NYMs as Pseudo-Identities

Background

Pseudo-NYMSM would like to make the Internet a little more secure and a little easier to use.  


Consumers have grown acutely aware of their privacy online.  From data breaches, where companies lose client data because of hackers, rogue employees or simple mistakes, to the way advertisers track their activities as they travel the internet, concerns regarding online privacy have led to changes in privacy laws in several countries and technical changes in the way web browsers function.  Pseudo-NYMSM offers a solution to many of the problems with online privacy: Pseudo-Identities or ‘NYMSMs’.  NYMSMs are secure, reusable, anonymous credentials that replace passwords across multiple websites, neuter phishing and decrease the sharing of personal information.  NYMSMs are already supported in web browsers and servers.  


Pseudo-NYMSM is repurposing X.509 digital certificates with pseudo-identities as NYMsSM.  A pseudo-identity allows the certificate holder to identify and authenticate themselves easily and consistently across the Internet, as both an anonymous visitor and, if the certificate is mapped to a specific account, as the owner of that account.  As an anonymous visitor, using a NYMSM certificate protects the individual’s privacy until it is absolutely necessary to properly identify themselves.  As an account owner, a certificate can easily be mapped to multiple accounts across the Internet, replacing insecure passwords used to access them today.  

 

A Separate Identity


The idea of online identities that are separate and distinct from identities in the real world was proposed in 1997 by Sherry Turkle in the ‘Life on the Screen: Identity in the Age of the Internet’.  ‘Life on the Screen’ documented behavior where Internet users had abstract usernames different from their real names: alternative identities have continued today with ‘gamertags’. 


The use of different roles online applies beyond the gaming community.  In June 2017, the National Institute of Standards and Technology issued Special Publication 800-63-3: Digital Identity Guidelines.  The guidelines cover identity proofing and authentication of users interacting with government IT systems over open networks: 

 

  • “Digital identity is the online persona of a subject, and a single definition is widely debated internationally.  The term persona is apropos as a subject can represent themselves online in many ways.  An individual may have a digital identity for email, and another for personal finances.... Digital identity as a legal identity further complicates the definition and ability to use digital identities across a range of social and economic use cases.  ”  Page iv: Executive Summary  

 

  • “A digital identity is always unique in the context of a digital service, but does not necessarily need to uniquely identify the subject in all contexts. In other words, accessing a digital service may not mean that the subject’s real-life identity is known.”  Page 2. 


Pseudo-NYMSM supports having identities and roles in the online world that are separate from the physical world.  By issuing digital certificates with a fake identity, our service allows our subscribers to have different roles online while maintaining their privacy.  

 

Benefits of a New Identity in a Digital Certificate


Pseudo-NYMSM is providing digital certificates with pseudo-identities as a solution to many of the security and privacy issues on the Internet.  A digital certificate with a pseudo-identity available to a web browser and used in the HTTPS/TLS protocol has many benefits: 

 

  • A digital certificate supports multi-factor authentication: the private key is ‘something you have’ and the PIN used to access the private key is ‘something you know’[1]. 
     
  • In the words of Dr. Vint Cerf, our approach treats a certificate as an anonymous ‘Self Authenticating Identifier’.  
     
  • A digital certificate can be used securely across multiple websites and replace multiple passwords and other authentication technologies.
     
  • Digital certificates and the HTTPS/TLS protocol neuter phishing by providing a one time logon to each website, effectively making phishing a useless exercise. 
     
  • NYMSM’s are an ‘opt-in’ technology which, in certain use cases, addresses the concern of user consent.  
     
  • A digital certificate can also be used in lieu of 3rd party cookies, where the individual opts in with their pseudo-identity for advertising purposes.  
     
  • The underlying technology is already built into every standard web browser and server on the Internet today, including mobile devices. 
     
  • Digital certificates can be used for high risk services, where public key authentication is required, and can meet the objectives of the FIDO Alliance.
     
  • Digital certificates also significantly enhance the user experience: when available to a web browser, a digital certificate provides consistent and seamless access to a website. 
     

With the continuing challenges around online privacy, including data breaches, insecure passwords, phishing, 3rd party cookies, etc., Pseudo-NYMSM feels the time is right to revisit digital certificates with pseudo-identities as a strong alternative technical solution.  
    

________________
[1] National Institute of Standards and Technology issued Special Publication 800-63-3: Digital Identity Guidelines, page 12 - 4.3.1