SecuritySolutionsWatch.com: Thank you for joining us again today, Ramesh. Your track record of accomplishments and experience in the Identity, Security and Telecom space is second to none…
before we drill down into your vision for DIGITAL TRUST, please summarize your background for us.
Ramesh Kesanupalli: Thanks, Martin, for the opportunity to speak with you again. I am currently CEO and Co-Founder of Digital Trust Networks, which I co-founded with Suresh Batchu, founder and former CTO of MobileIron, and SoonHyung Lee, CEO of RaonSecure. We also co-founded a non-profit called ADI Association -- the 'ADI' stands for Accountable Digital Identity. At ADI Association, we are defining a framework that will bring accountability to the digital world. Before this, I founded FIDO Alliance, which has become an international standard for Online Authentication embraced by all major operating systems and browsers. I also founded NokNok Labs, the First Implementer of the FIDO Specification, which has NTT Docomo, Softbank, Verizon, T-Mobile, BBVA, and more among its customers. I was the CTO of Validity Sensors, which Synaptics acquired, and before that, I was SVP and GM at Phoenix Technologies, where I ran all product operations. I was also part of the founding team at Network24 Communication, later acquired by Akamai, and founded and ran a carrier software company for about nine years.
SecuritySolutionsWatch.com: Online fraud, disinformation and “fake news” is a significant ongoing and critical problem in today’s new normal. What is your perspective on the root cause?
Ramesh Kesanupalli: Online fraud has always been there and has been ramping up. With the pandemic, that growth is now exponential. We have historically thought about and treated the online world differently from the real world, which is the problem's root cause. Since we view the digital world with a different lens, we continue to put more and more focus on privacy. Online privacy provides a great deal of anonymity, and we have built security infrastructure to support that. What we don't have are trust and accountability. Enterprises build trust by doing so many things centered on the user -- relying on various signals in addition to explicit credentials, and spend a lot of money on those things just to trust a user, and despite all that, when there is fraud, you can rarely hold anyone accountable. The root cause for most fraud is either someone stealing your credentials or getting access to your personal data to take over your account, or you creating a fake identity for yourself. Between these issues, you pretty much have fraud covered.
Further, disinformation and fake news are adding more disorder to the digital world. We can't even believe what we are seeing and reading online, which we have seen worldwide in every political spectrum. We can't even trace the sources or original creators of fake information. A lack of online accountability is making this possible.
SecuritySolutionsWatch.com: Please share with us your vision for Digital Trust and the solution that Digital Identity and Credential Interchange can potentially provide.
Ramesh Kesanupalli: A group of companies is defining an open framework called "Accountable Digital Identity Architecture” through a non-profit organization called ADI Association, and Digital Trust Networks Inc is a commercial company that is implementing the specification. We have continuously pushed the digital world as an account-oriented infrastructure, and it's now time to fix that by changing it to an identity-oriented infrastructure. We are making a way to create a new digital identity which we call “Digital Address.” It is created for a user by a trusted identity source. The user can use their Digital Address to manage and control their identity and data credentials, without the need for consolidation, by simply having the various, distributed data sources published as Decentralized Identifiers to a Digital Address Interchange.
It's like in the real world, where our identity is created by our parents when we were born, and is certified by the doctor and the county producing the birth certificate. We take that to elementary school and enroll our student identity, which then leads to high school, college, university, employment, and so on. Everything else we do is then built and tied to that identity, including buying a car, real estate, etc. It works because there is a human behind that identity who can be held accountable. The digital world should be no different.
Digital Trust Networks and The ADI Association believe Security and Privacy are fundamental rights of every user, but Trust and Accountability are also necessary for a functioning society or business. We intend to fill that gap, bring issuers in the value ecosystem, and include people who are not technologically savvy, and bring them into the Digital Economy. There are not two worlds anymore; the Digital World is the Real World now. We all do business with entities and people whom we may or may not ever meet in real life. This is reality. We need to adopt the same principles that we have for the Real World in the Digital World, and to bring the Digital World as close to the Real World as possible.
