“TV Everywhere” is an exciting concept that potentially brings to reality what a lot of people in the 1990s were calling “convergence.” The idea back then was “one wire” into the house that would carry all of the content and services for a household, and the question was: Who would be that one provider? Mobile devices that are continuously connected have created the opportunity to rethink the relationship between services or content and the consumer.
The idea that the consumer now is at the center, and not the hardware or the network connection, has the potential to change communication technologies and media content delivery profoundly in ways we have not even begun to imagine.
“This consumer-centric future requires a different concept of what constitutes an ‘account’ and its rights.”
This consumer-centric future requires a different concept of what constitutes an “account” and its rights. A household as an account no longer is sufficient; the new requirement is to have a 1:1 relationship with each consumer. That individual still is able to be a member of a household and to share the rights of that group. This 1:1 relationship creates two essential requirements: identity and authentication. In order for an individual consumer to access services or content, that consumer has to present an identity claim and have that claim be authenticated in some way. Identity is an interesting and hotly debated topic but, for simplicity, let’s just agree that, in this context, “identity” simply is a representation uniquely associated to me as an individual – my name, Social Security number, email address, mobile number, driver’s-license number, account number, etc.
Authentication becomes an important process in a world where my identity becomes the key for access to services and content. Authentication is not static; it is the process by which a claim of identity can be proved to some degree of accuracy. Authentication factors can be “What You Know” ( aka Knowledge Factor), “What You Have” ( aka Token or Possession Factor) and “Who You Are” ( aka Biometric Factor). Knowledge factors inherently are flawed in that, as soon as a “secret” knowledge factor is used for authentication, it is “exposed” and no longer a secret. The more it is used, the lower the strength it has as a valid authenticator.
Tokens can be a strong factor as long as the user maintains physical control, but there is no way to determine who has control of the token. Biometrics can be quite portable and, when implemented properly, can be strong, secure authentication. However, the combination of multiple authentication factors is the practical answer.
When it comes to identity and authentication, there always is a trade-off between convenience and security. Sometimes privacy is sacrificed in the process. To maintain privacy, the identity and authentication have to be treated independently — in other words “Anonymous Authentication,” which sounds like an oxymoron but is available commercially.
The balance between convenience and security is a tricky proposition as well, because the requirements are variable, based on the particular application and the specific event. As such, a system that provides the ability to balance the convenience/security trade-off is required. This takes some effort on the part of the service or content provider to build business rules, but it will result in a better consumer experience without sacrificing security requirements in the process.
Paul S. Heirendt is president of TradeHarbor Inc. Contact him at firstname.lastname@example.org.