This article originally appeared in the December 2023 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.
Today, Artificial Intelligence (AI) is the “A-List” movie star that everyone wants to book for their movie. AI gets invited to all the red carpet events, high society gatherings, and most notably gets the biggest paydays.
But this story is not about AI; rather, this is about the star who is is waiting in the wings. Today, they are playing at boutique theatres, with a cult following of if you know you know (IYKYK); however, this star is on the verge of stepping into that same stardom that AI is already enjoying.
Spotlights at center stage as we introduce…Web 3.0.
What is it?
Web 3.0 has been a hushed conversation for the past few years. First coined by computer scientist Gavin Wood in 2014 as the future of the internet, Web3 was originally an extension of cryptocurrency; however, today’s Web 3.0 market is expanding past just cryptocurrency and Non-Fungible Tokens (NFTs) and into everyday life.
Remember 1994’s amazing internet that included AOL and Netscape? That was Web 1.0. Think read-only static web pages. Web 2.0 arrived around the turn of the century and gave birth to webpages that allowed for interactivity, social connectivity, and user-generated content. Think read and write. Web 2.0 is dominated by companies such as Microsoft, Google, and Amazon to name a few.
Web 3.0 (Web3) was built on the core tenets of decentralization, trustless, and ubiquitous connectivity. Think read, write, and own. Web3 has been around for a few years, but is only now finding its coming-of-age story. But we cannot be too hasty – Web3 still has some maturing to do.
The Core Tenets of Web3
Decentralized: Web3 information can be stored simultaneously in multiple locations and searchable by content vs. a website name or IP address. Communication is cryptographically verified using blockchain technologies, ensuring encryption from end to end.
Trustless: Web3 is being built with a mixture of proprietary and open-source code. Inherently, this creates both a level of risk and also built-in trustless methodology. If the data is immediately assumed untrustworthy, then all communication must be encrypted to prevent risk.
Ubiquitous Connectivity: Constant connectivity using all connectivity mediums, including broadband, 5G, Wi-Fi, and the numerous IoT communication protocols.
Where Web3 Meets the Security Industry: Mobile Credentials
How does Web3 become a tech trend in the security industry? It seems like a long jump from cryptocurrencies and interactive web pages to the security industry; however, it is probably closer than it appears.
One of the companies leading the charge on Web3 in the security industry is Passivebolt (https://passivebolt.com), which has built a Web3-enabled platform that allows “physical access control to enable identity wallets with cryptographic attestations for authorizing individual users to unlock secure spaces.”
Currently, to use mobile credentials you would need either an app or the native Android or Apple wallet to hold individual mobile credentials – a 1:1 ratio.
Passivebolt’s Web3 implementation stands out because the user owns his or her data. Passivebolt leverages a verifiable registry from the NFID Foundation (https://nfid.foundation), a self-sovereign identity consortium established and governed by the security industry. Passivebolt has developed KeyShare, a self-sovereign identity platform that leverages decentralized technologies and eliminates the single point of control by creating a Non-Fungible Identity (NFID) for the user.
In plain terms, instead of one credential to one application, Keyshare stores one credential (the user’s), which is then shared with all other systems – a 1:N ratio where the user is in control of their Personal Identifiable Information (PII). Think of KeyShare as a secured vault where the user houses their PII, and only shares what they need to with each entity.
At a hotel, maybe the user only shares first and last name, and credit card information. For office access control, maybe they share more, but only what they are willing to provide. This would include biometric signatures and templates: The user would hold their own template that could be used for multiple applications, instead of the current way where each application has its own template of a person’s biometric.
A key benefit is privacy, as the user can at any given time choose to revoke their PII. KeyShare – available on both the Apple App Store and Android Google Play Store – reduces the risk of data breaches and ensures compliance with privacy laws such as the European Union’s General Data Protection Regulation (GDPR) and Illinois’ Biometric Information Privacy Act (BIPA).
Passivebolt recently announced a collaborative effort with ZKTECO USA, PDQ Manufacturing, and TECH5 Group (www.securityinfowatch.com/53058979). This collaboration brings KeyShare to life by allowing individuals to store and manage identity data, and in turn, creating exponential difficulties for hackers to gain access to sensitive information from a single location. Hackers would need to infiltrate individual “vaults” to compromise a single user’s data vs. hacking a single “vault” to compromise multiple users’ data.
Future Web3 Innovation
If the collaboration mentioned was the only instance of using this technology, it is probably not a trend; however, these are not the only companies that are embracing Web3. At least one large enterprise software company has embraced the concept of Web3, with considerable effort being spent to re-architect its future versions to be built on the Web3 framework.
Web3 is an interesting concept and has an interesting growth strategy. Instead of a major company holding the web hostage, Web3 allows individuals to exchange information securely without the middleman company. Web3 is built on the idea that smaller entities and users will grow together to create a Decentralized Autonomous Organization (DAO). These DAO entities will reside with or displace the existing centralized data repository companies.
Like a cruise ship, enterprise-level companies cannot turn on a dime, but rather slowly in a 10-mile arc. Web3 is going to take some time for adoption, but in time, this trend will see adoption in the security industry. Where PII concerns intersect with biometric and mobile access trends, Web3 will most likely be at the center of the discussion.
Jon Polly is the Chief Solutions Officer for ProTecht Solutions Partners www.protechtsolutionspartners.com, a security consulting company focused on smart city surveillance. Connect with him on linkedin: www.linkedin.com/in/jonpolly.