COGNITIVE identification (CogID), according to Dr. Alex Natividad, is a new concept and technology solution developed by his company, NimbusID. Alex defines it as the science of verifying our physical and digital identity through processing of our unique knowledge. He explained that CogID is the application of association, interpretation and recognition (AIR) to process the discrete unique knowledge of a person to uniquely verify his own physical and digital identity. He added that CogID, which is a purposeful, deliberate and specific human intellectual process, can be the equal replication of human intent and purpose done in the physical world. Alex assured us that with CogID there would be, more or less, no more fraudulent transactions like ATM skimming, phishing, ComeLeak and all other “insecurities.”
Before I give a very specific example on how CogID works, let’s read the mind of Alex. From his very own words, he said:
• “Our physical world, which is a world that the digital world is trying to emulate, is governed by social relationships. Those relationships evolve over time, honed and matured, to serve many purposes. Trust between two individuals is one of them. Trust is a high-level social construct bestowed rarely after a certain level of relationship has maturely developed.
• Social relationships from time to time get formalized, like a marriage certificate that is considered to be a higher form of ‘trusted transaction’. By affixing my physical signature, not only do I attest to be married, but I am also directly expressing my qualified human intent. That is a form of human cognitive, that is, knowingly and deliberately performing a purposeful ‘transaction.’
• How do we relate the physical world to the digital world? Physical to digital identity? Physical to digital signature? Physical to digital transaction? Human intent vs machine intent?
• Proving who we are in the physical world is accomplished by showing our passport or driver’s license or our DNA, if need be.
• Creating an ‘online identity’ is done by assigning a username and password (U/P). These credentials are then stored in the database of a computer server, which upon receipt of U/P provides access to a certain computerized system regardless of who entered the U/P. This process is best described as matching validation of credentials. Contrary to public perception, the U/P merely reflects who/what possessed the credentials as the identity is neither challenged nor implied.
• The static and user-directed authentication, the U/P, has inherent vulnerabilities that allow phishing, copying and stealing of credentials. To be effective, security solutions should minimally correct these defects like making U/P dynamic and allowing the computer server to challenge the end user attempting to authenticate.
• Solutions were developed to ‘cure’ the vulnerabilities. The two-factor authentication (2FA), biometrics, and intrusion detection and prevention became ‘the cybersecurity solutions’ in the marketplace. Sadly, these solutions never worked as they did not address the true problem. Worse, the term biometrics ID was popularized and accepted by the unknowing public. Biometrics ID does not reflect identity because it can be copied/phished. Rather, it is just a mere identifier.
• Security became a priority problem. Security ‘locks’ were developed as solutions… that do not work! A door locked with 100 padlocks is very secure, until you open it. A doorby its very nature allows access. Knowing who is allowed access is the hidden vulnerability and the actual problem. Following this line of thinking, trusted access makes it secure, but security does not reflect trusted access.
• As our physical and digital world collide as ‘one,’ our digital identity in one form or another is ‘secured’ by a U/P, 2FA and or biometrics. They become our approved forms or methods of authenticating and authorizing ourselves. In fact, in some instances, our approvals/authorizations for our transactions are done by machine through artificial intelligence. Transactions occur without our expressed intent. Nowadays, smartphones facilitate access to our online accounts through face recognition or touch ID, U/P and or a combination of both. Such simple and convenient methods allow me to access my online banking account and transfer money….a financial transaction. Does that reflect my authorization and qualified purposeful intent?
• Questions arise: How do we prove who we are across the web? How do we approve and or authorize a transaction? How do we provide a trusted access mechanism? How do we express our qualified intent?
• Our purpose in creating an online identity can be rooted in two basic reasons; that is, to access and to initiate and complete a transaction. Our current technology reflect transaction as being authorized by U/P, biometric or a combination of both. Alarmingly, the advancement in artificial intelligence (AI) and machine learning, can even facilitate permissions and authorizations, allowing transactions to be completed in the absence of a person’s intent. If the advanced(?) solutions deployed in the market today are good and ‘trustable,’ why is it then that highly sensitive documents require a human physical signature? Why not an ‘AI-enabled machine signature?’ Why does the President still sign executive orders? Why not just a robot? The answer is, the act of signing a document is tied to a specific reason and purpose, the product of which reflects purposeful, deliberate human intent. The current digital solutions employed to complete digital transactions are all replete without human intent. And for that reason, fraudulent transactions are not only abundant but persistently pervasive.
• Much like DNA being a true incontrovertible proof of who we are, cognitive identification is a unique mental, complex, dynamic process that when correctly leveraged and deployed in a digital setting, can equal the sensitivity/specificity of DNA.”
(To be continued)