Part V - Rethinking Customer Identities Leveraging Toda

December 27, 2023 update - I strongly suggest readers skim “How Do I Trust Entities?   Different Levels of Identity & Credential Assurance - A Thought Paper”

Jun3 13, 2023 update - Note to reader: I wrote this series now a little over two yeasr ago. Within the articles, I provide updates since the post was written. I strongly suggest readers skim these more recent articles:

• “The Challenge with AI & Bots - Determining Friend From Foe”
• “A Whopper Sized Problem- AI Systems/Bots Beginnings & Endings”
• “Hives, AI, Bots & Humans - Another Whopper Sized Problem”
•  “Deep Fakes, Privacy, Protection & Misinformation”
• “Marc Andreessen’s Right – Why AI Will Save The World”
• “Legal Identity Vs. Legal Personhood”
• "AI & Governments"
• "AI Leveraged Smart Digital Identities of Us”
• “Decentralized AI – Risks, Legal Identity, Consent & Privacy”
• "AI, Bots & Us - Examples of Rapid Change"
• “TODA, EMS & Graphs – New Enterprise Architectural Tools For A New Age”

This post focuses on rethinking enterprise customer identities, leveraging a decentralized Toda based identity. If you haven't read Part I - then I strongly advise you to do so, before reading on.

Do You Know Your Customer?

Our existing crappy legal identities has led many enterprises to adopt KYC (Know Your Customer) services to vet customers to reduce fraud. Many enterprises accept a certain rate of identity fraud, building it into their operating costs. Then there's the current inadequacies of enterprises vetting people's ages, when they sell goods or services requiring proof of age online. All of this requires a new way of looking at customer identities from the ground up.

Skim this article to learn more:

• “Do You Know Your Customers?”

Enter Toda LSSI for Customers

February 2022 Update:

Skim this new human legal identity architecture referred to in in Part I:

• “Rethinking Human Legal Identity”

It lays out the foundational building blocks to create a new form of Legal Self-Sovereign Identity (LSSI). In Part III, I discuss what the options are if a jurisdiction doesn't offer a Toda based LSSI. So, for the purpose of this post, I'm going to hypothetically assume a Toda LSSI of some sort is available for an enterprise to use, from either a jurisdiction or commercially.

Anonymous Proof of Age

The Toda LSSI can be used by the enterprise to instantly prove, either physically or digitally, if the person meets age of consent requirements, anonymously. For some transactions, this will suffice for customer identity requirements.

Create a Toda Enterprise Customer Identity

In the last appendix of this paper, I show how a customer can prove their legal identity to the enterprise, either physically or digitally, which the enterprise can use to populate their CRM (customer relationship marketing) system or whatever. Depending on the degree of risk associated with the customer, the enterprise might or might not have required the customer to provide their biometrics to accompany their physical or digital Toda file biometrics. Assuming they match, the enterprise now has a high degree of assurance they are whom they claim to be.

As the diagram in the appendix shows, I'm proposing creating a enterprise customer master Toda file. This file contains not only their identity information, BUT ALSO might contain information about the customer's preferences, behaviors, etc.

As per Part IV, where I discuss creating different Toda files for a person's access control "capabilities", a similar approach might or might not be used with customers. The "capabilities" might include access rights, but perhaps more importantly customer preferences, as well as the ability to delegate purchases and/or decisions to others. Let's use Jane Doe as an example.

Customer Capabilities

February 2022 Update:

Jane Doe has a child John Doe. She might want to grant to the enterprise, the ability to record behavioral/biometric information about John, with her consent. So, the enterprise obtains her consent, writes the consent approval to Jane Doe and her child's SOLICT database(Source of Legal Identity & Credential Truth) via their PIAM (Personal Identity Access Management). As well, within the enterprise Toda file for Jane, might create a separate Toda capability file allowing for monitoring, and cryptographically link this to the enterprise child's Toda file.

Now let's say John is older. Jane wants to allow purchases against her charge cards, etc., by the child, up to a certain amount. Using a similar process as above, the enterprise would create a new capability file within both Jane and her child's enterprise Toda files for this.

Here's my point - Jane can select the limits herself for John, based on what she's agreed to with the enterprise. Thus, let's hypothetically assume Jane and the enterprise agree on a spending limit of $500. Jane can then preset John's spending limits to initially $100, and then, over a period of time at her choosing, increase the amounts up to $500. John can now act on his own, to the degree Jane agrees to in concert with the enterprise, to purchase goods and services.

Note: All Toda identity transactions between Jane, her child and the enterprise, are able to be proven to have occurred on a certain date, time, between the parties, in a immutable way, along with proving no change to the data content occurred. Further, the enterprise writes consents to both Jane and John's SOLICTs. Finally, the system works globally, regardless of where Jane and Jogn live, or are operating out of, both physically and digitally.

Rethinking Customer Federation

Towards the end of Part IV, I discussed how an LSSI changes identity federation. In the section "Challenges With Jane Doe Becoming Her Own Identity Provider" of this paper, I dive deeper into these waters. Here's the bottom line...

As a legal self-sovereign identity framework appears on the planet, the old ways of doing identity federation won't work so well. Jane Doe will become her own identity provider.

February 2022 Update:

The follow on implication to enterprises from this is they'll be forced to use AI contract law technology to instantly create legal agreements to use Jane Doe's identity and data, with either Jane directly, her PIAM (Personal Identity Access Management) system (described in the architecture doc) and/or with a third party who's legally acting on Jane Doe's behalf. All of this will be written in some form to Jane Doe's SOLICT file by the enterprise, when establishing a relationship with Jane.

Decentralized Customer Decision Making

Similar to the use of decentralized identity with employees and contractors discussed in Part IV, the enterprise now has a new set of identity tool-kits to push decision making closest to the customer. Is this the end of CRM's and IAM (identity access management) systems? No. However, the use of them will likely change with time, in various ways, as enterprises create tailored decentralized/centralized systems to meet the needs of both customers and enterprises.

Customer Smart Digital & Physical Entities

The arrival of smart human identities digitally, along with physical bots able to be controlled and act on behalf of the customer, is a whole new ball game for enterprise identity and access management systems. Depending on risk to the enterprise, the digital customer identities/physical bots might need to be legally registered within a jurisdictional LSSI system or, a commercial one.

The follow on from this is enterprises will need to do the following regarding identity and access control decisions:

• Confirm the physical human identity and be able to prove a digital human entity and/or physical bot is tied to the human legal identity
• Modify the enterprise customer Toda file for the human creating links to the new customer digital entity Toda file and/or physical bot one created
• Link back from the customer digital entity/physical bot Toda file to the customer human Toda file
• Hypothetically create capability Toda files for the human customer allowing them to delegate to their digital entity/physical bot Toda files

Fraud 4.0

In this thought paper I wrote this past spring, I discuss the emergence of Fraud 4.0. Criminals will be the first to take advantage of new types of digital entities and/or physical bots, wanting to either control and/or masquerade as the customer.

Will Toda solve all this? No. It's a tool to use, but on it's own, it's not going to stop smart criminals getting people to make stupid, potentially costly decisions. All I can see coming is a massive wave of technological change, requiring very sophisticated access control systems able to handle the deluge of false identities masquerading as digital entities of enterprise customers.

Reducing Enterprise Advertising Fraud

The current rate of advertising fraud globally is simply astounding. As described in the post, use of an LSSI can significantly reduce enterprise ad fraud. It allows an enterprise to know who they're selling to.

Massive Change is Here Requiring a Rethink of Customer Identity

All of the above attests to the rapid rate of technological change affecting enterprises and their relationships with their customers. It requires a rethink in customer identity, leveraging Toda internally within the enterprise to produce a decentralized customer management system.

In the next article, I'll address enterprises using, owning, leasing AI systems and physical/digital bots. This too is very challenging...

Here's the links to articles in this series:

• “Part I – New Age Enterprise Identity Architecture”
• “Part II – Toda and LLC Incorporation”
• “Part III – Employee/Contractor Legal Identities”
• “Part IV – Toda Based Decentralized Enterprise Authentication and Authorization”
• “Part V – Rethinking Customer Identities Leveraging Toda”
• “Part VI – The Need for Quickly Creating AI System and Bots Legal Identities”
• “Part VII Rethinking Enterprise Identity– Summary”

Enterprise readers might also find these articles very relevant to rethinking enterprises:

• “Marketing in the Digital/Physical Tsunami Age”
• “Legal Departments, Digital Identities & Tsunami Age”
• “IT, Security & the Technological Tsunami Age”
• “HR and the Technological Tsunami Age”
• “Do You Know Your Customers?”

About Guy Huntington

I'm an identity trailblazing problem solver. My past clients include Boeing, Capital One and the Government of Alberta's Digital Citizen Identity & Authentication project. Many of my past projects were leading edge at the time in the identity/security space. I've spent the last eight years working my way through creating a new legal identity architecture and leveraging this to then rethink learning.

