to the distributed and dispersed nature of work, especially in the post-pandemic Work From Anywhere (WFA) and Bring Your Own Device (BYOD) paradigms. After devices are discovered, IT teams face the tas

by John Tolbert

In the IT landscape, managing a diverse array of devices such as smartphones, tablets, laptops, and IoT devices presents significant challenges. Device discovery can be difficult due to the distributed and dispersed nature of work, especially in the post-pandemic Work From Anywhere (WFA) and Bring Your Own Device (BYOD) paradigms. After devices are discovered, IT teams face the task of efficiently managing and configuring these devices, ensuring that each one complies with organizational security policies. The following are some of the common challenges that organizations face with regard to managing computing endpoints.

Security Service Edge: Broadcom

by Mike Small Digital transformation and cloud-delivered services have led to a tectonic shift in how applications and users are distributed. Protecting sensitive resources of the increasingly distributed enterprise with a large mobile workforce has become a challenge that siloed security tools are not able to address effectively. In addition to the growing number of potential threat vectors, the

by Mike Small

Digital transformation and cloud-delivered services have led to a tectonic shift in how applications and users are distributed. Protecting sensitive resources of the increasingly distributed enterprise with a large mobile workforce has become a challenge that siloed security tools are not able to address effectively. In addition to the growing number of potential threat vectors, the very scope of corporate cybersecurity has grown immensely in recent years.

Digital Divide: The US-China Struggle for Cyberspace

by Alejandro Leal The end of history? In the early 1990s, as the Cold War receded into history, political theorists proclaimed the "end of history," suggesting a future dominated by liberal democratic values under a unipolar international system led by the United States. This period coincided with the rapid expansion of the Internet, which was envisioned as a tool to promote global connectivity

by Alejandro Leal

The end of history?

In the early 1990s, as the Cold War receded into history, political theorists proclaimed the "end of history," suggesting a future dominated by liberal democratic values under a unipolar international system led by the United States. This period coincided with the rapid expansion of the Internet, which was envisioned as a tool to promote global connectivity.

However, the ensuing decades have seen a shift toward a multipolar world, with rising powers such as China and regional blocs asserting their influence. This shift has fragmented both cyberspace and the global economy, with nations prioritizing national security over global interests, resulting in a cyber landscape characterized by sovereignty and divergent norms.

Cyberspace, often perceived as an abstract concept, is actually grounded in a robust architecture that encompasses both physical and software infrastructure. This includes undersea cables, terrestrial networks, satellites, and data centers, alongside essential protocols like TCP/IP that facilitate data transfer.

This infrastructure is central to modern geopolitics, emphasizing that control over data and management of information flows are now as strategically important as territorial dominance was in previous centuries. Modern geopolitical strategies are increasingly focused on establishing, defending, and expanding digital domains as much as physical ones.

Two tigers cannot share the same mountain

This can be illustrated, for example, by contrasting international commitments such as the "Declaration for the Future of the Internet," signed by over 60 governments, including the U.S. and EU, which promotes a vision of an open and secure Internet. In contrast, China's State Council's "Jointly Build a Community with a Shared Future in Cyberspace" reflects an alternative vision emphasizing digital sovereignty and state control, indicating a global divide in cyberspace governance and Internet freedom.

The strategic competition between the U.S. and China also extends into the uncharted depths of the ocean, centering on the undersea fiber-optic cables that carry more than 95% of intercontinental Internet traffic. These cables are essential for everything from consumer transactions to government communications. Recently, both major American tech companies and Chinese state-owned enterprises have tightened their control over these assets.

The submarine cable industry is a niche but critical sector that relies on a limited global fleet capable of laying and maintaining these cables. However, this lack of expertise sometimes forces Western governments to rely on foreign powers such as China for essential repairs, creating potential security vulnerabilities. Notably, China has strategically emphasized its role in the “maintenance” aspect, seeking to position itself as an indispensable player in the ongoing operation and upkeep of this vital infrastructure.

At the heart of this competition are semiconductor microchips, which are central to both civilian and military technologies. China's strategy to dominate this essential industry underlines its broader economic and political ambitions to supplant the U.S. as hegemon in the Asia-Pacific region and establish its own “sphere of influence”. This strategic competition is demonstrated by the tensions over Taiwan, a key center of semiconductor manufacturing, where Beijing and Washington's interests are sharply at odds.

Strategic Competition in the Digital Age

Global cyber conflicts and the economic impacts associated with them are reshaping international relations in profound ways. As nations vie for control over critical internet infrastructure and data flows, cyberspace has become a new domain of strategic competition, paralleling traditional conflicts over maritime and land resources. The stakes are high, as control over AI technologies and the cyber realm carries significant implications for national security, military advantage, and technological edge.

Unfortunately, a fragmented international system and divided cyberspace hinder the global cooperation needed to tackle pressing challenges such as climate change and the governance of AI. When the world's nations are divided, their collective power to address these universal issues is significantly weakened. As another Chinese proverb wisely states: "A single tree does not make a forest.”

Join us in December in Frankfurt at our cyberevolution conference, where we will continue to discuss the cyber threat landscape and its economic impact.

See some of our other articles and reports:

Software Supply Chain Security Cyber Risks from China: How Contract Negotiations Can Mitigate IT Risks Beyond Boundaries: The Geopolitics of Cyberspace

Security Orchestration, Automation and Response (SOAR)

by Alejandro Leal As the number and sophistication of cyberattacks have increased over the years, it has become clear that traditional cybersecurity methods and tools are increasingly inadequate to address these evolving threats. Large organizations, whether part of critical infrastructure or not, must be able to detect and respond to incidents by monitoring security and analyzing real-time events

by Alejandro Leal

As the number and sophistication of cyberattacks have increased over the years, it has become clear that traditional cybersecurity methods and tools are increasingly inadequate to address these evolving threats. Large organizations, whether part of critical infrastructure or not, must be able to detect and respond to incidents by monitoring security and analyzing real-time events. To stay secure and compliant, organizations need to actively seek out new ways to assess and respond to cyber threats while providing Security Operations Center (SOC) analysts with the right tools.

Sunday, 10. November 2024

KuppingerCole

Digital Sovereignty or Global Connectivity? The US-China Cyberspace Divide

In this episode, host Matthias welcomes Research Analyst Alejandro Leal to explore the evolving landscape of cyber warfare. Drawing from William Gibson's sci-fi classic "Neuromancer," they discuss how the digital battleground is now a critical arena for nations, corporations, and cyber criminals. Their conversation covers the economic consequences of cyber attacks, the strategic importance of un

In this episode, host Matthias welcomes Research Analyst Alejandro Leal to explore the evolving landscape of cyber warfare. Drawing from William Gibson's sci-fi classic "Neuromancer," they discuss how the digital battleground is now a critical arena for nations, corporations, and cyber criminals.

Their conversation covers the economic consequences of cyber attacks, the strategic importance of undersea fiber optic cables, and the role of semiconductor manufacturing in global tensions. Learn how different national perspectives on cyberspace shape security measures and why international cooperation is essential in addressing challenges like AI governance and climate change.

Join Matthias and Alejandro as they dissect the current state of cyber warfare and its implications for global security. Don't forget to leave your comments and questions below!

Alejandro's Blog: https://www.kuppingercole.com/events/cyberevolution2024/blog/us-china-struggle-for-cyberspace



Friday, 08. November 2024

Extrimian

A Leap Forward in Decentralized Digital Identity

The Buenos Aires City Government has embarked on a transformative journey by integrating QuarkID into its miBA platform, showcasing a significant leap in decentralized digital identity. This initiative not only enhances privacy and security for citizens but also marks a pivotal moment in digital governance. The Role of Key Players Extrimian Extrimian is a key […] The post A Leap Forward in Decen

The Buenos Aires City Government has embarked on a transformative journey by integrating QuarkID into its miBA platform, showcasing a significant leap in decentralized digital identity. This initiative not only enhances privacy and security for citizens but also marks a pivotal moment in digital governance.

The Role of Key Players Extrimian

Extrimian is a key participant, plus a technical implementer of QuarkID protocol and used its IDConnect product to facilitate the integration of QuarkID into miBA. This effort underscores Extrimian’s commitment to advancing decentralized identity solutions.

Government of Buenos Aires

The Buenos Aires City Government (GCBA) app miBA has been crucial in adopting and integrating digital solutions that improve city management and citizen services, enhancing both efficiency and transparency.

The goal of this initiative is to give 3.6 million residents of Buenos Aires greater control over their personal information.

zkSync

Powered by zkSync, QuarkID leverages advanced zero-knowledge proofs to ensure secure and private blockchain transactions, significantly enhancing data protection on the miBA platform.

IT Rock

IT Rock has played an instrumental role in seamlessly integrating QuarkID with miBA, ensuring that the technological deployment aligns with the city’s needs for digital identity solutions.

QuarkID

As a protocol integrated into miBA, QuarkID stands at the forefront of this initiative, enabling the secure and efficient verification of digital identities across Buenos Aires.

What is the purpose and use of miBA?

miBA is a digital platform by the Government of Buenos Aires that centralizes access to various city services using advanced technologies like blockchain. This platform allows citizens to securely manage documents and services, enhancing privacy and efficiency. The integration of decentralized identity solutions like QuarkID into miBA exemplifies a significant advancement in providing secure and user-focused digital governance.

Expanding Digital Identity in Buenos Aires

This project by the City of Buenos Aires marks a global milestone as the first city to implement decentralized identity technology on a large scale, issuing verifiable credentials to its entire population. This initiative not only advances the digitalization of public services but also sets a new standard in protecting citizens’ data privacy and security.

The integration has expanded to include a variety of 32 verifiable credentials types, such as Birth and Marriage certificates, Student IDs,Gross Income Tax Certificates, Salary Receipts GCBA, Employee Credential GCBA, and more. This expansion not only simplifies the management of personal documents but also enhances the interoperability of digital credentials across various services.

Documentation and Process Integration

This integration process, managed in collaboration with IT Rock and Extrimian, exemplifies a streamlined approach to adopting IDConnect. This process is pivotal for cities and businesses looking to implement similar decentralized identity solutions.

Source: https://buenosaires.gob.ar/innovacionytransformaciondigital/miba-con-tecnologia-quarkid-la-ciudad-de-buenos-aires-incorporo Voices from the Ground

Read some quotes from IT Rock and GCBA representatives that provide personal insights into the project’s impact and their experiences, emphasizing the collaborative effort required to modernize public services.

Extrimian’s CEO, Guillermo Villanueva, shares his thoughts on IDConnect’s role in this integration:

“With Extrimian IDConnect, we are laying the foundations for a more secure, private and self-managed exchange of information, and building a world with more trust and less friction. 

Our product facilitated the process of miBA-QuarkID integration by IT Rock thanks to the simplicity of our product and the support of Extrimian’s team.”

From the Secretary of Innovation and Digital Transformation of the Government of the City of Buenos Aires side, Juan Pablo Migliavacca – Director General de Ciudadanía Digital en Secretaría de Innovación y Transformación Digital del GCBA, shares that:

“The implementation of IDConnect was critical to quickly, securely, and efficiently connect our miBA system with the QuarkID protocol. Thanks to this integration, and continued work with the Extrimian team, we simplified and improved citizens’ access to their data in a reliable, transparent, and secure way, in a completely digital, frictionless environment.”

Conclusion

The integration of QuarkID into Buenos Aires’ miBA platform is more than a technological upgrade; It is a strategic enhancement to the city’s digital infrastructure, setting a benchmark for other cities worldwide.

For further details on the decentralized digital identity movement and Extrimian’s solutions, visit our Use Cases page.

This blog post aims to provide a comprehensive overview of the transformative integration of QuarkID with miBA, illustrating the synergy between technology providers and governmental vision in advancing digital identity solutions. 

For more detailed insights and developments, visit the Extrimian website and the Extrimian Academy.

Download miBA

IOS Android

Download QuarkID

IOS Andriod

The post A Leap Forward in Decentralized Digital Identity first appeared on Extrimian.


HYPR

HYPR Partners With Yubikey: Bio Series Multi-Protocol Edition

Today Yubico announced the general availability of its YubiKey Bio - Multi-protocol Edition, which supports biometric authentication for FIDO and Smart Card/PIV protocols. Like other YubiKey Bio Series, the new multi-protocol keys incorporate a fingerprint sensor, enabling secure, convenient biometric and PIN-based passwordless login across devices and platforms. The multi-protocol keys

Today Yubico announced the general availability of its YubiKey Bio - Multi-protocol Edition, which supports biometric authentication for FIDO and Smart Card/PIV protocols. Like other YubiKey Bio Series, the new multi-protocol keys incorporate a fingerprint sensor, enabling secure, convenient biometric and PIN-based passwordless login across devices and platforms. The multi-protocol keys, however, offer additional flexibility for enterprises, especially when combined with the HYPR platform.

"By combining Yubico's YubiKey Bio Series with HYPR's advanced solutions, organizations can effortlessly transition to a fully passwordless environment," said Jeff Wallace, SVP Product at Yubico. “This partnership not only enhances biometric authentication but also streamlines the process for desktop logins and strengthens phishing-resistant capabilities. With features like single-step YubiKey fingerprint setup for both web and workstation authentication, centralized credential management, and flexible authentication methods, we empower users to manage their security with confidence, even in sensitive environments.”

HYPR Plus YubiKey Bio — Multi-protocol Edition 

HYPR has worked closely with Yubico for years to bring flexible, phishing-resistant security to businesses around the world. The YubiKey Bio – Multi-protocol Edition is another step towards fully phishing-resistant, passwordless adoption and HYPR is proud to be Yubico’s sole featured partner.

Accelerate Passwordless Strategy

Available in both USB-A and USB-C form factors, the new multi-protocol YubiKeys support modern FIDO and Smart Card/PIV protocols, providing phishing-resistant login for desktops and web applications, across both legacy on-premises and modern cloud environments. Our joint solution makes it easy to provision and roll out the multi-protocol security keys, bringing enterprises the most versatile secure, hardware-based and software-based passwordless biometric authentication on the market.

