printer friendly version

A vault in the cloud

Identity control is a term we see here and there in the market, but it never seems to mean anything solid that your average Joe can get a handle on. Similarly, identity theft is also a nebulous idea that one never really understands until it happens to you.

When you get down to it, your identity defines everything you are, from your permission to use a bank account, through to your ability to claim citizenship or certain rights on a national basis. Without an identity, you can’t get married, buy a car, get a job (officially, anyway) or any of the things we take for granted today. And this is why it has become critical for individuals and companies to take the concept of identity seriously and make the effort to look after theirs and the identities entrusted to them.

The PoPI Act will force companies to take better care of identity data, assuming this complex set of rules is ever enforced. However, it is incumbent on organisations and individuals to take care of their sensitive data in their own self-interest, as well as for the sake of not becoming an identity theft statistic. Especially for companies, losing user data can result in brand damage that is hard to recover from. To date, South African companies were not compelled to disclose such losses, but this is also changing and market opinion will become a harsh teacher in future.

Fides Cloud Technologies is a new company, founded by people who have years of experience in the information security field. The company offers consumers and businesses a range of services based on the ability to secure identity and other sensitive information and provide this information to authorised users as a means to accurately identify people.

The Fides vault is a cloud based, secure (encrypted) information storage mechanism spread across a federated cloud infrastructure that holds sensitive identification (or other) information safe from unauthorised eyes. The benefit of this vault is firstly that it is secure and meets the demands of various pieces of legislation, and secondly that it only grants access to people who have been authorised.

The vault’s security is set up so that only the owner and anyone authorised by him/her can access it. Once data is encrypted in the vault, not even the company can access it without authorisation from the owner.

The identity authentication mechanism used is fingerprint biometrics, as this is considered the best available at the moment, while also being easy to use. To access a Fides vault, users can log in from any computer that has a fingerprint device attached – once they have been registered and authenticated, also via fingerprint biometrics. To ensure the system is not biased, it is based on international standards that almost every biometric reader complies with and therefore allows users their choice of reader.

Individuals or authorised corporate users enrol and verify their identity with a biometric, and can then access their vault and store data of any sort. Should a third party wish to access this data, the owner is asked to grant permission before they are permitted access.

Third-party access

When a third party wants to access information in another vault, to gain access to identity documents, bank statements or other sensitive information, the Fides system sends a text message to the vault owner. Upon the owner’s next login, the request can be authorised or not – again confirmed by biometric authentication.

Corporate vaults allow multiple users to access data. The secure vault concept ensures that all sensitive data the company collects, such as copies of identity documents or bank details, for example, can be kept in one secure location with restricted and audited access, making sure companies comply with PoPI. Each vault can be set up to allow specific access rights to data stored therein.

Every transaction and access attempt is tracked and vault owners are able to download a full audit trail of who did what, when. If an authorised person has not granted access rights to other users, they will not be able to access the vault.

Taking the secure vault concept further, Fides also offers an identity verification service to third parties. In other words, if a company supplies the Fides system with an identity number, it will automatically run background checks on the individual, confirming it is a valid South African identity number and providing any data relating to that number that the Department of Home Affairs has on record.

It can also find judgments on the individual, such as fines and warrants. Accredited credit providers are also able to access the individual’s credit score ratings. The Fides system is built on a secure Web services platform, which allows the company to customise it to specific requirements, and to even offer its services via a mobile application.

Once individuals have registered, they can make use of their Fides data to verify their identities to third parties almost instantly. This will avoid the hassle of having to produce utility bills at the most ridiculous times as your identity can be checked via the Fides service if all the parties involved are registered and authorised.

The Fides system is based on a pay-as-you-go basis, meaning users pay for their vaults, but can access the system and use it freely. With the basic system up and running after three years of development, the company will expand the services on offer, based on its secured status, to other areas.

Share this article:

Further reading: