Unit 9 IP Socio-Technical Plan Part 2  ( Final Post ) 

 

 

 

 

 

Futuring and Innovation 2

 

Michael Pry

Colorado Technical University

CS875 Futuring and Innovation

Unit 9 IP

Dr. Calongne

October 16, 2022

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Sociotechnical Plan for Implantable Biometric Identification – Part 1

Introduction:

In every society, there is a need for its citizens to be able to identify themselves. This is driven by the need for individual accountability for their actions to differentiate the group members from one another and regulate access to resources. In the field of cybersecurity, personal identification falls under the domain of access controls. "Access control is a way of limiting access to a system or physical or virtual resources. In Computing, access control is a process by which users are granted access and certain privileges to systems, resources, or information (Techopedia, 2017)." With this definition, the purpose of access controls is understood as a way of limiting access to resources, otherwise known as control of access. In cybersecurity, we control access to resources to provide for the confidentiality of data so that only those with a right to see it can see it. We also provide control of access to data so that we can provide for integrity. With access controls, the integrity of data is maintained by preventing unauthorized changes to the data. Access controls also provide for accountability. Need information technology-based access controls are supported through a logging process, which documents user actions and records a date and time of those actions, providing a future audit trail should it. Access controls also apply to physical structures. The rights to enter a building and gain access to a room, vehicle, or other physical resources must also be controlled. "In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security (Techopedia, 2017)." Access controls are necessary for information technology or physical resources to ensure the security of assets, an orderly and well-regulated workplace, and society as a whole. 

 

Access controls have many forms, including a user id, a unique identification made up of letters, and numbers used to tell people or systems apart from one another and assign roles and rights. The user id is the central construct in access rights management. A user id is commonly paired with another secure identifier such as a password (something that I know), a unique swipe (something that I do), or a biometric identifier such as a fingerprint, retina scan, or facial image (something that I am) (Maayan, 2020). The combination of the user id and password is used to authenticate and authorize an individual with access to a system and its resources. An emerging methodology of using multifactor authentication is now being added to using a user id and password as another way to authenticate a user further and reduce the risk of compromised credentials. Modern access controls have become reliant upon the user id, password, and multifactor authentication process to validate users and control access to resources. However, a problem exists in this model: users forget their passwords have their passwords compromised by hackers and resist adopting what is perceived as additional complexity with multifactor authentication.

A future innovation that may have the promise of solving the problem of users remembering their user id's for multiple systems, remembering their passwords, creating passwords that are strong enough to resist a brute force attack and to overcome the perceived added complexity and inconvenience of multifactor authentication is the "human microchip implant" with multifactor biometric identifiers using a single sign-on passwordless model of identification, authorization, and access control. To provide a name to this future innovation, which is a composite of current technologies supplemented with future technologies, we will call it Prydentification. The Prydentifciation technology has the vision of using an implantable microchip placed in a person's right forearm. This microchip would use radio frequency identification (RFID) technology to read the encoded user id from the microchip. The user id would be a form of digital certificate cryptographically generated from a person's DNA molecule (Kar, 2018). When a person needs to sign into a computer system or enter a building, they will pass their arm near an RFID reader, which will pull their user id, and then the system will scan their face to authenticate them to the system to authorize their access. For information technology systems, the process will take another step and combine the MAC address from the person's computer to generate a secure token that will be used to sign them securely into all applications and processes they are permitted to use. Their PC's MAC address will serve as a form of multifactor authentication and allow the creation of a passwordless system. The MAC address will be compared to a table of permitted MAC addresses maintained by the system administrator. Prydentifcation credentials will be authorized to use all approved systems when used in conjunction with the users. The future innovation of Prydentifcation access control will revolutionize access controls for the modern era by eliminating user frustration with the current model and through improved security controls that will be resilient to any attack. 

Scope:

              The Prydentication innovation will contain the following features.

1.       The use of human microchip implants for storing user identification information. This feature will benefit end users by eliminating the need to remember multiple user identification names, and it will help system administrators by eliminating the risk of forged credentials. 

2.       Using a cryptographically calculated digital certificate based on the user's DNA molecule. This will create a unique user id that cannot be guessed or calculated by a hacker and will help assure the end user's positive identification for logging and accountability. It will eliminate sharing user IDs and passwords, which currently reduces the effectiveness of modern access controls.