Make Teams More Productive

The new biokeys provide near-instant login using fast, secure biometrics instead of PINs. Seamless desktop to web access removes extra authentication steps without compromising security.

Simplify YubiKey Onboarding and Management

HYPR provides choice to admins and flexibility for end users. Admins may enable users to start with a new YubiKey out of the box free of any pre-enrolled certificates. Users can enroll their YubiKeys in a single step click-through with the HYPR Passwordless client.



Users can also easily manage their security keys for lifecycle events such as unpairing, changing the fingerprint, resetting and more through the HYPR application. Administrators can also centrally manage user passwordless access through the HYPR Control Center.


YubiKey Login Flow With HYPR


Product Highlights Desktop login on Microsoft Windows using Smart Card/PIV with fingerprint Web authentication with FIDO2/WebAuthn and FIDO U2F using the same biometrics as desktop login Single-step enrollment for workstation and web using the HYPR application and no pre-enrolled certificates required Users can centrally manage credentials through the HYPR application Flexibility of authentication methods for various use cases, including account recovery and shared workstations

The YubiKey Bio - Multi-protocol edition is available globally through YubiKey as a Service. Learn more about the HYPR and YubiKey integration.

To see HYPR and the new YubiKey Bio - Multi-protocol Edition in action, schedule a demo.

 


Finicity

Simplify and Speed Up Customization with Mastercard’s New Customize Connect Editor 

Mastercard Open Banking is transforming the way businesses tailor customer experiences with the launch of Customize Connect, a no-code editor that makes customizing Connect experiences faster, simpler, and fully in… The post Simplify and Speed Up Customization with Mastercard’s New Customize Connect Editor  appeared first on Finicity.

Mastercard Open Banking is transforming the way businesses tailor customer experiences with the launch of Customize Connect, a no-code editor that makes customizing Connect experiences faster, simpler, and fully in your control. Available through the Client Hub portal, this powerful new tool allows clients to easily personalize their Connect experiences without needing to rely on Mastercard’s support teams. 

Customize Connect: Empowering Businesses to Optimize Their Customer Journeys 

Customize Connect puts clients in the driver’s seat, offering an intuitive, self-service interface that allows clients to adjust key elements of the Connect experience—whether for testing or production—using just one simple editor. With real-time validation, businesses can rapidly iterate and deploy updates, enhancing the way their customers securely link accounts. 

Now, businesses can manage their Connect experiences independently, from onboarding new experiences to fine-tuning existing ones, all without the need for extensive technical knowledge. It’s all about giving clients the ability to quickly adapt and scale their offerings based on customer needs. 

Key Customization Features  Branding Flexibility: Customize Connect makes it easy to adjust the look and feel of the Connect experience to match your brand identity. Upload logos, match accent colors, and ensure seamless integration with the rest of your user interface for a consistent experience.  Financial Institution Customization: Clients can tailor the financial institutions displayed to end users, ensuring they see the banks they’re most likely to use. With the ability to customize up to 8 FIs, businesses can simplify authentication by presenting the most relevant options.  Streamlined Account Selection: Whether your customers are selecting one or multiple accounts, Customize Connect allows you to refine the experience by controlling which account types are available for selection. This is especially useful in payment-focused experiences, where you may only want to show checking or payment accounts.  Real-Time Testing & Validation: With the ability to make changes on-the-fly, businesses can validate their customizations in real time, reducing the need for lengthy testing periods and ensuring smooth deployment.  Seamless Integration into Your Workflow 

Customize Connect is integrated directly into the Client Hub portal, making it easy to manage all your settings in one place. For more technical users, access it through Mastercard Developers to incorporate it into your existing projects. Whether you’re adjusting a live production experience or testing new options, the process is quick, simple, and completely within your control. 

Learn More 

For a full walkthrough of how to use Customize Connect, visit Mastercard Developers for detailed documentation or watch the quick demo video below to see the tool in action. 

With Customize Connect, Mastercard Open Banking empowers businesses to create better and tailored customer experiences on their terms. 

The post Simplify and Speed Up Customization with Mastercard’s New Customize Connect Editor  appeared first on Finicity.


auth0

What Are OAuth Pushed Authorization Requests (PAR)?

Learn what Pushed Authorization Requests are and when to use them to strengthen the security of your OAuth 2.0 and OpenID Connect-based applications.
Learn what Pushed Authorization Requests are and when to use them to strengthen the security of your OAuth 2.0 and OpenID Connect-based applications.

Datarella

Confidential Computing for Industry 4.0

With the Cosmic-X project nearing its conclusion, it is finally time to lift the curtain on the blockchain solution that Datarella has built over the last two years to enable […] The post Confidential Computing for Industry 4.0 appeared first on DATARELLA.

With the Cosmic-X project nearing its conclusion, it is finally time to lift the curtain on the blockchain solution that Datarella has built over the last two years to enable confidential computing and data sharing in Industry 4.0. In this first entry of a series of technical posts about designing, implementing, and integrating an edge-to-cloud blockchain solution, we discuss the evaluation process for selecting a suitable blockchain platform for Cosmic-X and how that platform operates on a protocol level to provide an open, transparent, and secure infrastructure for industrial use cases.

Evaluating Blockchain Platforms

Today, many different blockchain platforms exist, but their suitability for industrial use cases remains specific or, at times, limited. To achieve the best match between the requirements of Cosmic-X and the possibilities of blockchain technologies, the team conducted an extensive evaluation process. This evaluation compared both private and public blockchain platforms based on security, privacy, scalability, and interoperability.

Current-generation blockchain platforms predominantly perform well in security and scalability, yet privacy and interoperability often fall short. To achieve privacy in industrial scenarios like Cosmic-X, organizations have almost exclusively used private or consortium blockchains such as Hyperledger Fabric in the past. However, these approaches inherently involve high infrastructure costs for the operating parties, as well as centralization and limited interoperability. In contrast, public blockchains offer resilience, cost efficiency, and a degree of interoperability. Though only recently have they started focusing on privacy and data protection. Blockchain protocols with confidential computing capabilities remain relatively new and untested. Nevertheless, when weighing the advantages and disadvantages of the two approaches, a privacy-focused public network emerges as the preferred solution in an industrial context.

For a public network to meet Cosmic-X’s privacy and data protection requirements, it must support the multi-tenancy paradigm. Multi-tenancy enables a single instance of a software application to serve multiple clients while ensuring logical isolation. Different clients share an underlying infrastructure, which optimizes resource use and reduces infrastructure costs. Further, it enhances efficiency in data access, management, and collaborative data sharing.

Through this evaluation, the Cosmos-based Secret Network emerged as the blockchain platform best suited for Cosmic-X. The Secret Network functions as a public blockchain specifically developed for confidential computing. By combining established encryption techniques with trusted execution environments, it provides so-called Secret Contracts. This type of smart contract establishes consensus on computation without disclosing incoming or outgoing data. Integrated access control mechanisms enable third-party access and create an auditable processing chain. Thus, the Secret Network satisfies the need for multi-tenancy capability while retaining all the benefits of a public network.

How the Secret Network Works

The Secret Network leverages Intel Software Guard Extensions (Intel SGX) to create Trusted Execution Environments (TEE) that enable Secret Contracts. These smart contracts, based on the CosmWasm framework, allow for fully private computation of data. Outside a TEE, the transaction payloads and the network’s current state are encrypted at all times. Only the data owner and an authorized third party can decrypt and view data inputs and outputs. A combination of symmetric and asymmetric encryption schemes—ECDH (x25519), HKDF-SHA256, and AES-128-SIV—achieves this end-to-end encryption. Each validator in the network must run an Intel SGX-compatible CPU and instantiate a TEE that follows the network’s rules.

When an encrypted transaction arrives in the shared mempool of the network, a validator forwards it to their TEE, where a shared secret is derived and used to decrypt the transaction. The WASMI runtime then processes the plaintext input. Finally, the validator re-encrypts the updated contract state and broadcasts it to the network through a block proposal. If over two-thirds of the current network voting power agree on the result, the network appends the proposed block to the Secret Network blockchain.

For access control, the Secret Network offers Viewing Keys and Permits. A Viewing Key acts as an encrypted password that grants a third party permanent access to data related to a specific smart contract and private key. A Permit allows a more granular approach, restricting viewing access to specific parts of data for a set period. Consequently, despite its encrypted nature, the network remains fully auditable.

In the next post, we’ll explore how we leverage the Secret Network to secure machine data integrity directly from its point of origin to its consumption by a Machine Learning Model.

The post Confidential Computing for Industry 4.0 appeared first on DATARELLA.


SelfKey

SingularityDAO, SelfKey and Cogito Finance Token-Holders Approve Merger to Form Singularity Finance

SingularityDAO, SelfKey, and Cogito Finance have agreed to form Singularity Finance after the communities approved the merger. SDAO and KEY token-holders voted overwhelmingly in favor of the proposal.

SingularityDAO, SelfKey, and Cogito Finance have agreed to form Singularity Finance after the communities approved the merger. SDAO and KEY token-holders voted overwhelmingly in favor of the proposal.


Dock

The Port of Bridgetown Accelerates Vessel Clearance with Dock’s Verifiable Credential Technology

Zug, Switzerland – 8 November, 2024 – Barbados Port Inc., the state-owned entity that manages the Port of Bridgetown, has integrated Dock's Verifiable Credential technology into their Maritime Single Window, to revolutionize their vessel clearance processes. This cutting-edge solution enables the Port of Bridgetown to expedite vessel clearance

Zug, Switzerland – 8 November, 2024 – Barbados Port Inc., the state-owned entity that manages the Port of Bridgetown, has integrated Dock's Verifiable Credential technology into their Maritime Single Window, to revolutionize their vessel clearance processes. This cutting-edge solution enables the Port of Bridgetown to expedite vessel clearance for both arriving and departing ships, while ensuring the integrity of credentials through tamper-proof, verifiable data. This integration enhances efficiency, security, and trust in the port’s clearance procedures.

Full article: https://www.dock.io/post/port-of-bridgetown-accelerates-vessel-clearance-with-docks-verifiable-credential-technology


Tokeny Solutions

ERC-3643: The Motherboard for Composable Tokenized Assets

The post ERC-3643: The Motherboard for Composable Tokenized Assets appeared first on Tokeny.

Product Focus

ERC-3643: The Motherboard for Composable Tokenized Assets

This content is taken from the monthly Product Focus newsletter in November 2024.

“What token standard does your platform support?” This is a question we hear often. As a regular reader of our newsletter, you might think, “Tokeny? They’re an ERC-3643 platform.” But that’s only part of the story.

Think of ERC-3643 as a Lego motherboard. It’s the fundamental base, the piece that holds everything else all together. The real magic happens when you start adding multiple smart contract blocks. What makes its composability powerful is the ability to reuse existing and proven smart contracts.

Here are a few of the most common “add-on blocks” our clients add to their tokenized assets:

Smart contracts ensure compliance: Compliance contracts make sure that only approved identities can hold tokens. They also set rules for when and how tokens can be transferred, blocking any unauthorized moves. Smart contracts enrich asset onchain data: Asset identity contracts let you add data to assets, like ISIN, LEI, net asset value (NAV), and ESG ratings, making it easy for other platforms, such as distributors, to access this information quickly. Smart contracts enable distribution: Distribution contracts control where the tokens can be distributed. In addition, Delivery vs. Delivery (DvD) contracts can automate buying and selling. If all requirements are met, DvD swaps will happen, without counterparty risks. Smart contracts automate corporate actions: Corporate action contracts handle tasks like paying dividends or coupons, making middle and back office operations faster, smoother, and safer.

ERC-3643 isn’t here to compete with other token standards, it’s designed to work alongside them, offering composability and complementing their functionality. We act as a smart contract factory to ensure the smooth deployment and management of all smart contracts associated with tokens. The future of onchain finance is composable and interoperable, we are passionate about building products to achieve that vision.

Please do not hesitate to contact us if you have any questions regarding this topic.

P.S. What is more exciting is that this week, ERC-3643 was recognized as the official standard in Project Guardian by the Monetary Authority of Singapore (MAS) for ensuring compliance in tokenized debt instruments and funds. Check out more details here.

Joachim Lebrun Head of Blockchain Subscribe Newsletter

This monthly Product Focus newsletter is designed to give you insider knowledge about the development of our products. Fill out the form below to subscribe to the newsletter.

Other Product Focus Blogs ERC-3643: The Motherboard for Composable Tokenized Assets 8 November 2024 How Tokeny’s Platform Empowers Fund Administrators To Act in Onchain Finance 20 September 2024 56% of Fortune 500 Are Onchain: APIs Are Your Key to Staying Ahead 23 August 2024 The Journey to Becoming the Leading Onchain Finance Operating System 19 July 2024 Streamline On-chain Compliance: Configure and Customize Anytime 3 June 2024 Multi-Chain Tokenization Made Simple 3 May 2024 Introducing Leandexer: Simplifying Blockchain Data Interaction 3 April 2024 Breaking Down Barriers: Integrated Wallets for Tokenized Securities 1 March 2024 Tokeny’s 2024 Products: Building the Distribution Rails of the Tokenized Economy 2 February 2024 ERC-3643 Validated As The De Facto Standard For Enterprise-Ready Tokenization 29 December 2023 Tokenize securities with us

Our experts with decades of experience across capital markets will help you to digitize assets on the decentralized infrastructure. 

Contact us

The post ERC-3643: The Motherboard for Composable Tokenized Assets appeared first on Tokeny.


KuppingerCole

Synthetic Data for Security and Privacy

by Anne Bailey This report provides an overview of the Synthetic Data market and a compass to help you find a solution that best meets your needs. It examines solutions that generate datasets that closely replicate the statistical properties, patterns, and characteristics of real and production data. It provides an assessment of the capabilities of these solutions to meet the needs of all organiza

by Anne Bailey

This report provides an overview of the Synthetic Data market and a compass to help you find a solution that best meets your needs. It examines solutions that generate datasets that closely replicate the statistical properties, patterns, and characteristics of real and production data. It provides an assessment of the capabilities of these solutions to meet the needs of all organizations to generate and work with synthetic data.

ShareRing

A revolutionary way to protect personal and corporate data using Google Cloud and ShareRing.

In our daily lives we are regularly asked to provide personal details, and in many instances, we cannot secure a service or product unless we do so. This may involve a simple request to provide proof of identity, or a much more detailed one, perhaps requiring verification. This can be time-consuming, and often a fraught ... Read more The post A revolutionary way to protect personal and corporate

In our daily lives we are regularly asked to provide personal details, and in many instances, we cannot secure a service or product unless we do so. This may involve a simple request to provide proof of identity, or a much more detailed one, perhaps requiring verification. This can be time-consuming, and often a fraught process, and there is always concern for the security of that data. While online privacy concerns are at an all-time high, organizations increasingly store sensitive information digitally, in centralized databases.

Global regulators continue to evolve laws and regulations accompanied by outsized penalties for companies that fail to comply with them. The annual cost of cybersecurity crime to Australia alone is estimated to be in the range of $29 billion to $30 billion. A 2023 KPMG report estimated the total cost at $29 billion per year, with direct costs to businesses accounting for a significant portion. The Australian Cyber Security Centre’s 2022-23 Cyber Threat Report highlighted a 14% increase in the average cost of cybercrime per report compared to the previous year.

Increased regulation and penalties follow the foundation set by other international privacy legislation, such as Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The maximum penalties for non-compliance have been significantly increased. The penalty for a serious privacy breach up until late 2022 was just $2.22 million. Now, businesses can be charged with the greater of: 

$50 million three times the value of any benefit obtained through the misuse of information 30 percent of the company’s adjusted turnover in the relevant period

These penalties are a compelling reason alone for businesses to improve the way they protect their client’s data. This is just the beginning — businesses need to understand their data obligations and where needed, implement new, compliant processes.

Read on to explore why the combination of Google Cloud Platform, and ShareRing’s digital identity platform, are a revolutionary approach to personal privacy and business protection.

The data security arms race

More-and-more the transfer of our personal details is done digitally, and the risk of someone obtaining those personal details is growing exponentially. We are all aware of the growing risk of identity theft and other exploits that compromise our personal information. A centralized store of identity data is an irresistible high risk data source  to cyber criminals and threat actors.

Digital Identity as a Service

ShareRing Link, is a decentralized public infrastructure (DePIN) solution that leverages Google Cloud for its core infrastructure. ShareRing’s ecosystem is architected to ensure minimal personal data is shared, and importantly is not stored centrally. ShareRing Link is a business system that enables a user to share select personal information from an encrypted Vault to a businesses’ backend system, such as KYC information to a financial institution, or age verification to a licensed merchant, for alcohol sales, via a zero-knowledge proof function.

ShareRing Me, a digital identity app available on Android, uses Blockchain technology to collect and store verified identity data in an immutable, reusable, self sovereign Vault, a “Digital Me”, on the user’s personal smart device. At all times the User controls who they choose to share their data with from their advice. ShareRing Me also gives the user the ability to backup the heavily encrypted Vault file onto their personal Google Cloud, to ensure no data is lost.

Privacy and Data Segregation with Google Cloud

Google Cloud Platform is quickly becoming a leader in business and enterprise cloud computing worldwide. This is, in large part, due to their “security by design, security by default” stance, underpinning a comprehensive and industry-leading approach to data protection.

Data Segregation:

Google Cloud customer data is siloed, which reduces the attack vectors. This is driven by their self imposed objectives to protect customer data and security, as well as the need to adhere to increased regulatory compliance requirements globally.

Google Cloud uses Logical Isolation mechanisms inherent to virtualization technology to create isolated virtual environments for each customer, ensuring that their data and applications are not directly accessible to others.  ShareRing Self-Sovereignty: ShareRing Me uses a decentralized storage model to keep verified and encrypted personal data on the User’s personal smart device. Data Encryption and Access Controls: Encryption: Google Cloud has built-in encryption capabilities, such as Cloud KMS (Key Management Service) to encrypt data at rest and in transit. ShareRing Smart Contracts: ShareRing uses smart contracts to automate and enforce access rules based on predefined conditions, ensuring that only authorized parties can access. Data is secured across multiple nodes in ShareRing blockchain, making it immutable to breach or tampering. IAM and RBAC:  Google Cloud Identity and Access Management (IAM) is used to implement granular access controls and permissions for different users and roles. In addition, Google Cloud  also uses role-based access control (RBAC) and network segmentation to restrict access to customer data based on user permissions and network boundaries. Storage: While Google Cloud  can provide additional storage capacity, it could be used in conjunction with ShareRing to offer redundancy and disaster recovery of the encrypted Vault. Strong technology intersect

ShareRing Founder, Tim Bos, stated – “Google Cloud’s commitment to customer data protection is a significant factor in why we chose to partner with them. Our technologies and philosophies intersect seamlessly. The extensive and industry-leading security controls Google Cloud  provides, and ShareRing’s self sovereign identity solution, together are a much needed evolution in privacy, in a world where personal information is as precious, or moreso, as your other assets”.

Assurance of best practices in a combined identity solution

Both ShareRing and Google Cloud  undergo regular audits and certifications to ensure compliance with various security standards, such as ISO 27001. Digital Identities are also becoming increasingly regulated. ShareRing is certified against the UK’s Digital Identity and Attributes Trust Framework  (DIATF) and is seeking accreditation against similar frameworks in the EU (eIDAS 2)  and Australia Digital ID framework as they come into play.

Business inquiries: 

Ryan Bessemer, ShareRing Global

+61 403 300 442 

ryan@sharering.network 

About ShareRing

ShareRing Global stands as the only digital identity business certified with ISO27001 Information Security Management certification, as well as a DIATF-certified provider in the UK.  Our suite of identity verification technologies transforms online interactions, ensuring they are 

safer, faster and easier. You choose what you share with ShareRing.

 www.sharering.network 

About Google Cloud Platform

Google Cloud Platform (GCP) is a suite of cloud computing services offered by Google that provides a series of modular cloud services including computing, data storagedata analytics, and machine learning, alongside a set of management tools.

cloud.google.com 

The post A revolutionary way to protect personal and corporate data using Google Cloud and ShareRing. appeared first on ShareRing.


IdRamp

SailPoint Account Recovery Using CLEAR Identity Verification

IdRamp has partnered with SailPoint and CLEAR to transform account recovery through advanced Identity Verification (IDV). The post SailPoint Account Recovery Using CLEAR Identity Verification first appeared on Identity Verification Orchestration.

IdRamp has partnered with SailPoint and CLEAR to transform account recovery through advanced Identity Verification (IDV).

The post SailPoint Account Recovery Using CLEAR Identity Verification first appeared on Identity Verification Orchestration.

Thursday, 07. November 2024

KuppingerCole

Overcoming the Challenges of MFA and a Passwordless Future

Securing user identities has become a crucial focus for organizations of all sizes. The evolution from traditional passwords to Multi-Factor Authentication (MFA) and eventually to passwordless solutions introduces various challenges, such as technical obstacles, changing threat landscapes, and resource limitations. Modern technology offers promising solutions to these authentication challenges.

Securing user identities has become a crucial focus for organizations of all sizes. The evolution from traditional passwords to Multi-Factor Authentication (MFA) and eventually to passwordless solutions introduces various challenges, such as technical obstacles, changing threat landscapes, and resource limitations.

Modern technology offers promising solutions to these authentication challenges. Advanced MFA methods, biometrics, and passwordless technologies provide enhanced security and improved user experience. However, successful implementation requires careful planning, integration with existing systems, and a focus on scalability and user adoption.

Alejandro Leal, Research Analyst at KuppingerCole, will introduce the concept of passwordless authentication, explore its benefits and challenges, and share market insights based on the latest research. He will provide valuable perspectives on the current state of authentication technologies and future trends.

Malte Kahrs, Founder and CEO of MTRIX GmbH, will address practical implementation challenges of MFA and passwordless authentication. He will discuss strategies for overcoming technical hurdles, integrating with Microsoft Entra ID, managing hardware distribution, and ensuring a smooth user experience for successful adoption.




Rise of the Machines - Why Machine Identity Management Has Become Essential

by Matthias Reinwarth In today’s hybrid and complex IT environments, machine identities are multiplying at an astonishing rate. If managing human identities was once the main concern, that focus has shifted drastically. Today (depending on who you ask, vendors, tech experts, analysts..., the figures might vary), there are approximately 45 to even 100 times more machine identities than human ones,

by Matthias Reinwarth

In today’s hybrid and complex IT environments, machine identities are multiplying at an astonishing rate. If managing human identities was once the main concern, that focus has shifted drastically. Today (depending on who you ask, vendors, tech experts, analysts..., the figures might vary), there are approximately 45 to even 100 times more machine identities than human ones, and each one of these machine identities poses a potential security risk if not properly managed. The rapid growth of cloud, DevOps, and automation has spurred this explosion in machine identities, creating a critical need for robust management strategies to ensure secure authentication, controlled access, and safe interaction across digital environments.

Machines Need Identities Too – But Not Just "Machines"

While we often talk about "machines", this term actually covers a wide range of digital entities. Beyond physical machines, today’s IT landscapes include IoT devices, OT systems, bots, applications, technical accounts, containerized services, and even cloud workloads, each of which demands a unique, securely managed identity. Machine identities enable non-human entities to authenticate, communicate, and interact autonomously, safeguarding sensitive data and critical system resources.

This landscape of digital identities is diverse, each with distinct lifecycles, requirements for secure communication, and authentication needs. For instance, IoT devices like connected cars or smart-home systems need robust authentication mechanisms to communicate safely. Industrial OT devices like SCADA sensors need secure identities for data exchange, while Kubernetes clusters and cloud instances require identities to manage interactions within dynamic, cloud-native environments. The complexity and scope of these digital interactions mean that every identity, no matter how short-lived, needs to be handled with precision and care.

Visibility, Control, and Lifecycle Management – Core Challenges

With such a wide array of machine identities, maintaining visibility and control is paramount. However, many organizations struggle to track and manage these identities effectively. As new short-lived identities proliferate in dynamic environments, they often escape detection, leading to potential vulnerabilities. When these identities are inadequately managed, they can become weak points in security, offering potential access points for cyber threats.

Another challenge is lifecycle management. Machine identities, unlike human ones, often have short lifespans and require frequent updates, renewals, or deactivations. If these lifecycles aren’t managed meticulously, organizations risk having outdated, insecure identities lingering in their systems. This unmanaged sprawl of identities can compromise not only security but also compliance with standards such as GDPR or HIPAA. The implications are clear: lifecycle management must be systematic, automated, and responsive to the high turnover typical of machine identities.

The Risks of Poorly Managed Machine Identities

When machine identities go unmanaged, the repercussions can be severe. Unauthorized access to sensitive systems, privilege escalation through compromised identities, and exposed secrets are just a few of the risks. In the absence of effective monitoring, organizations miss out on the timely detection of security threats, allowing vulnerabilities to go unnoticed. Moreover, hard-coded secrets, if left unprotected, become easy targets for exploitation, leading to potential security breaches.

As machine identities proliferate, so too does the attack surface, leaving organizations more vulnerable to unauthorized access and data leaks. This is particularly problematic in industries where compliance and security are paramount, as mismanaged identities can lead directly to regulatory violations.

Machine Identities in a Zero Trust Framework

With Zero Trust increasingly central to security strategies, machine identities play a critical role. In a Zero Trust model, no machine is assumed to be inherently trustworthy; every interaction requires authentication and verification. This approach is essential in today’s multi-cloud and hybrid IT landscapes, where machines frequently interact across potentially insecure networks. With technologies like mutual TLS (mTLS), machine identities enable secure communication between devices, ensuring that only authenticated entities can access critical resources.

In a Zero Trust framework, machine identities not only secure communication but also enable ongoing verification of interactions. This principle is foundational to establishing and maintaining trust, both for human and machine identities, within an organization’s digital ecosystem.

Secure Secrets Management – An Essential Pillar

Effective management of machine identities demands secure handling of “secrets” - API keys, SSH keys, certificates, and other credentials essential for authenticating machine communication. These secrets need to be stored securely, rotated regularly, and managed centrally to reduce human error and prevent misuse. Automated secrets management allows organizations to scale this process to handle the vast numbers of identities typical in a modern IT environment, ensuring that each identity’s lifecycle is managed securely from creation to deactivation.

Integrating secrets management into a comprehensive identity governance framework provides additional layers of security. This approach not only minimizes security gaps but also enforces consistent security practices across both human and machine identities.

Key Takeaways: The Essentials of Machine Identity Management Machine Identities as a Foundation for IT Security
Machine identities are indispensable for secure interactions and communications in modern IT environments. Scaling with Growth 
The exponential increase in machine identities demands robust, automated management to keep pace with this growth. Lifecycle Management for Security
Systematic management of identity lifecycles mitigates the risks posed by outdated or uncontrolled identities. Secrets Management to Close Security Gaps
Proper secrets management is vital for protecting machine identities and preventing security breaches. Integration with Identity Governance
Machine identities should be part of a unified identity governance framework to ensure consistent security policies. Accountability Through Ownership
Clear assignment of responsibilities is crucial for maintaining the security and traceability of machine identities. A More Precise Term for Identity Diversity
The term "machine identities" may need refinement to better capture the diverse range of non-human identities in today’s digital environments.

In short, machine identity management is not only critical but complex, requiring organizations to adopt structured, automated, and comprehensive approaches. In a world where machine interactions outnumber human ones, secure identity management is not optional - it’s essential.


