Wednesday, 27 September 2023

Digital Trust

 

What is Digital Trust?

  • Digital trust is the confidence users have in the ability of people, technology and processes to create a secure digital world. 
  • Digital trust is given to companies who have shown their users they can provide safety, privacy, security, reliability, and data ethics with their online programs or devices.


Today's Problem

  • Digitisation is constantly evolving and changing yet not implemented to fullest
  • Some transactions involve a mixture of conventional and digital methods
  • Control is lost when data is online
  • Fear of frauds, hacks, loss, breach, and so on
  • Uncertainty due to lack of awareness 
  • Solution? 


Need of Digital Trust

  • Legal dependence on email or other digital documents
  • Make payments online, integrating bank accounts
  • Have a reliable and auditable digital systems
  • Trust online presence of unknown companies (remote working), restaurants, hotels for online bookings. 
  • Negotiate contracts online


Concepts of Digital Trust:


Technical Requirements

  • Unique Identity access management
  • Public Key Infrastructure (PKI) for digital certificates
  • Federated trust between organisations 
  • Trusted time-stamping service for digital signatures
  • e-assurance service provider
  • Archiving


Privacy 

  • Encryption 
  • Data collection justification - Ex.: "Not for marketing email", "Do not pass to 3rd parties", "For credit reference only', etc.
  • Data Retention & Disposal - Expiration date, deletion & purging
  • Digital signature by the original data issuer
  • Data Tagging - Define purposes to be marked in the record 
  • Consent and Disclaimers


DRM

  • With latest technology and application to be able to facilitate a way to digitally manage and implement Digital trust
  • Reasonable prevention of printing, copying, forwarding etc. Ex: Aadhar Validation
  • Convergence of the technologies used for signing with DRM. Ex: Docusign 


Legislative Requirements

  • Governmental, Judicial and Law enforcement support
  • Framework for recognition of digital assurance services 
  • Pass laws and standards 
  • Monitor and Regulate



Building Digital Trust

Attributes of Digital Trust - An Example


Building Digital Trust

  • System Rules, which govern the interactions between members 
  • A Legal Structure, which identifies the rights, responsibilities, and liabilities associated with participation in the federation, 
  • A way of Establishing Conformance across its members, and 
  • A way of Recognising that Conformance.


System Rules 

  • A fundamental purpose for building trust frameworks is to define the identity management operations and technical requirements needed to support the identity federation and to clearly assign responsibility for performing those operations. 
  • Since federation members expect and need to trust those identity management operations, the identity management operations of the federation are typically presented as requirements or rules. 
  • The federation members responsible for performing specific operations are expected to demonstrate conformance with the rule set specific to their role.


Legal Structure 

  • Trust frameworks present the operational and technical requirements for federated Identity management, and must also provide the legal basis to bind those requirements to federation members. Identity federation members voluntarily agree to participate in the federation and follow the trust framework rules. 
  • While there are varying means to bind members to federation rules, the most straightforward and common method is through contract or agreement. 
  • Members become legally bound to the trust framework rules through signed agreements to comply with the operational and technical rules as well as the legal rules, rights, and obligations of federation members. 
  • Therefore, trust frameworks and associated member agreements form a contract-based legal structure which applies to all federation members. This legal obligation is critical for providing the assurance and trust for the federated identity system.



Establishing Conformance 

  • Establishing and enforcing conformance amongst its members to its set of agreements and operating rules is vital to an identity federation’s functioning. Conformance is the degree to which a federation member has implemented, and is adhering to, the rules of the federation. 
  • The amount of rigor, and therefore burden, an identity federation requires of its participants in demonstrating conformance to its trust framework should be commensurate with the degree of risk it is designed to address. 
  • Frameworks that accommodate different kinds of transactions, with differing amounts of risk, may choose to offer multiple levels of conformance based on a graduated set of rules and requirements. It provides options a Federation Administrator may consider when defining how they will establish conformance amongst its members.


Recognising Conformance 

  • Conformance recognition is the process by which identity federations enable their participants to communicate alignment with the technical rules and legal stipulations of the framework. 
  • It is done only after completion of the selected conformance testing process. It is not enough for federation participants to simply establish their conformance; they must also be able to communicate that conformance to other federation members. 
  • In addition to establishing cross-boundary trust, enabling discovery of approved services and entities, and—in some cases—promoting a competitive service market, trust frameworks must also be able to support mechanisms for the communication and recognition of conformance. 
  • There are many ways this can be achieved, ranging in complexity from a simple registry or listing service, to trust marks and digital certificates. There are even emerging approaches that seek to express federation conformance through dynamic and machine readable mechanisms to allow for real time federation and inter-federation



Summary

Building Digital Trust in closed-context boundaries like within an organisation. 

Building Digital Trust in open-context to co-exist with your system like inter-organisational trust.

With the dynamic changing needs of modern digitisation of daily lives, trust becomes an important factor.

World has been evidencing many breaches of trust in today’s world. 

Understanding digital trust is a good step to become more trustworthy in digital world.



























at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

EchoLeak Vulnerability Exposes Microsoft 365 Copilot to Zero-Click Data Theft

🚨 Critical Alert: A wake-up call for AI security in enterprise environments Microsoft has just patched a critical vulnerability that shoul...