User identification today relies on the ability of the user to provide a proof of identity such as passport, driver license, etc. This approach suffers from theft and loss. Identity documents could be irreversibly destroyed or modified. In addition, the process of identification often relies on human operation, which is error prone and expensive.
Weaknesses of document-based identification are partially solved today by biometrics-based identification relying on measurements of face shape, fingerprint, voice pattern, etc. Unfortunately, this approach is expensive, mandating creation of an expensive and sensitive biometrics database and does not support cases where identification is performed off-line or where the database is not accessible for some reason. In some instances, individuals may carry identity information in a device that if compromised could put the individual at risk of identity theft or other problems.
Wireless Body Area Networks (BANs) and the wearable computing devices and sensors (in-body, on-body, or near-body) that compose them are expected to proliferate extensively in the next 5 years. When considering BANs and wearables and sensors within an IoT framework, there is a significant amount of data that can be collected externally (beyond the BAN) about the user, much of it without their full knowledge or understanding, including biometrical, bio-behavioral, medical, geodetic location, etc. Some of this data can be captured or transmitted into the cloud without requiring user interaction and consent or through poor setup processes.
There are number of risks associated with wearable IoT devices:
Silent but constant exposure of user data can seriously jeopardize the privacy of the user if not handled properly.
Data pulled from the wrong wearable or sensor might contaminate a user's personal data such as profile, personal preferences etc. It might also trigger false alarms for fraud detection systems.
In some cases, the consequences of showing or loaning a wearable device such as a smart watch to a friend or just staying within close proximity of a wearable device may provide an opportunity for nefarious use by individuals other than the owner, including leakage of personal data, unlocking doors, automated point of sale payments, etc.
To avoid these risks, a user must ensure reliable pairing and secure connection of their wearables and sensors to the appropriate cloud service followed by a connection reset and data wipe when the wearable is not in use or is transferred to a third party. However, as with identification processes, this process is both error prone and cumbersome and often beyond the understanding of many users, particularly when coupled with the weaknesses of document-based or biometric-based identification techniques.