SailPoint Atlas - Unified Identity Security Platform

by Nitish Deshpande SailPoint Atlas is a unified identity security platform that focuses on identity security by combining modern technologies such as AI and machine learning. A technical overview of the SailPoint Atlas is included in this KuppingerCole Executive View report.

by Nitish Deshpande

SailPoint Atlas is a unified identity security platform that focuses on identity security by combining modern technologies such as AI and machine learning. A technical overview of the SailPoint Atlas is included in this KuppingerCole Executive View report.

auth0

Your B2B SaaS App Just Got Better

Machine-to-Machine Access for Organizations reaches General Availability (GA), unlocking SaaS APIs for developers
Machine-to-Machine Access for Organizations reaches General Availability (GA), unlocking SaaS APIs for developers

Northern Block

A Summary of Internet Identity Workshop #39

Highlights from IIW39, which took place between October 29th and 31st, 2024, at the Computer History Museum in Mountain View, California. The post A Summary of Internet Identity Workshop #39 appeared first on Northern Block | Self Sovereign Identity Solution Provider. The post A Summary of Internet Identity Workshop #39 appeared first on Northern Block | Self Sovereign Identity Solution Provid

(Images used in banner courtesy of Ankur Banerjee, @ankurb)

 

Introduction

Below are my personal highlights from the Internet Identity Workshop #39, held from October 29–31, 2024, at the Computer History Museum in Mountain View, California. The Internet Identity Workshop (IIW) is a one-of-a-kind, unconference-style event that gathers professionals across the digital identity space to openly discuss, debate, and innovate. IIW39 set a record for attendance, with 178 sessions, giving us the opportunity not only to stay up-to-date but also to contribute through sponsorship and active participation, reinforcing our commitment to this evolving field.

Images courtesy of Internet ID Workshop (@idworkshop)

Our team left inspired by the range of perspectives and in-depth conversations and are excited to share some of the key takeaways relevant to digital credential ecosystems. To organize the insights, I’ve grouped the most impactful sessions into three themes: trust establishment, adoption, and tech stack updates. These themes helped me categorize sessions that stood out and offered valuable perspectives for our work in digital credentials, wallets, and trust establishment infrastructure.


#1 – Trust Establishment

This IIW featured many discussions around governance, trust registries and trust establishment.

Progressive Trust in Issuer Registries with LinkedClaims

This session explored the concept of “progressive trust” in issuer registries, where entities can initially join a trust registry with minimal requirements and gradually build their credibility over time by adding claims. LinkedClaims was proposed as a potential solution to enable this approach, allowing ecosystem participants to add claims to a trust registry incrementally, thereby increasing their level of assurance as they demonstrate further compliance or meet additional standards. By setting low initial barriers for inclusion, this model supports a more accessible and open ecosystem, where entities can start with a basic level of trust and enhance it progressively. This approach provides an inclusive framework for building transparency and encouraging a steady flow of verifiable claims, enabling credentials to gain broader acceptance across different ecosystems as entities solidify their trustworthiness.

 

Well-Attended Discussion on Bridging Trust: DIDs, DNS, and X.509

Another session that ultimately brings trust establishment into the discussion was focused on creating layered assurance by bridging decentralized identifiers (DIDs) with established infrastructures like DNS and X.509. This hybrid approach allows any entity—not just credential issuers—to build more assurance by combining DIDs with established, trusted systems. This setup is particularly valuable for organizations with a strong digital presence, as it lets them leverage existing DNS or certificate frameworks to increase the assurance of their identity or credentials. We’ve already implemented this concept with DNS bridging in our IETF draft on High Assurance DIDs with DNS, demonstrating how entities can use this approach to create dependable, transparent interactions. As one of the co-chairs of the High Assurance VID Task Force (HAVID), I’m actively engaged in advancing this approach, proving that layered trust realms can support higher assurance in decentralized ecosystems.

A diagram provide by Dr. André Kudra which was showed in the IIW session

European Union Digital Identity Wallet (EUDI Wallet) Relying Party Authentication

The topic of relying party authentication for the EUDI Wallet sparked enough discussion to span two sessions. The first session on day 2 raised several open questions around the best approach for authenticating relying parties, leading to a follow-up session on day 3 to further unpack the issues.

One of the key points in discussing EUDI Wallet’s architecture was the requirement for relying parties to provide certain data about themselves to the wallet and, by extension, to the holder. This requirement, stemming from the EU’s eIDAS regulation, allows the holder to have insight into what data a relying party wishes to access and how they intend to use specific credentials. This transparency is essential for enabling informed decisions by the holder and safeguarding data privacy.

Various technical options were explored for implementing this authentication, including traditional X.509 solutions, OpenID Federation, and SD-JWTs (selective disclosure JSON Web Tokens). Each approach has unique strengths and challenges, with OpenID Federation emerging as a flexible option for interoperability. However, concerns around the complexity of the OpenID Federation specification led to discussions on simplifying or segmenting it to make it more accessible, particularly for the EUDI Wallet context.

Northern Block has been actively investing in implementing OpenID Federation across our solutions, aligning with the standard’s potential for fostering trust and interoperability in digital credentialing. Yesterday, on November 6, 2024, we presented an update at a Findynet-hosted event, sharing insights on our progress. A recording of the session is available on the event meeting page for those interested in learning more.

Additionally, the sessions considered how OpenID Federation might integrate with the European Blockchain Services Infrastructure (EBSI) and other European trust establishment technologies, potentially serving as an abstraction layer to connect multiple verification methods. While OpenID Federation shows promise for trust establishment in the European context, the sessions underscored that simplifying the spec could be key to overcoming current barriers. There’s clear interest in OpenID Federation’s role in the European market, and as this work evolves, it could provide a streamlined path for cross-border compatibility and trust in digital credentials.


#2 – Adoption

IIW39 offered a strong forum to gauge the state of adoption in digital credentialing and examine what’s required to drive it forward.

 

“Has Our SSI Ecosystem Become Morally Bankrupt?”

In one of the very many thoughtful sessions at IIW39, Christopher Allen raised a challenging question: has the self-sovereign identity (SSI) ecosystem strayed from its founding principles? His blog on the topic served as inspiration for the session. Allen questioned whether current implementations are compromising core SSI values—such as existence, control, access, transparency, and protection—that were foundational to the concept of self-sovereign identity. Increasingly, we’re seeing the industry willingly delegate key functions to platform providers, often replicating centralized or federated models that limit user control and freedom.

As examples, Allen pointed to the rise of mobile driver’s licenses (mDLs) and DID implementations such as did:web. These approaches may gain traction through their ease of adoption and existing infrastructure but risk overlooking some key principles as mentioned above. This trend raises concerns about whether these solutions are being designed in a way that prioritizes control for platform providers rather than the individuals using them. Allen’s critique highlights how some modern implementations of SSI risk sacrificing these core principles for the sake of convenience or widespread adoption.

From my perspective, these principles remain the goal for myself, our company, and many collaborators in the industry. However, achieving true self-sovereignty in a scalable way involves navigating significant structural and funding challenges. 

Much like the internet was seeded by the U.S. government through projects like ARPANET, where initial government funding was critical to establishing its foundations, digital trust infrastructure requires substantial investment to reach critical mass. This foundational funding enabled others to build value on the internet through commercially driven models that continue to reshape society as a whole. Today, governments and large organizations—particularly those with a public benefit as their core mission—are often the only entities capable of making this level of investment, viewing digital trust infrastructure as a form of public infrastructure that justifies their funding.

But with funding comes influence. Governments and large entities exercise control over their constituents through controls (e.g., rules, laws, and regulations)—frameworks that don’t always align seamlessly with the digital world’s principles of openness and user autonomy. This creates a tension between the need for investment to build digital public infrastructure and the inherent incentive models these large entities operate under, where control and oversight are often prioritized. This represents a larger struggle in balancing innovation with institutional authority, especially as digital identity and trust infrastructure continue to develop.

In my view, balancing SSI’s principles with these real-world constraints isn’t an all-or-nothing endeavor. Each implementation should strive to maximize user control, privacy, and transparency, even if some trade-offs are necessary. The investments we’re seeing are undeniably driving amazing advancements, and it’s a matter of taking the best parts and continuously improving upon them. This isn’t a zero-to-one leap but rather a journey of chipping away at constraints, making incremental progress toward a digital world that aligns more closely with self-sovereign ideals.

This session was an important reminder for me—and for all of us in this space—not to lose sight of the vision and principles that brought us here. Even as we navigate complex environments, we must stay grounded in the values that underpin SSI, ensuring they remain central as we move forward, one step at a time.

 

Public Sector Momentum and Cross-Ecosystem Acceptance

There continues to be significant momentum in the public sector around digital credentialing, with the U.S., Canada, Europe, and other regions like Bhutan each advancing in their own unique ways. In the U.S., states are increasingly adopting mobile driver’s licenses (mDLs), with many offering digital driver’s licenses through platforms like Apple and Google Wallets, while others provide their own state-specific wallets. Similarly, Canadian provinces are moving forward with their own digital wallets, and the European Union is working toward nation-state-approved wallets as part of a cohesive digital identity strategy. Each region’s approach reflects key differences and nuances in the technical stacks and governance models across these public sector ecosystems. Bhutan’s launch of its National Digital Identity (NDI) project exemplifies how even smaller nations are adopting digital credentials, contributing to a global trend in verifiable credentials across public sector initiatives.

While the public sector is a key driver, there are notable differences in approaches across these regions. Organizations like the Global Acceptance Network (GAN) are essential in bridging these varied approaches, fostering cross-ecosystem compatibility through multiple sessions and discussions around trust establishment at IIW39. For readers interested in how GAN supports the adoption of verifiable credentials across sectors and regions, we recommend our recent podcast episode on GAN’s ecosystem, which delves into its development and vision.

For anyone seeking a lay of the land in public sector credentialing, Northern Block has a strong perspective from our work in both North America and Europe. Feel free to reach out to us for further insights into how digital credentialing is evolving in the public sector across these regions.


#3 – Technical Updates

With the rapid evolution of standards and interoperability frameworks, IIW39 highlighted some of the latest tech stack advancements that are shaping digital credential ecosystems.

 

Digital Credential Query Language (DCQL)

The Digital Credential Query Language (DCQL) proposes to offer a streamlined solution to the complexity of existing credential presentation models, presenting a simplified, structured approach to querying credentials. Developed as part of the upcoming Implementer’s Draft for OpenID4VP, DCQL is designed as an alternative to Presentation Exchange (PE), which, though flexible, has become complex and challenging to implement. With dependencies like JSONPath, regular expressions, and extensive schema filters, PE can be cumbersome and potentially insecure, especially in browser-based environments.

DCQL aims to address these issues by introducing a more straightforward, JSON-based syntax that is largely credential format-agnostic, allowing for simpler and faster implementation. By reducing optional elements and removing complex dependencies, DCQL lowers the technical barriers for organizations adopting digital credentials, making credentialing solutions easier to implement and scale. However, as the adoption of DCQL grows, it is expected to coexist with PE, creating a phase where both standards are in use. This dual adoption could lead to interoperability challenges, as some organizations might choose to implement only one standard. DCQL’s simplified approach thus highlights the need for careful handling of interoperability across digital identity ecosystems, especially where both PE and DCQL are expected to operate.

Although initially specific to OpenID4VP, DCQL’s adaptability has the potential for broader use, supporting a more consistent and accessible querying standard as digital identity implementations grow across ecosystems.

 

Google’s Zero-Knowledge Proof (ZKP) for Mobile Credentials

Google introduced an advanced, high-performance ZKP for mobile environments, which represents a significant breakthrough in privacy-preserving credentials. With this implementation, users can present specific claims without revealing additional data, aligning with SSI principles. The optimization of ZKPs for sub-second performance opens new doors for real-world use cases in identity verification. As this technology becomes more accessible, it could drive widespread adoption across industries that require privacy-centric solutions for sensitive interactions.

 

Revocation and Status Mechanisms Comparison

Managing credential status and revocation is essential, particularly for high-volume and regulatory-sensitive use cases. The session on revocation mechanisms provided a detailed comparative analysis of various approaches, evaluating them on key criteria such as scalability, privacy, security, and deployment readiness. These comparisons offer digital identity architects a clearer framework for selecting revocation methods that best align with their operational needs and compliance requirements. As digital credential ecosystems grow, a flexible approach to revocation—one that adapts to different regulatory environments and use cases—will be increasingly critical. For more details, you can view the session slides here.

 

Conclusion

IIW39 consistently provides a lens into the current adoption cycle and maturity of digital credential and wallet ecosystems. As digital identity continues to grow, events like IIW serve as critical forums to assess the evolving landscape of digital credentials, standards, and wallet functionalities. For organizations navigating this space, these insights highlight the importance of transparent governance backing credentials and ecosystems, practical adoption strategies, and streamlined technical solutions that simplify yet secure digital interactions.

I hope this summary was useful to readers. As always, feel free to reach out to me directly at mathieu@northernblock.io or connect with me on LinkedIn if you’d like to discuss these topics further. We’ll be attending the next Internet Identity Workshop, IIW40 (IIWXL), in Spring 2025 from April 8 to April 10, and we urge anyone who finds this discussion interesting to consider joining us there.

–end–

The post A Summary of Internet Identity Workshop #39 appeared first on Northern Block | Self Sovereign Identity Solution Provider.

The post A Summary of Internet Identity Workshop #39 appeared first on Northern Block | Self Sovereign Identity Solution Provider.


Dock

Reusable KYC: What it is, benefits and impact on ID companies

The current landscape of Know Your Customer (KYC) processes is marked by inefficiencies that create friction, drive up costs, and frustrate users. Customers are required to repeat KYC procedures every time they engage with a new service, even if the same KYC provider is behind the scenes.  This leads

The current landscape of Know Your Customer (KYC) processes is marked by inefficiencies that create friction, drive up costs, and frustrate users. Customers are required to repeat KYC procedures every time they engage with a new service, even if the same KYC provider is behind the scenes. 

This leads to high drop-off rates, as customers lose patience with slow, redundant processes. 

Reusable KYC offers a transformative approach by allowing users to complete KYC once and reuse their verified identity across multiple services, significantly enhancing the user experience and operational efficiency for businesses.