When someone walks into a bank and produces an employment letter, a Driver License, or a paycheck, it's not enough for the Bank teller simply to make copies of them and file them. There should be a way to check those documents in real time, efficiently, to see if the information is accurate, and the assertion should come from a trusted source and with user consent as needed.
An Interchange which provides such a service for the user with a Digital Address does not own your identity or keep your personal data. The Digital Address Account is bound to your device(s) or a smart card through the FIDO protocol, which binds with user biometrics, and the service will only keep the metadata of the user’s identities and credential data with corresponding Decentralized Identifiers (DIDs) on a ledger.
SecuritySolutionsWatch.com: We are, quite obviously, all in the same boat in dealing with COVID 19 – how might Health Passports work using Digital Identity and Credential Interchange?
Ramesh Kesanupalli: A Covid credential presentation would be an excellent use case for what we are doing, whether it is a Covid test result or a Covid vaccination proof. A Service Provider like an airline before boarding, a rental car agency before renting a car, or a hotel before checking in, should be able to check the validity of the presented credential, that it belongs to the person who is showing it, that it is the latest data, that it comes from the actual source, and that the source can actually be trusted -- that it is a genuine facility, and not a fake credential provider. Digital Trust Network’s Digital Identity Interchange is a perfect vehicle to achieve this. Further, the issuing sources will be part of the value chain when the credential is verified. This system protects user privacy, invalidates fraudulent certificates and credentials, and provides the latest information.
While Covid is a good case, the broader healthcare space is also appropriate for what we are doing. Healthcare data, by its very nature is distributed across many sources, from physician office, to medical center, to pharmacy, to diagnostic labs, to insurance companies. This data is highly private and highly regulated. The US government has been asking to move away from the dependencies on Social Security Numbers in medical records, and big companies are spending a lot of money putting workarounds to do that. In other words, they are spending money addressing the symptoms. I believe when you want to do something right, you try to cure the disease and not treat the symptoms.
Digital Trust Networks's Digital Identity Interchange, which is based on the open ADI Specification, is best suited to address this problem by keeping identity data where it stays, within the HIPAA and local regulatory-compliant operational infrastructure, but publish the identity and data credentials to the user’s Digital Address on the Interchange, the user will be empowered to share their data as needed. When we travel and find ourselves in a place where we need medical attention, the doctor there should at least know your current allergies, medications, and chronic conditions before giving any treatment. Digital Trust Networks's Digital Identity Interchange does the job while preserving all the compliance that is required, and also provides a way to move away from SSNs without changing any existing infrastructure.
SecuritySolutionsWatch.com: Care to discuss the traction that Digital Trust has achieved thus far and some of the key strategic partners that are engaged?
Ramesh Kesanupalli: We started our journey formally in the ADI Association in early 2020, and we recruited a handful of companies as ADI Association members around April of 2020. Digital Trust Networks started putting the end-to-end demo of the ADI Architecture, which was demoed during a Goode Intelligence webinar in Sept 2020, which had good attendance with 250+ participants from more than 400+ registrations. October 2020, we started pulling the specifications together, and in May 2021, we are putting the specification out for the community to review. Digital Trust Networks has been building the platform in parallel, and will be piloting with a major pharmacy at the end of Q2 2021. The Digital Trust platform will be production-ready by the end of Q2. We are just starting discussions with potential partners and customers. Our focus is going to be in healthcare, financial, and government segments. But nothing stops this platform from being used in the education or enterprise markets, even as a closed ecosystem to start with; that is the versatility of what we are building.
SecuritySolutionsWatch.com: Thanks again for joining us today, Ramesh. Any other subjects you’d like to discuss?
Ramesh Kesanupalli: Thanks for giving me this opportunity to discuss this, as you did before when we announced the FIDO Alliance. I'd like to mention in closing that we are now opening up the ADI Association to the broader industry to come and join the association, collaborate, contribute, implement the ADI Specification to strengthen the ecosystem and promote an Accountable Digital Identity system that will help reduce fraud both in the digital as well as real world.
FOR IMMEDIATE RELEASE:
DID Alliance renames to ADI Association and renews commitment to deliver ecosystem specification for accountable, private, easy-to-use digital identity
> Read Press Release