3.       For information technology systems, using the end user's computer's MAC address in creating the single sign-on token and combined with the user's digital certificate will further contain the authorization to access resources to only known and trusted individuals using only known and trusted devices.

4.       One significant limitation of this model is that it assumes the end user will always be using a known computing device where the MAC address has been added to the authorized database. It would eliminate a person's ability to use other devices to access resources. 

Purpose:

              The Prydentification technology is needed to provide for improved cybersecurity access controls, improve the users experience with security, and address emerging risks of compromised user credentials. 

Supporting Forces:

              The forces that would support the adoption of the Prydentificaiton system include the following:

1.       It would address end users frustration in remembering multiple user ids and passwords.

2.       It would eliminate the need for individuals to carry identification cards

3.       The technology already exists in many forms, and this model would adapt to existing and proven technologies.

4.       Successful experimentation has already occurred related to human implantable chips.

5.       Cybersecurity breaches have been increasing over the years and compromised user credentials are one of the top reasons these breaches have been successful. The Prydentifcation model would eliminate the risk of compromised credentials and end the volume of security breaches that affected the world.

6.       The Russian War in Ukraine and the Russian use of cyberwarfare has significantly elevated the United States focus on preventing cyber-attacks through improved user credentials and multifactor authentication controls. This model would further carry that mission forward when the risk is perceived as high, and the response to the risk is perceived as inadequate.

Challenging Forces:

              The most challenging aspect of the Prydentifcation model is the use of human implantable chips. There are three known challenges to using microchip implants: society, business, and technology. Concerning the technology, it is not yet fully understood if the chips could be hacked and data extracted, thus compromising the chip. The impact on health and having a chip placed in our body has not been studied enough to know if there are any long-term consequences (OpenMind BVA, 2021) . The second relates to business and how businesses use chip data to deliver business and employee productivity insights. The risk of employee privacy and people's response to having their employer require the implanted chip may have socio-economic consequences (OpenMind BVA, 2021) and finally, there is society. Community members are expected to have concerns about their personal privacy and security. Governments such as the California State government have already enacted laws such as the CCPA or "right to be forgotten" provision, which may add new rules for the use of this type of technology and how the data collected from it can be stored, used, and shared (OpenMind BVA, 2021). The formidable forces of this model are many. With all of the moving parts, including the perceptions and fears of society and the response to government regulations, there will be many challenges to overcome between the vision of this product and its successful adoption.

Methods:

              To begin to uncover the response society may have with the use of the Prydentifcation technologies, a research study should be performed. The Nominal Group Technique would be a valuable methodology to uncover societal perceptions of using the Prydentification technology. From a research perspective, it would be helpful to know if people would embrace or resist implanting a chip into their arm. To gather these perceptions, the Nominal Group Technique would provide for gathering the input of all identified focus group members. NGT is useful when some group members are more vocal than others when some prefer to think and respond in silence, when there is a risk that some group members may not participate, and when the issue is controversial and heated conflict is expected (ASQ, 2022).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Sociotechnical Plan for Implantable Biometric Identification – Part 2

 

Models:   

              The process of modeling an innovation and discovering the attributes that would make up a socio-technical plan will begin with the creation of a functional model. The movement to a functional model will require ongoing research and problem solving. To focus the development of the functional model it is important to identify the top problems that exist in the current state, to develop their solutions and design the vision of the future based on this problems being solved. The attributes of the current state is that chip implants do exist, as does DNA coding, single sign on and passwordless security based on the use of digital certificates. The top barriers that exist between the current state and future state include chip implantation without a painful injection, the ability for the chip to be scanned by someone nearby, the ability of the scanning process to be hacked or jammed and the creation of a quantum cryptographic methodology that would create the unique user id which would embedded on the chip. The future functional model would thus include a rapid DNA scan to perform an identity uniqueness match that would be based on the chips embedded user id that was created using the persons DNA as the cryptographic key used in a quantum cryptographic algorithm that produced the unique digital identify of their person. Once the functional model is through its original production it would move into the testing phase and a testing plan would be developed to assure participation of a demographically disperse population that would provide feedback on the model and their experience using it. A second test would be performed which would be a vulnerability analysis and penetration test that would be conducted blindly be three separate vendors to attest to the security and usefulness of the model. 