In this article we’ll go through what Reusable KYC is, its benefits and how it can be enabled by centralized and decentralized technologies.

Let's dive in!

Full article: https://www.dock.io/post/reusable-kyc


Ocean Protocol

DF114 Completes and DF115 Launches

Predictoor DF114 rewards available. DF115 runs Nov 7 — Nov 14th, 2024 1. Overview Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor. Data Farming Round 114 (DF114) has completed. DF115 is live today, Nov 7. It concludes on November 14th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE&nbs
Predictoor DF114 rewards available. DF115 runs Nov 7 — Nov 14th, 2024 1. Overview

Data Farming (DF) is Ocean’s incentives program. In DF, you can earn OCEAN rewards by making predictions via Ocean Predictoor.

Data Farming Round 114 (DF114) has completed.

DF115 is live today, Nov 7. It concludes on November 14th. For this DF round, Predictoor DF has 37,500 OCEAN rewards and 20,000 ROSE rewards.

2. DF structure

The reward structure for DF114 is comprised solely of Predictoor DF rewards.

Predictoor DF: Actively predict crypto prices by submitting a price prediction and staking OCEAN to slash competitors and earn.

3. How to Earn Rewards, and Claim Them

Predictoor DF: To earn: submit accurate predictions via Predictoor Bots and stake OCEAN to slash incorrect Predictoors. To claim OCEAN rewards: run the Predictoor $OCEAN payout script, linked from Predictoor DF user guide in Ocean docs. To claim ROSE rewards: see instructions in Predictoor DF user guide in Ocean docs.

4. Specific Parameters for DF115

Budget. Predictoor DF: 37.5K OCEAN + 20K ROSE

Networks. Predictoor DF applies to activity on Oasis Sapphire. Here is more information about Ocean deployments to networks.

Predictoor DF rewards are calculated as follows:

First, DF Buyer agent purchases Predictoor feeds using OCEAN throughout the week to evenly distribute these rewards. Then, ROSE is distributed at the end of the week to active Predictoors that have been claiming their rewards.

Expect further evolution in DF: adding new streams and budget adjustments among streams.

Updates are always announced at the beginning of a round, if not sooner.

About Ocean, DF and Predictoor

Ocean was founded to level the playing field for AI and data. Ocean tools enable people to privately & securely publish, exchange, and consume data. Follow Ocean on Twitter or TG, and chat in Discord. Ocean is part of the Artificial Superintelligence Alliance.

In Predictoor, people run AI-powered prediction bots or trading bots on crypto price feeds to earn $. Follow Predictoor on Twitter.

DF114 Completes and DF115 Launches was originally published in Ocean Protocol on Medium, where people are continuing the conversation by highlighting and responding to this story.


PingTalk

What is Biometric Authentication? Methods & Security Features

What is biometric authentication? Explore methods, effectiveness, and security features to see if it’s right for your organization.

 

As our world becomes increasingly digital, there is a growing need for more secure identity verification methods to replace the faulty password security that is still widely used. 

 

Biometric authentication has emerged as a strong method for safeguarding network and facility access, with a wide range of possible applications from healthcare to hospitality and nearly all industries in between. 

 

Offering enhanced security while providing users with a more streamlined log-in experience, it’s likely that many of us already use biometric authentication in our day-to-day lives, even if we weren’t aware of it. 

 

Throughout this article, we will explore the different biometric technology methods available, their security features, and help you decide if it’s a suitable option for your organization.

Wednesday, 06. November 2024

UbiSecure

Tips for designing your Sign-In

In today’s digital landscape, offering only one sign-in method, such as a username and password, is no longer sufficient to meet the... The post Tips for designing your Sign-In appeared first on Ubisecure Digital Identity Management.

In today’s digital landscape, offering only one sign-in method, such as a username and password, is no longer sufficient to meet the diverse needs and expectations of users. As technology evolves and global markets expand, it’s imperative for websites and apps to provide multiple, secure, and convenient login options. By doing so, businesses can enhance user experience, improve accessibility, and strengthen their competitive position. In this blog post, we’ll explore the numerous benefits of offering alternative login methods, from wider device support and increased security to enhanced user satisfaction and operational efficiency.

Providing alternative login methods has many benefits for users and online service providers:

Wider user reach
Different regions, countries and user groups all have their most preferred way to login to consumer or business services. For example, BankID in Scandinavia, Finnish Trust Network in Finland, LINE in Japan, WeChat in China etc. Not offering the common services for the region where you users are coming from can limit service adoption and sales. Access to download various smartphone authenticator applications may also be limited to certain app store regions. Protection from lost sales and lost business
The inability to log in, for whatever reason – technical or non-technical, creates user frustration, delays and often times lost business. For an end-user, it can be easier to log in to a competitor’s service than to work out why login to your service is failing. When passwords are forgotten or text messages never arrive, having alternative options on offer increases the chance of the user signing in without any further assistance required. In the same way online shopping carts are abandoned when payment services are too difficult to use, users who can’t log in never even get a shopping cart in the first place. Operating cost management
Some third-party authentication services can add significant operating costs as the number of login events increases. Costs associated with an identity provider service may be easier to negotiate if the there are alternatives already available to use. Where there are multiple authentication options, these can be presented in an order that encourages the selection of the most cost-effective option. Technical redundancy
Imagine that the authenticator app or email client that you use continually crashes for some reason due to an unexpected mobile operating system update. Unable to click on a notification or get a generated one-time password, you are locked out of your account. Sometimes login systems are down for maintenance, upgrades, network issues or because of unforeseen difficulties. In these cases, instead of contacting support, choosing the button to sign in using an alternative provider is faster and easier. This lets the user solve their own login problems without any support burden and related costs. Wider end-user device support
Providing only “Sign in with Apple” or “Sign in with Google” makes things difficult if the user ever leaves the respective Apple or Google ecosystem, even if your app or service is targeted certain platform users only. Some organizations even have policies that forbid their employees from using non-corporate login systems for business use. Users could be shut out from accessing their personal information or historical records. Supporting multiple sign in methods enables users to securely access their data if they change devices or operating systems. Dealing with life’s little surprises
Consider the situation where SMS one-time password is the only MFA option, but the SMS never arrives, due to network failure, being out of network range, having a flat battery, a broken screen, lost or misplaced phone or service subscription halted due to an unpaid phone bill. It’s nice to have another way to sign in in these cases. Improved accessibility
For users with disabilities, the ability to use the authenticator or identity provider of their own choice can allow them to access online services without assistance. Different authenticators suit different users, some don’t work at all for parts of the user community. End-user device compatibility
Access to download various smartphone authenticator applications may also be limited to certain app stores, be region locked or be incompatible with user devices in the field running older operating systems. Helping to avoid unwanted surveillance
Repeatedly logging in via the same identity provider has the potential to inadvertently allow tracking your behaviour closely. By using different providers, or choosing authentication methods that are not inherently traceable by third-parties, users are empowered to choose freely in order to protect their own privacy. Avoiding identity provider lock-in
If there is a data breach or other security event at an upstream identity provider, immediately disabling it is the fastest approach to avoid collateral attacks. Disabling a provider is easy when there are many other alternatives still available to use. Service continuity readiness requires planned, ready-to-go contingencies. Identity providers can also cease operating at short notice for other commercial or legal reasons. Do not keep your eggs in one basket. Diversifying the range of sign in options mitigates the risks of individual solutions. Meeting compliance requirements
Depending on the nature and jurisdiction of the application, where sensitive, private and/or personal information is processed, compliance with relevant security, privacy and usability legislation is mandatory. Different types of transactions may require different authentication techniques mandated in legislation. This legislation can change over time. Being able to add and change authentication methods easily makes staying compliant easier. A good example is the European Digital Identity Framework, which will see the roll out of digital identity wallets for European citizens in the coming years. Public sector services and certain industries will be forced to allow sign in using these new wallets. Ready for the future
Technology and legislation is changing at a rapid pace. Authentication protocols, products and techniques adapt to these changes. Being ready for new trends and changes in user expectations with regard to sign-in techniques requires that applications can easily add, remove or change the sign in methods offered. Adding newly emerging biometric authentication, authentication methods based on quantum-resistant cryptography solutions or emerging AI-supported authentication tools should be a matter of reconfiguration rather than application redesign. Designing and planning for multiple sign-in methods with best practices

Fortunately, many commercial software applications today are designed to support externalised user authentication and authorization. These applications can be configured to be connected to a Identity Provider Broker, either hosted in the cloud, or run locally on-premise. This Identity Provider Broker, or IdP Broker for short, is responsible for the secure communication with various identity services and authentication methods. It is responsible to present a list of the various different login options and all of the complex logic to integrate with these methods and services.

When planning the design of a new online service, the product manager, architect or product owner should insist that user authentication is performed outside of the application itself. This is sometimes called single sign-on (SSO) support, federated identity support, externalised identity or referenced using the terms of related protocols, like OAuth, OAuth2, OpenID Connect or SAML. It accelerates product development and simplifies the logic of the online service.

Even older, legacy applications and services can be modified to replace built-in authentication options with externalised authentication with minor application changes.

Supporting multiple sign in methods is a first step

Once authentication has been externalised and multiple sign in methods are supported, this opens the doors to other powerful functions that can enhance user experiences:

Support for teams and groups
An external identity provider can also provide information to an application about an individual’s membership to an organisation, be it a company, team, club or family. This enables convenient sharing of information and responsibilities within an online service. Cross-organisation collaboration and information sharing
Sharing is not limited to your own organisation – information can be gathered from or distributed to users at other organizations – such as partners, suppliers, customers and sub-contractors. An application that is integrated with an externalised identity management system can get and access to these rich connections and permissions without building it all into their own service. Performing tasks on behalf of someone else
Often times, the person using an online service is doing something on another person’s behalf. It may be a consultant helping a client to get things done or an adult doing something for their elderly parents, or a care-giver assisting a person in need. This should not be done by sharing sign in credentials, rather by authorising the other party to do these tasks. Performing tasks on behalf of another organisation
In business, outsourcing of certain functions to another organisation is commonplace. These partners need access to the client firm information and tools provided by online services. This can be achieved through externalised authorization. Do you need help adding more authentication and authorisation options to your online service?

Ubisecure offer software and services to allow your customers to sign in using the authentication method that they choose, from a range of options that match your security choices. Different ways to sign in can be added or removed as requirements and markets change. Support for teams, groups and on behalf of use cases can be added to new and existing services. Contact Ubisecure today for more information and a no-obligation demonstration.

The post Tips for designing your Sign-In appeared first on Ubisecure Digital Identity Management.


Spruce Systems

Meet the SpruceID Team: Dani Johnson

Dani, Head of Operations at SpruceID, brings extensive experience in managing a wide range of responsibilities, from finance to people operations.
Name: Dani Johnson
Team: Operations
Based in: Seattle, Washington About Dani

I’ve worked in business operations throughout my career, and SpruceID is my second software startup. I wanted to work on the most challenging and innovative technology I could find. When I found SpruceID it felt like a perfect fit: a great home for my existing skills where I could have a broad portfolio of responsibilities, as well as an exciting set of fresh challenges.

Can you tell us about your role at SpruceID?

As the Head of Operations, I manage accounting and finance, people operations, compliance, and the rhythm of business. I work with our outstanding legal and accounting teams and oversee financial audits and SOC 2 audits. I also work closely with our CEO and lead special projects of all shapes and sizes.

What do you find most rewarding about your role?

My role is always evolving to cover new ground, so I always have something new to learn. At SpruceID I have access to so many expert minds, and it is incredibly rewarding to be able to soak up new subject matter expertise on a regular basis.

What are some of the most important qualities for someone in your role to have, in your opinion?

Integrity, drive, and an intensely meticulous and organized nature. I was one of those little kids that always colored inside the lines. My plastic dinosaurs were in order on the shelf.

What are you currently learning, or what do you hope to learn?

I am currently working a lot on international initiatives, so I am learning about corporate establishment, banking, contracting, and employment in some jurisdictions outside the US. Fascinating and sprawling.

What has been the most memorable moment for you at SpruceID so far?

Some of my most treasured SpruceID memories are of experiences we’ve had as a team at our team gatherings. Scrambling to get the wifi working in our ad hoc offices in Kyoto, eating together in one of the shacks on Copacabana Beach, singing along to Irish traditional folk music in Dublin.

What is some advice that you’d give to someone in your role who is early in their career?

Be worthy of the trust your organization has in you.

How do you define success in your role, and how do you measure it?

When the organizational operations are running smoothly it frees up the rest of the team to innovate and explore, so in some ways I measure success in my role by how little everyone else needs to think about it. Like great service at a restaurant, you don’t really notice it, you just notice that you have what you need. That is my goal.

Fun Facts


What do you enjoy doing in your free time?: Traveling near and far, cooking, eating, and taking long audiobook walks.

What is your favorite coding language (and why?): Rust, of course!

If you could be any tree, what tree would you be and why?: Any kind that involves animal visitors. Pinyon pine for bear visitors, or one of those argan trees the goats climb. A big fir tree for owl and squirrel friends would be fine.

Interested in joining our team? Check out our open roles and apply online!

Apply to Join Us

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.


Trinsic Podcast: Future of ID

David Kelts - From Idemia to Decipher Identity and the Evolution of Mobile IDs

In this episode of The Future of Identity Podcast, I’m joined by David Kelts, a leader in digital identity and mobile ID initiatives, with a career that spans significant contributions across multiple companies and initiatives worldwide. David's insights shed light on the journey of mobile driver’s licenses (mDLs), the evolution of identity verification, and his current role at Decipher Identity,

In this episode of The Future of Identity Podcast, I’m joined by David Kelts, a leader in digital identity and mobile ID initiatives, with a career that spans significant contributions across multiple companies and initiatives worldwide. David's insights shed light on the journey of mobile driver’s licenses (mDLs), the evolution of identity verification, and his current role at Decipher Identity, where he’s tackling adoption challenges and working with businesses to expand use cases for digital identity.

