Although the use of various services on the Internet has become an essential part of our day-to-day lives, ID/password leaks and unauthorized access incidents have been increasing in recent years, and we need an environment that enables secure use of internet services. We asked Osamu Oshima of NRI SecureTechnologies about a solution called CIAM, which is designed to achieve such a system.

ID-linking technology to improve user convenience

Although it is normal for cloud services and websites that require membership to provide individual services for user authentication, a system that allows users to use an external service for authentication by linking IDs has recently become popular.

For example, if a user can use the ID and password of a social networking service (SNS) that they often use to log in to other services, they no longer need to learn a separate ID and password for each service, and this provides increased convenience. The service provider can also expect increased user numbers because it becomes easier to use the service.

Industry standard protocols for linking IDs called "OpenID Connect" and "OAuth" are used as a system for linking authentication between multiple services. The NRI Group has been involved with this industry standard technology for linking IDs since the beginning, and makes sure to always stay up-to-date with the latest specifications.

In recent years, channels for using services with smartphones instead of PCs have been expanding, and this technology for linking IDs to provide users with a comprehensive and consistent service for multiple channels has been growing increasingly popular.

List-type account hacking is causing great damage

On the other hand, a type of attack called "list-type account hacking" has also become a problem. This attack involves trying to log in to other websites using a list of IDs and passwords that have been leaked from a service, and many websites in Japan have also been affected. The attack takes advantage of the fact that many users will use the same password for multiple websites to make it easier to remember their password. Of course it is undesirable for users to reuse passwords, but it is said that regular users can only remember about three combinations of IDs and passwords, and there is therefore a limit to password authentication systems that rely on user memory.

Since password authentication systems are insufficient, financial institutions and major cloud services, etc., that place importance on security have started to adopt a system called multi-factor authentication in order to increase security. For example, displaying a passcode separate from the ID and password via SMS or a smartphone app when logging in, and only allowing login when the ID, password, and passcode all match. This can greatly reduce the risk of third parties impersonating users.

What is CIAM (Consumer Identity and Access Management)?

Firms that provide consistent services over multiple channels on the Internet need to ensure security from threats such as unauthorized access while also maintaining user convenience. However, it is not easy for a service provider to develop a system for such authentication and access control. That is where a CIAM (Consumer Identity and Access Management) solution comes into play.

IAM (Identity and Access Management) is a term used to refer to ID management/authentication/access control, and solutions for providing this have been around for a while. The term CIAM has started to be used in recent years to refer to a specialized concept for the services used by general consumers. This is because CIAM covers unique ideas for general consumer services, such as the abovementioned technology for linking IDs between multiple sites, large-scale management of tens of thousands to millions of user IDs, multi-device/multi-channel service provision, and countermeasures against frequently occurring attempts at unauthorized access.

NRI SecureTechnologies provides Uni-ID Libra as a solution to achieve CIAM. This solution provides user ID management, ID linking based on industry standard protocols, and authentication functions that support multi-factor authentication, as well as a system for threat analysis. This system detects abnormal user login attempts, such as user access from a different device, network, or region, or when the access frequency and such are different from normal.

As mentioned above, Uni-ID Libra supports multi-factor authentication, and provides password authentication at normal times but also two-level authentication when abnormal behavior is detected. Being able to provide both security and convenience is a major advantage of Uni-ID Libra.

Functions provided by Uni-ID Libra

With the popularization of ID linking technology, user convenience will improve because users can use various services with a single authentication process, but the damage caused by unauthorized authentication will also increase. That is why CIAM solutions such as Uni-ID Libra will surely have a larger role to play in the future.