 

 Analytical Plan:

              The analytical plan for the functional model and its socio-technical plan would follow the P.E.S.T. framework (Wade, 2014), the testing of the model would validate its technical implementation, and the use of the Delphi Method on the test subjects would provide for feedback based on the end user experience and side effects. This data would be analyzed to support the determination of the feasibility of this model. Once the models feasibility is determined from a technical implementation perspective, then the models socio-technical plan would be vetted. The four dimensions of this analysis would include examining the political risks and impact to the model, the economic forces that may affect the model, and the sociological / human factors that would influence adoption and the technical risks and limitations of the model as well as the potentiality of future disruptive technologies on the model.

Anticipated Results:

              The results of analysis are expected to produce data in five categories to include feasibility, political, economic, social, and technical risks. The feasibility study is expected to produce positive results concerning the technical implemented of the Pryidentification methodology. The greatest challenges with respect to the technical implementation will be the creation of alternate methods of identification validation in the event of a network outage. The analysis of the political risks is expected to show a strong anti-chipping platform that is advocating against the model because of its invasiveness. The alternative political view will see the potential of the product for use in the government sector and may advocate for its limited use in top-secret government operations and this will serve as a group of early adopters. Economical the analysis will show that this is ultimately a low cost access control mechanism that provides a higher level of security at a cheaper cost. The economics of adoption would provide for a quick return on investment at the local level of individual businesses. At the higher level of the stock exchange and raising capital to fund investment into this project, the risks are similar to the political risks in that some investors will likely see this technology as being a turn off for people and will see it as a poor investment because of the risk of user adoption. The other group of investors will see it as an emerging market and will take a chance with it. Sociologically the analysis is likely to show that the user adoption of this product will occur with people that are already comfortable with technology and will appreciate the ease of use and efficiencies Prydentification will begin to their lives. For those that distrust technology, feel there is a risk to their privacy, or do not want a chip implanted in their body, then they are not likely to adopt its use. This group of users will likely follow other technology adoption life cycles where they may reconsider adopting it after several years of use by others. Finally are the technical risks. The technical risks are greatest with someone reading the chip that is implanted in the person and other collecting sensitive information or altering information. Protocols will need to be put in place that limit remote access to the chip and limit the data that can be taken from it. In conclusion, the analysis should prove positive for the majority of the test group. 

 

 Conclusion:

The Current State Of Access Controls:

In 2022, access controls are a very important component of technology adoption. Simply put, there is a need to limit access to information technology resources to only those that have an approved reason to access them. Information technology resources can include access to applications that perform tasks for us such as email, enterprise resource planning tools, databases, and files. The current model for providing access controls include the use of a unique user id that identified the person trying to access resources and a password that only that person knows. The combination of the user id and password and used to authenticate a user. Once a user is authenticated, it is then possible to provide them with authorization to access resources.

The Problem with the Current State of Access Controls:

              A problem exist in the current state model that relies upon passwords as a way to authenticate a user’s to a system   This problem is associate with the end user forgetting the password and the other is with the password being compromised and used by an unauthorized person. Users are required to create complex passwords that cannot be guessed, this complication makes them hard to remember, and as a result, people forget their passwords and need to go through a process of resetting them. The process of resetting them results in a reduction of their productivity and dissatisfaction.  The greater risk is an unauthorized person gaining access to the user’s password and with it gaining access to a system. New methods of multi-factor authentication are evolving that help to mitigate these risks but they also add complexity and frustration to the end user. A model is needed the provides for strong security but ease of use by the end users.

 

 

 

 

Prydentification

              A potential solution to the current state access control problem is the Prydenfication model that creates a unique digital certificate produces through quantum cryptography that uses a person’s DNA code as the secret key to feed into the encryption algorithm that produces the digital certificate. This digital certificate is then stored on a server called a certificate authority and is used to produce a daily single sign on token end users can use to access all of their approved systems.   The digital certificate is then stored on a chip that is implanted in the person for ease of use. When a chip reader activates the chip, the chip will compare the DNA code of the person from their cells and compare it to the DNA code located in the reference section of the chip, if the two match the chip will transmit the digital certificate stored in the certificate section of the chip. Once the chip reader the chip reader reads the digital certificate, will compare the read digital certificate to a server to determine if access to the resource is authorized and if so grant access? This model solves the problem of the current state by eliminating the need to remember passwords and by eliminating the need for the end user to take time for multi factor authentication methods. 