We explore:

- David's early work at Idemia, including pioneering efforts in connecting driver’s licenses to online identity proofing.
- The origin and adoption challenges of mobile driver’s licenses (mDLs) and why adoption has lagged behind expectations.
- Privacy concerns surrounding digital IDs and the misconception of "phone home" tracking in mobile identity, along with how privacy regulations are influencing this space.
- The role of standards organizations and government agencies, like AMVA and TSA, in fostering privacy and security in digital credentials.
- The future vision for digital identity, including the potential for digital-native identity credentials, cross-border use cases, and the value of user choice in secure digital wallets.

David also shares stories from working directly with states like Utah and California on mDL projects and reflects on what’s needed for broader adoption. This episode is a deep dive into the evolving landscape of digital identity and is perfect for anyone interested in the future of authentication, privacy, and user-centric identity solutions.

You can learn more about Decipher Identity at decipher.id.

Subscribe to our weekly newsletter for more announcements related to the future of identity at trinsic.id/podcast

Reach out to Riley (@rileyphughes) and Trinsic (@trinsic_id) on Twitter. We’d love to hear from you.


IDnow

Exploring the customer onboarding differences in global gambling markets.

Are you ready to play? We explain why gambling operators should always do more than the bare minimum when onboarding players. The gambling industry has never been more lucrative.   Bolstered in large part by the proliferation of easily accessible online gambling platforms, the industry was worth over $85 billion dollars last year. By 2029, that figure […]
Are you ready to play? We explain why gambling operators should always do more than the bare minimum when onboarding players.

The gambling industry has never been more lucrative.  

Bolstered in large part by the proliferation of easily accessible online gambling platforms, the industry was worth over $85 billion dollars last year. By 2029, that figure is expected to leap to $133 billion. There are multiple reasons for the industry’s projected rapid growth, including improved access to high-speed internet and reliable payment systems. Another is the opening of numerous currently unregulated markets around the world, especially in Latin America. 

While for the consumer, playing online casinos, online lotteries or online sports betting may be a similar experience across countries, there are certain differences in onboarding dictated by specific regional regulatory environments. 

Of course, for the customer, this all happens in the background so is rarely a consideration. Gambling operators, however, especially those that are keen to expand into new territories should be aware of every nuance of the customer onboarding process, every regulatory environment, every document or data point required to be compliant and every product functionality that could make the customer experience more inclusive, intuitive and secure. 

In the ‘Worth the risk: Why gambling operators should always do more than the bare minimum when onboarding players’ ebook available below, we explore the different customer onboarding journeys from some of the world’s most popular gambling markets, including the United Kingdom, Brazil, Ontario and many more.

How gambling operators should really be onboarding players. Download to discover: Most common fraud attacks that gambling operators were subjected to in 2023. Size of some of the most popular global gambling markets. The steps required to legally onboard players in nine different countries Download now

While onboarding requirements differ across regions, at IDnow, we believe it is crucial to protect vulnerable individuals and verify that customers are who they claim to be, regardless of the market.

Roger Redfearn-Tyrzyk, VP of Global Gaming.
Know Your Player?

Although the gambling industry has never offered more opportunity, it has also never been under greater regulatory scrutiny, or at greater risk of fraud attacks or bonus abuse. 

Other challenges facing operators include the ever-increasing cost of player acquisition, and the need to comply with AML, data privacy and responsible gambling requirements. Not to mention that, like most industries nowadays, there is a user expectation for seamless, secure and frictionless 24/7 online experiences. The optimal time to address these challenges is at the beginning, during the identity verification and customer onboarding process.

The role of the gambling regulator.

The regulator’s role is to protect players. They do this by devising and regularly revising regulations and issuing fines for operators that do not comply.

As new jurisdictions open and regulators implement tighter control mechanisms, the number of gambling fines are only set to increase. In fact, in 2023, the global industry saw a record number of fines ($402 million), with UK operators subjected to the most fines, followed by Australia, Ontario, the Netherlands and the US. 

Creating regulations that work for the player, the opertaor and the national. market is no easy feat. For example, if taxes are too high or player limitations too strict, then this could push players to the black market. When this happens, governments do not benefit from additional tax and players are not protected. Striking a balance is essential.

Do more than the bare minimum when onboarding players.

At IDnow, we value our trusted relationships with regulatory bodies from around the world. It is these connections and this multi-jurisdictional expertise that allow us to empower operators to confidently navigate onboarding challenges, wherever they are based. 

“To enhance security and minimize risk, we recommend going beyond the basic identity checks by integrating additional screening measures early in the customer journey. Implementing these checks early, ideally before withdrawal, provides better protection and reduces the risk of fraud, safeguarding both customers and businesses from unnecessary exposure to financial harm,” added Roger.

Our layered, holistic approach to identity verification enables operators to add additional layers of assurance by offering a flexible solution tailored to risk appetite and regulatory needs. These layers include a range of verification checks, from data checks and financial risk assessments to biometric and video verification. 

With the ability to scale up or down in line with a country’s specific regulatory needs, IDnow ensures operators maintain robust protection against fraud and other risks, while delivering a seamless and compliant customer journey.

By

Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn


Okta

Introduction to the Okta Integration Network

Whether or not you use Okta’s products, you may find yourself working on software whose target audience includes Okta customers. Adding your application to the Okta Integration Network creates a smoother and less error-prone user management experience for these shared customers, and can unlock the potential of additional features as well. For a high-level perspective on the benefits of building

Whether or not you use Okta’s products, you may find yourself working on software whose target audience includes Okta customers. Adding your application to the Okta Integration Network creates a smoother and less error-prone user management experience for these shared customers, and can unlock the potential of additional features as well.

For a high-level perspective on the benefits of building to the open standards supported by the OIN, which also lets you easily support any other identity provider’s integration marketplace, here’s Director of Identity Standards Aaron Parecki:

And to learn about what the integration submission process looks like on a more technical level, the OIN 101 Walkthrough can help:

Check out Okta’s Saas Security page and integrator help hub for more resources.

Follow OktaDev on Twitter and subscribe to our YouTube channel to learn about additional integrator resources as soon as they’re available. We also want to hear from you about topics you want to see and questions you may have. Leave us a comment below!

Tuesday, 05. November 2024

1Kosmos BlockID

Digital Identity Spotlight: Thailand

The nation of Thailand has a ready response for governments around the world seeking insights on implementing digital identity at scale: Phuket. In recent years, the Thai island paradise of Phuket—long known for its pristine beaches, stunning waterfalls, and vibrant nightlife—has transformed itself from a resort town to a smart city. Its thriving technology sector … Continued The post Digital Id

The nation of Thailand has a ready response for governments around the world seeking insights on implementing digital identity at scale: Phuket.

In recent years, the Thai island paradise of Phuket—long known for its pristine beaches, stunning waterfalls, and vibrant nightlife—has transformed itself from a resort town to a smart city. Its thriving technology sector and “smart, safe, sustainable” approach to governance have become a prime model and critical test market for the nation’s expansive Thailand 4.0 strategy. This 20-year economic development plan is designed to turn this Southeast-Asian country of more than 70 million people into a high-tech, high-income powerhouse, supported and enabled by digital identity.

To that end, Phuket has become a pilot region for Thailand’s new digital identification and verification infrastructure—and for good reason. The city’s tourism sector provides an ideal proving ground for using digital identity to verify visa applications, travel bookings, and access to local services in a seamless, all-digital manner. Since launching 16 months ago, the test has been a trial by fire. But it’s one that Phuket’s tech-savvy population is well-positioned to navigate and help refine.

In Phuket, tourists, expats, and locals use a mobile app called ThaID (as in Thai-ID) to register for banking and healthcare services. But the system also has other purposes. To crack down on counterfeit ID cards that have long plagued Phuket’s bustling nightlife venues, this facial biometrics-based mobile digital ID is now required to gain entry to the city’s clubs and bars. Yet, for all their utility, these and other early applications are just a glimpse of what digital identity has come to mean for this nation.

Phuket, Let’s Go: When Digital Identity Is More Than Just Tech

Thailand’s ambitious digital identity initiative is about more than just financial inclusion, ensuring access to services, and securing against mounting cyber threats. In recent months, it has become emblematic of a nation set on reasserting its identity as a hub of digital innovation—and reigniting an economy lagging its regional neighbors.

In recent years, Thailand’s growth has stagnated. Even as per capita income in China, Singapore, and Malaysia has soared, Thailand has struggled to escape what the World Bank’s 2024 Development Report describes as a “middle-income trap.” A vital component of this predicament is an average annual growth rate hovering around 3% for nearly 30 years, compared to China’s average of 8.86% and Singapore’s 6.18%.

Roughly 531 miles north of Phuket, Thailand’s capital city of Bangkok is crafting a far more promising narrative. Modern skyscrapers, luxury hotels, high-end shopping centers, and world-class restaurants abound. Importantly, strides made by Thailand’s robust technology sector increasingly mirror Phuket’s. Over the past year, investment in artificial intelligence, data analytics, cloud computing, and cybersecurity, for instance, has contributed to the sector’s 12.8% growth rate. In October, Bloomberg reported that Nvidia Corp. plans to invest heavily in Thailand, joining Alphabet Inc. and Microsoft in building data centers and component manufacturing plants here.

Thailand 4.0 is designed to build on previous economic development plans, which focused on agriculture (Thailand 1.0), light industry (2.0), and heavy industry (3.0). Expanding and leveraging Thailand’s thriving tech sector to help fuel growth and opportunity across the rest of the economy means digital identity isn’t just a nice-to-have—it’s an imperative.

Why Digital Transformation Requires Trusted Identity Proofing

Put simply, digital identity is the electronic representation of an individual’s credentials used for identity verification and proofing. Think of it as your passport, driver’s license, and bank card rolled into one secure, digitized framework verified by cross-referencing government-issued, physical world credentials. For individuals, using physical credentials to make purchases, manage finances, or receive entitlements in person is a relatively simple proposition. Doing the same in digital channels through authentication based on usernames and passwords is another thing entirely—one that has failed miserably.

Thanks to never-ending phishing attacks and corporate data breaches, the login credentials and personal identity files of billions of individuals worldwide have been compromised and made available to cybercriminals and threat actors on the Dark Web. In 2024 alone, nearly 3 billion people had their personal information stolen during a cyberattack targeting data broker National Public Data (NPD). This includes what some believe to be the Social Security Number for every US citizen. This past summer, a tranche of more than 10 billion login credentials were discovered in an online hacker forum.

Cyber thieves and other threat actors leverage this information to defraud individuals, businesses, and governments. They can siphon funds from bank accounts, apply for loans or credit cards, access government benefits, and more. They can also infiltrate corporate and government networks to breach data they can monetize downstream—sometimes with implications for critical infrastructure and national security. According to TransUnion, the number of successful data breaches jumped 15% last year. Worldwide, the price tag for such attacks is projected to top $9.5 trillion annually.

Unfortunately, that projection may prove naive. Today, new forms of AI increasingly enable threat actors of all stripes to enhance the effectiveness and scale of their operations. This is material in Southeast Asia, where dense populations and significant socioeconomic stratification make countries in the region prime targets for AI-enabled attacks. It also doesn’t help that Thailand has been home to what the FBI calls the world’s largest cybercrime network. But a growing number of governments here and around the world view digital identity as critical to mitigating these threats.

ThaID & Beyond: How Digital Identity Is Taking Shape in Thailand

The ability to facilitate fast, secure interactions and transactions is foundational to every digital economy, including Thailand’s. However, it requires a universally accepted form of identity proofing that protects privacy and prevents personal identity data from being stolen and exploited by others.

Compared to Belgium’s itsme, Singapore’s SingPass, or even India’s Aadhaar system, Thailand’s digital identity initiative is still in its early stages. But it’s catching up. The country’s focus on mobile-based identity verification, a key element of digital identity, is supported by its extensive 5G mobile broadband network—among the first deployed in Southeast Asia. The initiative also benefits from a tech-savvy citizenry. Fifty percent of the population is expected to have a mobile broadband subscription by 2025, while overall Internet penetration exceeds 88%.

Rather than developing a government-run digital identity system, however, Thai officials have opted to forge public-private partnerships within a digital identity ecosystem linking service and identity providers (IDPs). So far, some of the most prominent forms of digital identity include the following:

ThaID
Launched by the Department of Provincial Administration (DOPA) in 2023, the ThaID mobile app simplifies access to services requiring identity confirmation in both the public and private sectors. For example, ThaiID facilitates access to government services such as public health care, vehicle registration, and online tax payment without requiring additional data entry. NDID: The National Digital Identity Platform
This blockchain-based infrastructure is designed primarily to address digital Know Your Customer (KYC) mandates within banking and financial services. It’s intended to “enhance digital security to facilitate online transactions and enable wider access to banking and lending” via the user’s preferred mobile banking app. MNID: Mobile Network ID
Operated by participating telcos, the MNID system serves its mobile customers to facilitate identity verification and authentication.

These and other biometrics-based applications are designed to secure online transactions and prevent fraud. And they’re buoyed by regional collaborations like the ASEAN Digital Economy Framework, which seeks to standardize cross-border digital identity recognition. But there are hurdles. Unlike digital identity initiatives in Singapore and Estonia, where privacy concerns have been addressed through robust governance frameworks, Thailand’s initiative faces public trust issues and the fear of data misuse. Enhanced regulation and a surprising financial incentive may change that.

Tang Rat: Stimulus and a Step Toward Self-Sovereign Identity

One of the critical benefits of Thailand’s digital identity initiatives is convenience. Once registered, citizens don’t need to enter additional information when accessing services or manage multiple usernames and passwords—and biometric authentication adds an extra layer of security.

But a series of public sector data breaches, like the one that compromised the personal identity information of more than 55 million Thais earlier this year, threatens to erode trust in e-government initiatives like Thailand 4.0. Downloads of ThaiID and a new digital wallet within a super app called Tang Rat—which require submission of sensitive personal information such as the back of the national ID card and a unique set of codes for making digital transactions—have been tepid. Only 1 in 5 Internet users in Thailand have downloaded either of these apps. There’s no telling how many have uninstalled them.

