WISeKey cracks down on cyberattacks against personal data of US consumers with its WISeID offering

WISeKey International Holding Ltd., a cybersecurity and IoT company launched Thursday a new version of its WISeID App designed for US consumers, which includes new features focused on consumers’ rights to know and control their personal information as well as transparency requirements related to companies’ data practices.

The United States Privacy Act places emphasis on consumers’ right to know, control, opt-out of the sale of their personal information and also request the deletion of their personal information that businesses have collected.

Following the recent news about the misuse of people’s personal information, although some social media companies are working to upgrade their platforms to give users more control over their digital identity, this is not enough to protect user’s personal information as the social network platforms continue to remain in control of the user’s digital identities.

The internet has changed lives in countless positive ways, but it also has a dark side – personal privacy has been lost, leaving users at risk of abuses from entities collecting their data without their consent.

Technologies like WISeID.com provide consumers with the power to control their privacy, so the right to understand what information is being collected, to be forgotten and to be deleted is always under their control.  

A Digital Identity is like a Birth Certificate, it belongs to and it is always under the control of the user. Social media companies are creating pseudo Digital Identities with the data provided by the user, without their consent.

In contrast to Social Network Credentials and Identities where social media companies provide users with ID credentials to access their services, WISeID’s are built to empower individuals to control the formalization of their identity, manage their digital personas, and actively monetize their personal data. These WISeID’s are used by global institutions, governments and other service providers to collaborate and share sensitive information outside of their internal, trusted ecosystems.

For almost two decades, WISeKey has contributed to the design and implementation of global standards for the internet’s long-missing identity layer: decentralized, point-to-point exchange of information about people, organizations, or things – enabled by blockchain and certified by cryptographic Root of Trust.

WISeKey’s technology, products and services are used by individuals and organizations to facilitate this control and as consequence to be in compliance with the new European General Data Protection Regulation (Directive 95/46/EC), known as GDPR (approved by the European Parliament in April 2016 and went in effect on May 25, 2018), the primary law regulating how companies protect EU citizens’ personal data.

To that effect, WISekey has launched an enhanced version of WISeID specially designed for US consumers and adapted to the new US legislation on data protection, adding easy to use strong authentication and email security capabilities that can remediate threats like phishing, ransomware or identity theft.

The use of passwords implies risks, as it’s a simple security factor that can be stolen using phishing techniques (e.g. a fake email from the bank asking the user to log into a rogue web page using eBanking credentials) or it can be simply guessed if not complex enough (many users prefer to use simple passwords, by fear of forgetting it).

Strong authentication is a mechanism able to enhance security by complementing the traditional username/password access to online services with additional security factors, like biometry, hardware tokens and one-time-passwords.

Additionally, secure eMail techniques allow confidential messages to be exchanged encrypted, and to affix a “digital signature” to the outgoing email, ensuring the recipient that the message comes from a genuine person and that has not been manipulated in the way.

Nevertheless, the above techniques have been cumbersome and expensive to adopt for non-technical users, which aren’t necessarily high-tech experts, willing to secure their digital life with easy-to-use applications and mobile devices.

WISeKey’s WISeID is a mobile suite of applications that bring security to consumers and professional users when storing confidential information and communicating with their mobile devices. The app in this suite, WISeID Personal Vault, has been enhanced to include WISeID Authenticator – a secure login feature, based in the HMAC standard and compatible with Google Authenticator, which works with many existing online services like Gmail, Facebook and others. When login in one of the compatible websites, the user can generate “one-time passwords” directly from WISeID and use it to reinforce its regular password, making very hard for a hacker to steal user credentials and get access to important resources like confidential information, eBanking services, etc.

The app also includes free digital certificates that simplifies steps to generate a digital certificate and integrate it with the device system applications like email, making it easy to secure email with encryption and digital signatures. This service is based in standards like X.509 and S/MIME, so compatible with any device and operating system.

WISeID uses a “freemium” business model, so users can use most features for free, while some enhanced capabilities, like the backup of confidential information in WISeKey’s hyper-secure cloud systems hosted in a secure datacenter in Switzerland, are paid-for features.

It is critical to ensure that personal data is managed for legitimate purposes and with user consent. The recent user data scandal, is just one example on how personal data can be captured, exploited and misused. Managing consent appropriately is a challenge for many organizations, and WISeID solutions for electronic signatures can provide a highly secured mechanism to process these consents in a way which is both legally binding and convenient, by reducing the need to manage paper documents.

The entire debate to protect users against social media abuses should focus on the need to force these social media platforms to offer their users a secured platform and ability to protect their personally identifiable information (PII).

Protecting users PII is important to avoid impersonation and identity theft and to data mine their personal data. WISeID give users the ability to control and protect their confidential data as the PII is encrypted before leaving the user’s device, with strong keys derived from a password that users choose, and which is never communicated to WISeKey or third parties. Also, the rationale and the purpose for collecting user’s data is transparent and the consent of the subject is obtained in advance, making sure that users are always in control of their PII.

“Basically, users don’t mind providing social media companies with their personal data if that data cannot be used by third parties to track them and their identity,” noted Carlos Moreira, chief executive officer and founder of WISeKey.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.