Socio-Technical Plan:

              The successful adoption of the Prydentifcation system will require a well-defined socio-technical plan that will address the concerns related to end user adoption, adoption by society as a whole, adoption by the market and be one that is resilient to the potential forms of future disruptive technologies. Once the technology is proven technically feasible, it will need to be tested. Once successful testing has concluded the end user adoption process will be examined. Using the Delphi Method, a broad cross function demographically disperse population of early adopters will be tested to vet both the positive and negative perceptions and user experiences of the technology. This underlying study will then serve as the basis for further defining the influences of the political, economic, social, and technical forces that will in the end determine the success of Prydentification as a trusted access control model. 

Areas of Future Research:

              The areas of future research that would support the Prydentifiaction technology would include methods for non-invasive scanning of a person for DNA recognition. In a model there would be no need for the invasive injection of a chip into a person, rather a technology would be developed that was so sensitive that it could simply scan a person and read their DNA code. The system would then compare the DNA code it read against a database of DNA codes that are approved for access to a system. The research would be on the creation of the scanning technology. 

              Another area of future research could be the use of DNA for storing external data. The research in this domain would seek to discover if data can be encoded into someone’s DNA and their cells used as a storage platform similar to today’s hard drives. In this model, a digital certificate could be encoded into the persons DNA eliminating the need for the invasive implantation of a chip in their person. 

              An area of potential study from a socio-technical perspective could be performed on overcoming bias and facilitating user adoption. This study would be examining the reasons why someone would not want the chip embedded in their person and seek methods to help mitigate the risks to use adoption. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

ASQ. (2022). What is Nominal Group Technique? Retrieved from ASQ.org: https://asq.org/quality-resources/nominal-group-technique

Kar, D. M., Ray, I., Gallegos, J., & Peccoud, J. (2018, August). Digital signatures to ensure the authenticity and integrity of synthetic DNA molecules. In Proceedings of the New Security Paradigms Workshop (pp. 110-122).

Maayan, G. (2020). 5 User Authentication Methods that Can Prevent The Next Breach. Retrieved from ID R&D: https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-next-breach/

OpenMind BVA. (2021, April 05). Technology Under Your Skin: 3 Challenges of Microchip Implants. Retrieved from BBAOpenMind.com: https://www.bbvaopenmind.com/en/technology/innovation/technology-under-your-skin/

Techopedia. (2017, November 29). Access Control. Retrieved from Techopedia.com: https://www.techopedia.com/definition/5831/access-control

Wade, W. [GLOBIS???]. (2014, September 3). Woody Wade: "Scenario planning" - Thinking differently about future innovation [Video]. YouTube. https://www.youtube.com/watch?v=MKhUKHzE8hk

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

 Unit 8 DB 1  The impact of disruptive technology: It was the year 2005, and Eastman Kodak had just celebrated a banner year with $11, 895,000,000. In revenue. Much to its dismay, that would be its best year in recent history. From 2005 to 2012, their revenue declined until it hit its bottom at $812,000,000. Since then, its revenue has remained relatively flat (Statista, 2022).  This is a case study of how good management practices can have a negative impact if an organization does not invest in disruptive technologies. Perhaps this very concept can seem counterintuitive, but the idea is simple. Kodak was a successful company that was the incumbent organization in the digital camera revolution. It had most of the filmmaking market share and fine-tuned its processes to be efficient. Kodak’s management team was an example of “Christensen’s theory of disruptive technologies (Lucas, 2009). This theory suggests that managers do not invest in disruptive technologi...
Read more
 Unit 10 DB 1 Video Click here:> https://animoto.com/play/tNcfS42i5NX0XEP6bsROJQ Hello Futuring and Innovation Enthusiast.   I am excited to share my truly awesome video highlighting the key components of my socio-technocal plan which highlights my truly imaginary and far fetched vision of a future in which all humans would utilize a new access control device that would incorporate some of the technologies of today such as a user id, single sign on and biometric identifiers but one that also includes a futuristinc design where a computer chip is embedded in a persons arm and this chip is coded to the persons DNA.  With the DNA coding the chip could only be used by them.  The futuring innovation would also include a new form digital certificates that are built on quantum computing and unbreakable.   Preview: 1. A chip would be coded to a persons DNA, 2. A digital certificate would be created using quantum cryptorgraphy and using the persons DNA code ...
Read more