WISeKey International Holding Ltd, a leading cybersecurity and IoT company has announced the launch of a new version of its WISeID App, which includes new features for secure email communication and stronger authentication.
Following the recent news about the misuse of people’s personal information from a data-mining firm, social media companies are working to upgrade their platforms to give users more control over their Digital Identity, although this is not enough to protect user’s personal information as the social network platform remains in control of the user’s Digital Identities.
Technologies like WISeID.com provide consumers with the power to control their privacy, so the right to understand what information is being collected, the right to be forgotten and the right to be deleted is always under the control of the user. A Digital Identity is like a Birth Certificate, it belongs to and it is always under the control of the user. Social media companies are creating pseudo Digital Identities with the data provided by the user, without their consent. In contrast to Social Network Credentials and Identities where social media companies provide users with ID credentials to access their services, WISeIDs are built to empower individuals who control the formalization of their identity, manage their digital personas, and actively monetize their personal data. These WISeIDs are used by global institutions, governments and other service providers to collaborate and share sensitive information outside of their internal, trusted ecosystems.
For almost two decades, WISeKey has contributed to the design and implementation of global standards for the internet’s long-missing identity layer: decentralized, point-to-point exchange of information about people, organizations, or things – enabled by blockchain and certified by cryptographic Root of Trust. WISeKey’s technology, products and services are used by individuals and organizations to facilitate this control and as consequence to be in compliance with the new European General Data Protection Regulation (Directive 95/46/EC), known as GDPR (approved by the European Parliament in April 2016; will take effect on May 25, 2018), the primary law regulating how companies protect EU citizens’ personal data.
To that effect, WISekey has launched an enhanced version of WISeID, adding easy to use strong authentication and email security capabilities that can remediate threats like phishing, ransomware or identity theft. The use of passwords implies risks, as it’s a simple security factor that can be stolen using phishing techniques (e.g. a fake email from the bank asking the user to log into a rogue web page using eBanking credentials) or it can be simply guessed if not complex enough (many users prefer to use simple passwords, by fear of forgetting it).
Strong Authentication is a mechanism able to enhance security by complementing the traditional username/password access to online services with additional security factors, like biometry, hardware tokens and one-time-passwords. Additionally, secure eMail techniques allow confidential messages to be exchanged encrypted, and to affix a “digital signature” to the outgoing email, ensuring the recipient that the message comes from a genuine person and that has not been manipulated in the way.
Nevertheless, the above techniques haven been always cumbersome and expensive to adopt for non-technical users, which aren’t necessarily high-tech experts, willing to secure their digital life with easy-to-use applications and mobile devices.
WISeKey’s WISeID is a mobile suite of applications that bring security to consumers and professional users when storing confidential information and communicating with their mobile devices. The main App in this suite, WISeID Personal Vault, has been just enhanced to include two main features:
WISeID Authenticator: a secure login feature, based in the HMAC standard and compatible with Google Authenticator, which works with many existing online services like Gmail, Facebook and others. When login in one of the compatible websites, the user can generate an “one-time password” directly from WISeID and use it to reinforce its regular password, making very hard for a hacker to steal user credentials and get access to important resources like confidential information, eBanking services, etc.
Free Digital Certificate: the new WISeID simplifies the steps to generate a digital certificate and integrate it with the device system applications like email, making thus easy to secure email with encryption and digital signatures. This service is based in standards like X.509 and S/MIME, so compatible with any device and operating system.
WISeID uses a “freemium” business model, so users can use most features for free, while some enhanced capabilities, like the backup of confidential information in WISeKey’s hyper-secure cloud systems hosted in a secure datacenter in Switzerland, are paid-for features.
It is critical to ensure that personal data is managed for legitimate purposes and with user consent. The recent user data scandal, is just one example on how personal data can be captured, exploited and misused. Managing consent appropriately is a challenge for many organizations, and WISeID solutions for electronic signatures can provide a highly secured mechanism to process these consents in a way which is both legally binding and convenient, by reducing the need to manage paper documents. The entire debate to protect users against social media abuses should focus on the need to force these social media platforms to offer their users a secured platform and ability to protect their personally identifiable information (PII).
Protecting users PII is important to avoid impersonation and identity theft and to data mine their personal data. WISeID give users the ability to control and protect their confidential data as the PII is encrypted before leaving the user’s device, with strong keys derived from a password that users choose and which is never communicated to WISeKey or third parties. Also, the rationale and the purpose for collecting user’s data is transparent and the consent of the subject is obtained in advance, making sure that users are always in control of their PII. “Basically, users don’t mind providing social media companies with their personal data if that data cannot be used by third parties to track them and their identity,” noted Carlos Moreira, Chief Executive Officer and founder of WISeKey.