Stepped-up regulatory mandates on data breaches and cross-border data sharing, and steep fines for non-compliance, are meant to stem concerns and incentivize stronger protections. Moreover, a significant benefit of digital wallets and their blockchain-based architectures is the use of globally unique identifiers that give users a cryptographically verifiable, decentralized digital identity. This approach sets the stage for self-sovereign identity (SSI), where authenticating users no longer requires personal data to be stored centrally on bank, government, or retail servers where it can be hacked. Instead, users can control what personal information they share, how it’s used, and for how long.

Then there’s that longer-term objective of Thailand 4.0. To accelerate adoption and help juice the economy, the Thai government is spending US$14 billion to preload digital wallets with US$300 in spending money for each person who downloads one.

What Should Come Next

This kind of incentive aside, I applaud Thailand’s digital identity initiative and the country’s embrace of digital wallets. In my view, digital identity’s success is predicated on distributed technologies and the architectural advantages they offer. This is especially crucial given the country’s ecosystem approach to digital identity. If deployed well, these technologies augur a day when someone applying for a car loan can choose which if any personal information to share, instead of opening their entire financial lives to a lender or dealer financing department.

It also means they could one day share third-party trust scores that allow them to demonstrate creditworthiness without revealing any personal information at all. Also promising: Thailand’s adoption of liveness tests during authentication of certain services.

But I do have one rather urgent piece of advice. To be most effective, the Thai government and its ecosystem partners would be wise to implement NIST-, FIDO2-, and ISO-type biometrics-based standards for its digital identity infrastructure and any associated liveness tests. Only then will they be able to defeat virtually any attempt at identity spoofing. And yes, if they were to seek my advice about the ideal setting for testing these technologies, my immediate response would be Phuket.

Interested in digital identity-based authentication but aren’t sure where to start? Learn more about 1Kosmos BlockID, the only NIST-, FIDO2-, and iBeta biometrics-certified digital identity platform—and schedule a free demo today.

The post Digital Identity Spotlight: Thailand appeared first on 1Kosmos.


IDnow

EUDI Wallets: Balancing privacy with usability.

Our Senior Architect, Sebastian Elfors recently participated in a panel discussion on the challenges of balancing privacy with usability when developing the EUDI Wallet. Here he shares his thoughts and concerns. As the co-author of the ETSI TR 119 476 ‘Analysis of selective disclosure and zero-knowledge proofs applied to Electronic Attestation of Attributes,’ I was recently […]
Our Senior Architect, Sebastian Elfors recently participated in a panel discussion on the challenges of balancing privacy with usability when developing the EUDI Wallet. Here he shares his thoughts and concerns.

As the co-author of the ETSI TR 119 476 ‘Analysis of selective disclosure and zero-knowledge proofs applied to Electronic Attestation of Attributes,’ I was recently invited to attend the ‘How far should privacy go? Privacy versus Usability’ panel discussion during October’s EU Digital Identity Wallets Forum in Spielfeld’s Digital Hub in the heart of Berlin. 

At the panel I was joined by panelists Steffen Schwalm, Principal Consultant at MSG, Mirko Mollik, Identity Architect at SPRIN-D, and Philippe Rixhon, Chair of the Management Board at Valunode OU; the hour-long panel was moderated by Michal Tabor, partner at Obserwatorium.biz. 

Throughout the lively and robust discussion, the panel debated and exchanged opinions on various matters, but there was one topic that panelists were in complete consensus early on: that user privacy would be essential when EUDI Wallets are rolled out across Europe in the coming years.  

The panel also agreed that the eIDAS 2.0 regulation contains the relevant articles and recitals that cater for mandatory selective disclosure and unlinkability when the EUDI Wallets are used to present electronic attributes. Simply put, the concept of selective disclosure allows a user to present a minimum of personal information to a verifier. The classic example is to prove that you are of legal drinking age when entering a bar, without revealing any more personal information than just your age. The principle of verifier unlinkability means that one or more verifiers cannot collude to determine if the selectively disclosed attributes describe the same identity subject. 

Assessing what has come before.

Earlier this year, I was appointed to co-author the European Telecommunications Standards Institute (ETSI) report ETSI TR 119 476, which provided a comprehensive overview of existing cryptographic schemes for selective disclosure, unlinkability and zero-knowledge proofs (ZKP). It also gives recommendations of data formats and protocols that are suitable for selective disclosure with the EUDI Wallet. 

 Similarly, the Architecture Reference and Framework (ARF) specifies the ISO mobile driving license (mDL) MSO and IETF SD-JWT VC as credential formats for selective disclosure, which are the same formats as proposed in the ETSI report. The ISO mDL MSO is a selective disclosure standard based on ‘salted hashes’ of attributes, which are CBOR encoded and signed by the issuer. Likewise, the SD-JWT also contains salted hashes of attributes, which are JSON encoded and signed by the issuer. As such, I believe the ETSI report and ARF are aligned with respect to credential formats. 

As the ISO mDL MSO and SD-JWT are digitally signed with cryptographic algorithms approved by SOG-IS (Senior Officials Group Information Systems Security), they can therefore be used by the EU public sector. The drawback is that ISO mDL MSOs and SD-JWTs must be issued batchwise to the EUDI Wallets to cater for verifier unlinkability, which adds an operational cost for the Qualified Trust Service Providers (QTSPs) and the PID Providers. 

There is, however, also an eIDAS 2.0 article that allows EU Member States to implement more innovative ZKPs on a voluntary basis. By using a ZKP scheme, the user can prove that a given statement is true, while not providing any additional information apart from the fact that the statement is true. 

 The more advanced ZKP schemes, such as BBS+ (named after its creators Boneh, Boyen, and Shacham) and zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge), have the advantages of providing full unlinkability and dynamic predicates, without the additional cost of issuing batches of credentials. There are academic research projects, such as the Cinderella project, which have implemented zk-SNARKs to “pick out” certain elements of a classic X.509 certificate or an ICAO eMRTD (electronic Machine Readable Travel Document according to the International Civil Aviation Organization standard, such as electronic passports), and shared those attributes with a verifier. This approach is also getting some interest from ISO/IEC, which may apply it on a standard for selective disclosure of the ISO mDL attributes. 

Certainly, these ZKP schemes need to be standardized before being considered for the EUDI Wallet. The IETF (Internet Engineering Task Force) CFRG (Crypto Forum Research Group) and ISO/IEC (PWI 24843 and CD 27565) are in the process of standardizing BBS+, which may result in BBS+ being referenced by a future version of the ARF.

The challenges of building an EUDI Wallet ecosystem. 

Privacy is clearly a complex topic when it comes to the ZKP protocols and related standards that need to be considered for the EUDI Wallet. When it comes to building a complete EUDI Wallet ecosystem, there are even further complexities: 

The eIDAS2 Relying Parties will be registered for specific use cases.  The QTSPs can issue Qualified Electronic Attestations of Attributes (Q)EAAs) with embedded disclosure policies, which restricts the use of how the EUDI Wallets can share the (Q)EAAs with Relying Parties.  The EUDI Wallets will implement access control rights, according to a new CEN TC224 draft standard.  Last but not least, the users must give their consent to share the (Q)EAAs or PIDs with Relying Parties. 

All of this creates a significant user experience challenge for the EUDI Wallet ecosystem, which will require it to be designed and tested thoroughly. 

Of course, an important topic when it comes to the EUDI Wallet is transactions. The panelists exchanged ideas on how QTSPs will be able to invoice the Relying Parties for (Q)EAA transactions, in case the QTSP is not notified about how the EUDI Wallet is sharing the (Q)EAAs. In other words, how can a QTSP invoice the Relying Parties without knowing who they are? 

There are a few potential solutions to this problem. The first is to count and share each EUDI Wallet Provider’s aggregated and anonymized statistics with the QTSPs. A second option could be to insert payment terms in the (Q)EAAs with embedded disclosure policies, which the Relying Parties must accept before processing the (Q)EAAs. A third option could be to extend the OpenID for Verifiable Presentations (OID4VP) with parameters to check for agreements between the QTSPs and Relying Parties. The OID4VP protocol will be used by the EUDI Wallets for presenting PIDs and (Q)EAAs to the Relying Parties, so it could make sense to extend this protocol to make an a-priori “check” with the Relying Party that there is an agreement in place, prior to sharing the (Q)EAAs. 

Given the complexity of the EUDI Wallet ZKP protocols, the challenges in creating an ecosystem of QTSPs and Relying Parties that is also a viable business model, we agreed that discussions need to be ongoing. These topics should preferably be considered by the policy makers in the EU Commission DG-CNCT. The EUDI Large Scale Pilots, which are currently underway, should also be encouraged to test the complex scenarios described above. 

Considering how important the EUDI Wallet will be to identity management in Europe, it is fundamental for the entire eIDAS 2.0 community to resolve these issues prior to the EUDI Wallets being rolled out at scale in Europe the coming years.

By

Sebastian Elfors
Senior Architect
Connect with Sebastian on LinkedIn


Indicio

Biometrics and Verifiable Credential pioneer Indicio launches “Bring Your Own Biometrics” Verifiable Credential solution to solve biometric fraud

The post Biometrics and Verifiable Credential pioneer Indicio launches “Bring Your Own Biometrics” Verifiable Credential solution to solve biometric fraud appeared first on Indicio.
Indicio’s market-changing solution gives people control over their biometric data, removes the need for centralized storage, and solves the challenge of generative-AI identity fraud, all while delivering the simplicity, privacy, and security that everyone needs to feel confident in biometric authentication. No need to abandon biometric systems, BYOB-VC can be added as a layer for rapid digital transformation. 

Today, Indicio announces the launch of its groundbreaking solution to the risks and challenges of biometric authentication, BYOB-VC solution: Bring Your Own Biometrics using Verifiable Credentials.

BYOB-VC is a simple, easy-to-implement way for enterprises or governments to authenticate portable biometric data without having to store it.

Simply give people their biometrics in a Verifiable Credential (as part of an identity assurance process) and require them to present the biometric template in the VC (held in a digital wallet on their mobile device) when they do a liveness check. Verification software compares the live biometric with the authenticated biometric in the credential.

This radically simplifies biometric authentication — and provides a simple, intuitive, and powerful way to bypass the risk of AI-generated deepfakes.

BYOB-VC was developed by Indicio for pre-authorized travel and seamless border crossing and is in use in Digital Travel Credential solutions. Now, it is available in an easy-to-implement form for any organization reliant on biometrics for authentication and access management.

Global surveys show public are alarmed over biometric security and privacy

BYOB-VC addresses deep public concerns over biometric authentication. The recent International Air Transport Association (IATA) Global Passenger Survey 2024 found that a majority of airline passengers are worried about biometric data breaches and how their biometric data is being used.

A global consumer survey by mobile payment platform Jumio found that 72 percent of respondents are concerned on a daily basis that they may lose money or sensitive data to a deepfake.

And a 2024 survey by GetApp found that only 5 percent of consumers believed that their biometric data was secure.

Giving people control of their biometric data and the ability to consent to share that data, as BYOB-VC does, is a critical step to reassuring the public and governments over the safety of biometric processes. It meets the demands of the  European Union’s Data Protection Board, which stipulates that “individuals should have maximum control over their own biometric data.”

By combining a liveness check with the cryptographic, tamper-proof verifiability of Verifiable Credential technology, BYOB-VC is the most powerful multi factor authentication available for biometrics — and it can be enhanced to meet the most critical security requirements by easily combining other Verifiable Credentials — such as a government-issued ID — to the authentication process.

Benefits

Portable trust

You can prove the source of the Verifiable Credential and that the biometric data in the credential hasn’t been altered or faked. You can prove that the credential is bound to the person presenting it.

Bypasses generative AI deepfakes

Biometric authentication is a quick, two-step process: the person presenting themselves for a biometric scan also presents their authenticated biometric template in a Verifiable Credential from their digital wallet. Verification software compares the two and they have to match. There are multiple layers of biometrics, cryptography, and other security binding the credential to the wallet and the wallet to the device and the device to the person.

Faster, flexible, and simpler biometric management

No centralized biometric storage. BYOB-VC removes the complexity around biometric systems. There’s no need to worry about them going offline or protecting against data breaches — because there’s no data to access! Verification software is simple and mobile, allowing you to take advantage of portable, trustable biometric authentication.

Makes data privacy compliance much easier 

By enabling people to store their own biometric data you’ve not only solved the security risk of centralized storage, you’ve solved the compliance challenge of centralized storage and data minimization.

Addresses critical public concerns over biometric data
With generative AI being used in ever more elaborate scams, BYOB-VC provides robust reassurance, not only that their data can’t be stolen but that it can’t be used in ways they aren’t aware or approve of. The IATA Global Passenger Survey found that 39 percent of people would reconsider using biometrics if they were reassured about their privacy.

Why the future of biometric authentication needs to be decentralized

Biometrics have emerged as a powerful, frictionless way to authenticate identity. They are better than username and password-based authentication because they can’t be forgotten, don’t need to be reset, and — in the case of an iris — are unique to an individual.

But as biometrics have proliferated as a method to access systems, the upside of their uniqueness has revealed a precipitous downside. Biometrics need to be stored in a database so that the verifying party can compare the scan of a person presenting themselves for a biometric scan with a stored copy of their biometrics. If they match, the person is authenticated.

This centralized storage means they are at risk of being stolen in a data breach, and when this happens, people cannot reset their fingerprints, faces, or irises.

And if this wasn’t a big enough existential problem, the rapid rise of generative AI has made it astonishingly easy to convincingly fake biometric data.

Entrust Cybersecurity reported a 3000% increase in deepfake attempts between 2022 and 2023, while Deloitte’s Center for Financial Services is predicting AI-generated “fraud losses to reach US$40 billion in the United States by 2027, from US$12.3 billion in 2023, a compound annual growth rate of 32%.”

