In my prior post, I introduced how an online credential could help people trust each other in online communities. Such a credential, however, would only be as good as its reliability. An offline passport or driver’s license contains reliable information that is verified by governments, though two strong forms of validation: in-person registration and difficult-to-forge documents. Without access to either validation technique, how can we verify identity data?
As a point of departure, consider a typical profile on a social network (e.g. Facebook, MySpace or LinkedIn). If reasonably complete, such a profile provides all of the identity data needed to establish someone’s identity online -- first name, last name, photo, age, location, etc. However, a social network profile cannot work as a passport for the Web -- not without modifications. Why? Not everyone self-asserts truthful information about themselves. For instance, a RapLeaf study found that 69-year olds are disproportionately highly represented in social media sites. As this instance indicates, many untrue self-assertions are entirely harmless. Yet, they prevent social network profiles from being used as an online identity credential -- not without some means of validating their data.
Our approach is designed to transform social network profiles into a reliable online identity credential, by verifying key identity attributes like age, gender, etc. and presenting them in a standard format across various types of social media.
Here, the trickiest part is to verify self-asserted social network profile data -- there is no data source that can authoritatively bind a profile (or any other virtual identity token, like an OpenID or even an email address) to a legitimate off-line person and his/her identity attributes. Public records databases can verify many US-based adults. However, this approach has two major problems. Public records databases are often inaccurate -- and subject to the John Smith problem. People who share the same names (i.e. the gazillion John Smiths in the US, UK and other English-speaking countries) are easily confused with each other. Credit reports are an alternative, but financial identities often the subject of targeted identity theft. Even if they worked perfectly, they cover only US-based adults -- although people of all ages all over the world use the Internet.
AssertID uses a completely different approach, which takes advantage of the duality of online social network profiles. On one hand, these profiles present the information people provide about themselves -- age, photo, name, etc. On the other hand, these profiles provide information about people’s connections with other people -- in other words, each individual user’s unique Circle of Trust. The AssertID approach asks users to vouch for each other -- or verify that their friends are who they say they are. By analyzing the number and structure of these verifications (the “social graph”), AssertID can assess the legitimacy of individuals’ self-asserted social network profiles. In a very simple analogy, AssertID provides something that looks like a credit rating (e.g. FICO) using a process that somewhat resembles Google’s PageRank algorithm.
Skeptics would undoubtedly note that people can ask their friends to verify fake attributes. For instance, a married man might ask his drinking buddies to verify that he is single, for the purposes of moonlighting on online dating sites (as so many people actually do). Similarly, teenagers might verify each other to gain access to adult-only sites.
AssertID defeats such attempts by adopting the following principles:
- Attributes that have been verified by a greater number of people can be considered more reliable.
- Attribute verifications made by people whose own attributes have been verified by many other people carry greater weight.
- Verifications of the same person by two people who know each other carry less weight than verification of the same person by two complete strangers.
These principles are based on 50 years of research by social network analysts, borrowing especially heavily from Mark Granovetter’s concept of embeddedness.
AssertID has created a proprietary algorithm that combines these social network analysis principles with best-practices in the online security world. This algorithm, and associated process, is patent pending.
Using the intellectual property that we have developed, the AssertID team is currently designing an embedded Facebook application that transforms profiles on Facebook into verified online identity credentials. My next blog post will provide more information on this project.
AssertID uses a completely different approach, which takes advantage of the duality of online social network profiles. On one hand, these profiles present the information people provide about themselves -- age, photo, name, etc. On the other hand, these profiles provide information about people’s connections with other people -- in other words, each individual user’s unique Circle of Trust. The AssertID approach asks users to vouch for each other -- or verify that their friends are who they say they are. By analyzing the number and structure of these verifications (the “social graph”), AssertID can assess the legitimacy of individuals’ self-asserted social network profiles. In a very simple analogy, AssertID provides something that looks like a credit rating (e.g. FICO) using a process that somewhat resembles Google’s PageRank algorithm.
Posted by: cheap nfl jerseys | September 07, 2011 at 01:16 AM