So far, typical responses  range from “be more vigilant about security” to “don’t post detailed pictures of yourself online,” to “we need an AI solution to detect AI fakes.”

So simple, so fast, so cost effective

BYOB-VC is a simple way around both wishful thinking and an AI arms race, as it leverages the revolution in decentralized digital identity. Here’s how it works.

When a person has their biometric data first scanned as part of identity assurance, the data is digitally signed and issued to them in a Verifiable Credential that they hold on their mobile device.

Verifiable Credentials have three powerful features:

1 The source of the credential can be proved using cryptography.

If someone tries to manipulate the data in a credential, they break the credential. The credential is cryptographically bound to the person and their device.

By rendering the biometric template taken during identity assurance in the form of a Verifiable Credential, any organization can authenticate it using simple verifier software. The source of the credential is authenticated, the integrity of the template data is authenticated, and finally, the template data is compared with the live biometric scan, all in one seamless process.

BYOB-VC also bypasses the problem of deepfakes. Rather than just rely on a still or moving image, or a voice, you also ask for cryptographic proof of that same data created by a trusted issuer. And if you need further proof, ask them to add other Verifiable Credentials to their presentation, multiplying the layers of cryptographic proof and credential binding.

In use by Indicio customers and now widely available

BYOB-VC was pioneered by Indicio for use in travel, where a passport’s biometric data is compared with a liveness check and then issued as a Verifiable Credential following the International Civil Aviation Organization’s standards for Digital Travel Credentials. This enables travelers to use a Verifiable Credential for pre-authorized travel and seamless border crossing. Acuity Market Research’s The Prism Project described our biometric solution as “masterful.”

Now, Indicio’s masterful approach and technology is available to any company, organization,  industry or sector that wants a simple, powerful solution to managing biometric authentication.

Learn more about Biometric Authentication through Verifiable Credentials on Indicio’s website, or if you have specific questions you can get in touch with our team of experts.

Sign up to our newsletter to stay up to date with the latest from Indicio and the decentralized identity community

The post Biometrics and Verifiable Credential pioneer Indicio launches “Bring Your Own Biometrics” Verifiable Credential solution to solve biometric fraud appeared first on Indicio.


IDnow

Sealing the deal: IDnow Trust Services AB becomes Europe’s newest QTSP.

It’s official: IDnow Trust Services AB is now certified as a Qualified Trust Service Provider (QTSP) in the EU. We sat down with the Chief Executive Officer of IDnow Trust Services AB, Johannes Leser and Registration Officer of IDnow Trust Services AB, Uwe Pfizenmaier to learn more. In early 2024, IDnow began a joint venture […]
It’s official: IDnow Trust Services AB is now certified as a Qualified Trust Service Provider (QTSP) in the EU. We sat down with the Chief Executive Officer of IDnow Trust Services AB, Johannes Leser and Registration Officer of IDnow Trust Services AB, Uwe Pfizenmaier to learn more.

In early 2024, IDnow began a joint venture with system integrator and technology provider, ESYSCO to establish the newly formed QTSP, IDnow Trust Services AB. In October it was officially approved by PTS, the Swedish supervisory body, and is now listed as a QTSP on the eIDAS Dashboard by the European Commission.  

This significant milestone allows IDnow to offer a wide range of eIDAS-compliant digital signing solutions and ultimately offer trust services to our customers. For more information, check out our interview with Uwe and Johannes below. 

For those who may not be familiar with the term, what exactly is a QTSP?  

Johannes: A Qualified Trust Service Provider, or QTSP for short, is an entity that can create one or more trust services, such as electronic signatures, electronic time stamps, electronic seals or certificates in a qualified manner. What differentiates a QTSP from a Trust Service Provider is that it operates under stricter measurements and requirements as defined by the Electronic Identification and Trust Services (eIDAS), is independently assessed in regular audits by a conformity assessment body (CAB) and is required to have insurance due to reversed burden of proof in case of any disputes.  

Uwe: By using a QTSP, businesses benefit from an extra layer of security knowing that the products they choose are officially certified and audited by a higher authority. Although qualified trust services may or may not be required depending on the type of security an organization needs and the requirements of the country in which it operates, by choosing to do business with a QTSP, a higher level of confidence in security is achieved.  

What services will IDnow Trust Services AB offer? 

Johannes: As a QTSP, IDnow Trust Services AB can provide the following for now: 

Issue, validate and manage qualified electronic certificates for signatures and seals.  Deliver additional services such as qualified time stamps.  Persist identification evidence data.  Execute certificate revocation. Why will QTSPs be so important in the future of the digital signature market? 

Uwe: 72% of organizations in Europe still use a mix of paper and electronic documents. Despite this, the trend toward a fully digital signing process is just around the corner. In fact, the European digital signature market is predicted to be 7x times larger by 2030.  

As QTSPs are verified services under strict eIDAS regulations and requirements, they guarantee their customers a significant level of trust and security to adopt new solutions like digital signatures. Before becoming a QTSP, the entity is required to undergo rigorous and independent assessment as well as regular audits to ensure they remain compliant. As such, QTSPs offer greater legal certainty and higher security for electronic transactions and meet the same level of trust as paper documents. 

Expert guide to digital signatures. Download to discover: The different types of digital signatures Benefits of implementing a digital signature solution How IDnow can help unlock valuable business opportunities Read now What did the process of becoming a QTSP entail, specifically in relation to regulatory requirements? 

Johannes: To become a QTSP, a full understanding of the eIDAS regulation is crucial. eIDAS offers a uniform framework of guidelines to allow completely digital and legally secure cross-border contracts within the EU. It also defines the process and technology behind different types of services such as signatures, seals, time stamps, etc.  

Uwe: In order to qualify as a QTSP, the entity must ensure all legal and regulatory obligations are met, such as data protection and privacy requirements. Once established, the eIDAS assessment process is initiated with a CAB and an audit is carried out. After successfully passing the audit, a QTSP application is submitted with a supervisory body. Upon acceptance, the QTSP is published on the EU Trust List. 

What sets IDnow Trust Services AB apart from other QTSPs?  

Johannes: IDnow Trust Services AB is the first QTSP to offer SMS-free signing for digital contract signing. During the average digital signing process, users receive a One-Time Password (OTP) code that must be entered to authenticate the transaction. This step usually causes friction for users and companies, leading to 22% of drop offs coming from the OTP identification.  

SMS-free signing dramatically simplifies the signing process, eliminating the heavy-friction requirement of OTP codes and driving higher conversion rates. Plus, by eliminating the SMS step, fraud and operational risk is significantly reduced. 

What advantages does the creation of IDnow Trust Services AB offer to IDnow customers?  

Uwe: The combination of IDnow’s leading identity verification expertise and IDnow Trust Services AB’s advanced trust services will deliver unmatched value and secure, yet agile, solutions, including Qualified Electronic Signatures to future-proof businesses in a rapidly changing regulatory landscape. 

Key benefits include being able to easily navigate complex regulations like AMLD 6 and eIDAS. As electronic certificates are legally binding and dispute-protected, it can also help to reduce the risks of digital transactions in the EU. Plus, due to the Europe-wide validity of trust services, customers can now leverage IDnow’s pan-European approach to provide seamless, consistent services for cross-border growth.  

Johannes: By combining identity verification services with secure trust services, IDnow not only creates optimized processes, but offers unparalleled reliability and boosts confidence and trust in every transaction. 

As customers can perform identity verification and trust services from a single, unified and simplified process, they can benefit from streamlined procurement and contractual simplicity. 

What does the future look like for IDnow Trust Services AB? 

Uwe: As an eIDAS-certified QTSP, the outlook is very bright. The sky is the limit, especially regarding innovation. In the future, we hope to expand our product offerings and features as well as certifications.  

Johannes: In 2025, our plan is to equip more products with our QTSP features and explore new business use cases. Additionally, we plan on achieving another certification based on an audit that will support the forthcoming EUDI Wallet. Lastly, we plan to offer future-proof services such as QEAA (Qualified Electronic Attestation of Attributes) and advanced preservation solutions, all without sacrificing regulatory compliance. We are looking forward to the upcoming year and the many innovations we plan for our customers! 

Learn more about our range of digital signature solutions here

By

Kristen Walter
Jr. Content Marketing Manager
Connect with Kristen on LinkedIn


Ockto

Risicopartijen als partners in financiële innovatie

In streng gereguleerde marketen, zoals de financiële sector, zijn innovatie en flexibiliteit essentieel om concurrerend te blijven. Daarbij brengen strikte regelgeving en hoge compliance-eisen unieke uitdagingen met zich mee. Door vanaf het begin samen te werken met risicopartijen – zoals Legal, Compliance en Risk – kunnen organisaties de weg vrijmaken voor snellere en soepelere innovat

In streng gereguleerde marketen, zoals de financiële sector, zijn innovatie en flexibiliteit essentieel om concurrerend te blijven. Daarbij brengen strikte regelgeving en hoge compliance-eisen unieke uitdagingen met zich mee. Door vanaf het begin samen te werken met risicopartijen – zoals Legal, Compliance en Risk – kunnen organisaties de weg vrijmaken voor snellere en soepelere innovatietrajecten.


Innoveren in een zwaar gereguleerde sector - Jordy Stoelwinder & Hidde Koning - Data Sharing Podcast

In deze aflevering van de Data Sharing Podcast ontvangt host Hidde Koning Jordy Stoelwinder als gast. Jordy is werkzaam bij Vista Hypotheken als productmanager digitalisering en brondata. Eerder deed hij al ervaring op in dit gebied bij NHG en ING. Samen verdiepen zij zich in de uitdagingen rondom innovatie binnen een sterk gereguleerde sector als de hypotheeksector.

In deze aflevering van de Data Sharing Podcast ontvangt host Hidde Koning Jordy Stoelwinder als gast. Jordy is werkzaam bij Vista Hypotheken als productmanager digitalisering en brondata. Eerder deed hij al ervaring op in dit gebied bij NHG en ING. Samen verdiepen zij zich in de uitdagingen rondom innovatie binnen een sterk gereguleerde sector als de hypotheeksector.


IDnow

IDnow Trust Services AB certified as a Qualified Trust Service Provider in the European Union

IDnow Trust Services AB certified as a Qualified Trust Service Provider in the European Union Munich, November 5, 2024 – IDnow, a leading identity verification platform provider in Europe, announces its partnership with newly founded IDnow Trust Services AB, a certified Qualified Trust Service Provider (QTSP) under EU Regulation 910/2014 (eIDAS).[1] Founded as a joint […]
IDnow Trust Services AB certified as a Qualified Trust Service Provider in the European Union

Munich, November 5, 2024 – IDnow, a leading identity verification platform provider in Europe, announces its partnership with newly founded IDnow Trust Services AB, a certified Qualified Trust Service Provider (QTSP) under EU Regulation 910/2014 (eIDAS).[1] Founded as a joint venture in Stockholm in early 2024 between IDnow and ESYSCO, a system integrator and technology provider, the company offers qualified trust services, such as electronic signatures, time stamps, and seals, that combine security, compliance, and user convenience.

Innovation and leadership in the digital signature market

As a recognized QTSP in the EU by the Swedish supervisory body Post-och telestyrelsen (PTS), IDnow Trust Services AB will issue, validate, and manage electronic certificates and time stamps; capture additional information, such as qualified time; hold identification evidence data, and perform certificate revocation, while complying as a Certificate Authority (CA). The QTSP provides assurance of the existence of specific electronic data at a specific time, such as proof that documents have been submitted for processing.

One of the features that IDnow Trust Services AB will immediately enable for IDnow’s customers is SMS-free signing. This certified capability simplifies the signing process, eliminating the requirement of One-Time Password (OTP) codes and driving higher conversion rates. IDnow Trust Services AB is the first QTSP that will allow this new user authentication process, which is already acknowledged by different CEN and ETSI standards and which will revolutionize the user experience in the digital signature market.  

New joint venture secures trust and simplifies compliance

“We are incredibly pleased that our joint venture, IDnow Trust Services AB, is already bearing the fruits of our labor. At IDnow, we have long made it our mission to actively shape and lead the Know Your Customer and digital identity industry; we are now once again showing this leadership role by doubling down on trust services, as they are an essential part of the transformation of the digital identity market heralded by eIDAS 2.0”, says Andreas Bodczek, CEO of IDnow.

He continues: “In the coming years, our customers will benefit from the synergy of identity verification and qualified trust services, ensuring a compliant and efficient experience for all business-critical operations across the EU. This collaboration sets a new standard for trust and operational efficiency, positioning businesses for long-term success in the fast-evolving digital landscape”.  

Johannes Leser, CEO of IDnow Trust Services AB, adds: “Trust and liability is the backbone of all business, and it will be the driving force behind the global digital economy. IDnow Trust Services AB is committed to delivering innovative and highly dependable solutions to IDnow, its customers, and partners. With trust as our mutual foundation, we’re poised to revolutionize the European digital signature market, which is expected to be seven times larger by 2030 than it is today.”

[1] The electronic Identification and Signature (eIDAS) regulation defines a QTSP as a natural or a legal person who provides one or more qualified trust services.


Holochain

Mobile Holochain Applications Shipped!

Holochain in Your Hand

Volla has shipped their new Quintus smartphone with a Holochain-based app pre-installed.

I repeat, TL;DR: you can have a phone with a native Holochain app on it today.

That’s it. That’s the key takeaway of this article. Details below.

Volla Quintus

The Volla Quintus, a privacy-first smartphone, just began shipping and customers will be receiving their devices in the coming days. This phone runs both custom Android and Ubuntu Touch software, for a “Google-free” experience. Designed as an alternative to the surveillance-focused tech giants, Volla’s phones provide a realistic option for opt-out.

The Quintus is Volla’s most recent model, but they have been producing user-centered phones since 2020. They are dedicated to a distraction-free user experience, with interface tools like their Springboard which is a search-first launcher that allows you to interact with your applications without the overwhelming attention traps of the applications, notifications, and socials pushed on other platforms.

The App(s)

The Holochain-based Volla Messages is shipping