I've also done a lot in education as a volunteer over my lifetime. This included chairing my school district's technology committee in the 90's - which resulted in wiring most of the schools with optic fiber, behind building a technology leveraged school, and past president of Skills Canada BC and Skills Canada.

I do short term consulting for Boards, C-suites and Governments, assisting them in readying themselves for the arrival of AI systems, bots and AI leveraged, smart digital identities of humans.

I've written LOTS about the change coming. Skim the over 100 LinkedIn articles I've written, or my webpage with lots of papers.

Quotes I REALLY LIKE!!!!!!:

• We cannot solve our problems with the same thinking we used when we created them” – Albert Einstein
• “Change is hard at first, messy in the middle and gorgeous at the end.” – Robin Sharma
• “Change is the law of life. And those who look only to the past or present are certain to miss the future” – John F. Kennedy

Reference Links:

An Identity Day in The Life:

• “An Identity Day in the Life of Jane Doe”

My Message To Government & Industry Leaders:

• “Why Should Your Government Fund The Architectures?”
• “National Security – Reduce Risk By Instantly Determining Entity Friend From Foe”
• “Give Your Industry A Significant Competitive Edge“
• "State/Provincial Leaders - A Major Problem Is Heading Your Way"
• “An Identity Day in the Life of Jane Doe”
• “Sir Ken Robinson - You Nailed It!” to understand how it will transform learning
• “National Security, Co-Design & People With Disabilities.”
• “Why Should You Read The 500 Page Cost Centre Document?
• “Budgetary Costs to Deploy a New Learning Architecture Leveraging a Rethought Legal Identity”

National Security:

• “National Security – Reduce Risk By Instantly Determining Entity Friend From Foe”
• “How Do I Trust Entities?   Different Levels of Identity & Credential Assurance - A Thought Paper”
• "Kids, National Security, Sex, Learning, Privacy, Disabilities & Laws"
• “National Security, Co-Design & People With Disabilities"
• “AI/Bots, National Security, Ethics, Privacy & Identity”
• "GOVERNANCE & TRUST"

Rethinking Legal Identity, Credentials & Learning:

• "Verifiable Credentials For Humans and AI Systems/Bots"
• "Why Disabled People Will Lead The Planet Rethinking Legal Identity, AI/Bots, Credentials & Learning"

• "My Learning Journey"

Learning Vision:

• “Vision: Learning Journey of Two Young Kids in a Remote Village”
• “Sir Ken Robinson - You Nailed It!”
• "Transformational Learning Vision”

Creativity:

• "Kids, Creativity, Learning & Sir Ken Robinson"

AI Agents:

• “Personal AI FinTech Agents - Risks, Security And Identity”
• “AI/Bots Health Agents, Medical IoT Devices, Risks, Privacy, Security And Legal Identity”
• “Marketing In The Age of AI Agents, Bots, Behavioural Tech and Crime”
• “Legal Departments - AI/Bots, Gen AI, AI Agents, Hives, Behavioural Tech And AI's Ability To Own LLC's”
• “AI Agents & Kids"
• “AI Agent Authorization - Identity, Graphs & Architecture”

Architecture:

• Humans - “Rethinking Human Legal Identity”
• AI Systems/Bots - “Creating AI Systems/Bots Legal Identity Framework”
• Learning - “Learning Vision Flyover”

AI/Human Legal Identity/Learning Cost References

• “AI/Human Legal Identity/Learning References”

• “Cost Centres – Rethinking Legal Identity & Learning Vision”
• Guesstimate Cost Notes Rethinking Legal Identity & Leveraging This to Rethink Learning (Word Doc)
• Guesstimate Costs Rethinking Legal Identity & Leveraging This to Rethink Learning (Excel Spreadsheet)

AI Leveraged, Smart Digital Identities of Humans:

• “AI Leveraged Smart Digital Identities of Us”
• “DIGITAL IDENTITY...”
• Digital Twins/Virtual Selves, Identity, Security and Death – A Thought Paper”

CISO's:

• "CISO's-What's Your Security Strategy For AI, Bots, IoT Devices & AI Leveraged Smart Human Digital Identities?"
• "Enterprise Digital Change"

Companies, C-Suites and Boards:

• “Getting Your Company Ready for AI - What Boards and C-Suites Need to Know”

Legal Identity & TODA:

• “Legal Identity & TODA”

Enterprise Articles:

• “Legal Departments - AI/Bots, Gen AI, AI Agents, Hives, Behavioural Tech And AI's Ability To Own LLC's”
• “Marketing In The Age of AI Agents, Bots, Behavioural Tech and Crime”
• "Major Change – Future of HR"
• “AI/Bots Health Agents, Medical IoT Devices, Risks, Privacy, Security And Legal Identity”
• “TODA, EMS & Graphs – New Enterprise Architectural Tools For A New Age”
• "Entity Management System"
• "Personal AI FinTech Agents - Risks, Security And Identity"

Rethinking Enterprise Architecture In The Age of AI:

• “Part I AI Systems, Bots, AI Agents, IoT Devices, & Identity Architecture”
• “Part II Hives & Fast Changing Authorization Relationships”
• “Part III AI, Bots, Behaviour Tech & Security Models”
• “Part IV Enterprise Risk & Innovation Governance”

LLC's & AI:

• “Legal Identity Vs. Legal Personhood”
• “Toda and LLC Incorporation”

Challenges With AI:

• “The Challenge with AI & Bots - Determining Friend From Foe”
• AI Systems/Bots Beginnings & Endings - A Whopper Sized Problem”
• “Hives, AI, Bots & Humans - Another Whopper Sized Problem”
• “AI Leveraged Smart Digital Identities of Us”
• "Deep Fakes, Privacy, Protection & Misinformation"
• “Decentralized AI – Risks, Legal Identity, Consent & Privacy"
• "Give Every AI a Soul - or Else"
• “How Do I Trust Entities?   Different Levels of Identity & Credential Assurance - A Thought Paper”

New Security Model:

• "Zero Trust On Steroids - Rethinking Security Models For Citizens And Enterprises In The Age of AI Agents And Tech"

DAO:

• "DAO - Identity, Members & AI Systems/Bots"

Kids:

• “Kids & Digital Identities”
• "Kids & Digital Identity Wallets"

Sex:

• “Kids, Sex, Metaverses & Privacy”
• “Sex & Identity”

Schools:

• “The Coming Classroom Revolution – Privacy & Internet of Things In A Classroom”
• “Kids, Digital Learning Twins, Neural Biometrics, Their Data, Privacy & Liabilities” 
• “Bots, Classrooms, Privacy, Legal Identity & Contracts”
• “We Have An Identity Problem – AI/Bots in School, Home & Work”
• “Kids, Schools, AI/AR/VR, Legal Identities, Contracts and Privacy”
• “EdTech Law – Legal Identity Contracts”
• “AI, Cheating & Future of Schools/Work”
• “Using AI/Digital Learning Twins in Assessment & Education”

Biometrics:

• “I Hate How We Use Biometrics Today”

Legal Identity:

• “Revised Laws of Identity”
• "Legal Identity Problem Statements"
• “Legal Identity & TODA”

• "Digital Identity & Legal Identity Relationships - IT'S A PROBLEM"
• “Legal Person: Humans, Clones, Virtual and Physical AI Robotics – New Privacy Principles”

Identity, Death, Laws & Processes:

• “Death & Digital Identity”
• “Kids, Death & Digital Identities”
• “Digital Death & Metaverses”

Open Source:

• "Open Source & Legal Identity"

Notaries:

• “Notaries, Digital Identities & New Age”

Climate Change, Migration & Legal Identity:

"Human Migration, Physical and Digital Legal Identity - A Thought Paper”

Fraud/Crime:

• "Synthetic Identity Fraud, Kids, AI and Smart Digital Identities"
• Argentina’s National ID Database Hacked
• Newfoundland’s Health Database Hacked

Behavioral Marketing:

• “I Know Who You Are & What You’re Feeling – Achieving Privacy in a Non-Private World”
• “Privacy Gone – AI, AR, VR, Robotics & Personal Data”

AI Systems and Bots:

• “AI, Bots & Us - Examples of Rapid Change”
• “Decentralized AI – Risks, Legal Identity, Consent & Privacy”
• "ChatGPT, AI, Identity & Privacy"
• “Why We Need To Legally Register AI Systems and Bots”
• “Why AI Regulation Requires Legal Identities of AI Systems and Bots”
• “Artificial Intelligence & Legal Identification – A Thought Paper”
• “Mission Control – We Have a Problem”
• “Lease or Rent a Bot! Rapidly Emerging Contract Law & Legal Identity Challenges”
• “The Infrastructure Behind Coordinating up to 3,000 bots in One Factory”
• “Nanobots & Legal Identity”
• “Micro Flying Bots & Legal Identity”
• “Microbots Able to Swim Through Your Body & Legal Identity”
• “Bots, Swarms, Risk & Legal Identity”
• “Nanobots, Microbots, Manufacturing, Risk, Legal Identity & Contracts”

Contract Law:

• “A Rapidly Growing Problem – Contract Law & Legal Identities”

Insurance:

• “Insurers Need a New Legal Toolkit”
• “Digital Identities, Risk, Insurance & Death”

Health:

• “Covid, Health & Legal Identity – Leading from the Heart”
• “Digital Health Record & Legal Identity”
• “Health & Bots – A Personal Story”

AI/AR/VR Metaverse Type Environments:

• “Metaverse Bots?”
• “Lifelike Avatars, Risk & Legal Identity”
• “Metaverse, Identity, Data, Privacy, Consent & Security”
• “Challenges With Metaverse Contracts”

SOLICT:

• “Give Each Person Their Own Source of Legal Identity & Credential Truth Database (SOLICT)”
• “A Database Per Person on the Planet - A Deeper Dive on SOLICT”
• “Please Pass This Along to Database Thinkers”

EMP/HEMP Data Centre Protection:

• “When Our Digital Legal Identity Trust Goes Poof!”
• “US Moves Towards Plan Addressing GMD and HEMP Events”
• “The Threat to Digitization”

Climate:

• "Sometimes I Want to Cry - Why?"

A 100,000-Foot Level Summary Of Legal Human Identity

• Each person when they’re born has their legal identity data plus their forensic biometrics (fingerprints, and later when they can keep their eyes open – their iris) entered into a new age CRVS system (Civil Registration Vital Statistics - birth, name/gender change, marriage/divorce and death registry) with data standards
• The CRVS writes to an external database, per single person, the identity data plus their forensic biometrics called a SOLICT “Source of Legal Identity & Credential Truth). The person now controls this
• As well, the CRVS also writes to the SOLICT legal identity relationships e.g. child/parent, cryptographically linking the SOLICTs. So Jane Doe and her son John will have cryptographic digitally signed links showing their parent/child. The same methodology can be used for power of attorney/person, executor of estate/deceased, etc.
• The SOLICT in turn then pushes out the information to four different types of LSSI Devices “Legal Self-Sovereign Identity”; physical ID card, digital legal identity app, biometrically tied physical wristband containing identity information or a chip inserted into each person
• The person is now able, with their consent, to release legal identity information about themselves. This ranges from being able to legally, anonymously prove they’re a human (and not a bot), above or below age of consent, Covid vaccinated, etc. It also means they can, at their discretion, release portions of their identity like gender, first name, legal name, address, etc.
• NOTE: All consents granted by the person are stored in their SOLICT
• Consent management for each person will be managed by their PIAM “Personal Identity Access Management) system. This is AI leveraged, allowing the person, at their discretion, to automatically create consent legal agreements on the fly
• It works both locally and globally, physically and digitally anywhere on the planet
• AI systems/bots are also registered, where risk requires it, in the new age CRVS system
• Governance and continual threat assessment, is done by a new, global, independent, non-profit funded by a very small charge per CRVS event to a jurisdiction to a maximum yearly amount.

A 100,000-Foot Level Summary Of The Learning Vision:

• When the learner is a toddler, with their parents’ consent, they’ll be assessed by a physical bot for their learning abilities. This will include sight, sound, hearing and smell, as well as hand-eye coordination, how they work or don’t work with others, learning abilities, all leveraging biometric and behavioral data
• All consents given on behalf of the learner or, later in the learner’s life by the learner themselves, are stored in the learner’s SOLICT “Source of Legal Identity & Credential Truth”
• This is fed into a DLT “Digital Learning Twin”, which is created and legally bound to the learner
• The DLT the produces its first IEP “Individualized Education Plan”, for the learner
• The parents take home with them a learning assistant bot to assist the learner, each day, in learning. The bot updates the DLT, which in turn continually refines the learner’s IEP
• All learning data from the learner is stored in their LDV “Learner Data Vault”
• When the learner’s first day of school comes, the parents prove the learner and their identities and legal relationship with the learner, via their LSSI devices (Legal Self-Sovereign Identity)
• With their consent, they approve how the learner’s identity information will be used not only within the school, but also in AI/AR/VR learning environments
• As well, the parents give their consent for the learner’s DLT, IEP and learning assistant bot to be used, via their PIAM (Personal Identity Access Management) and the learner’s PIAM
• The schools LMS “Learning Management System” instantly takes the legal consent agreements, plus the learner’s identity and learning information, and integrates this with the school’s learning systems
• From the first day, each learner is delivered a customized learning program, continually updated by both human and AI system/bot learning specialists, as well as sensors, learning assessments, etc.
• All learner data collected in the school, is stored in the learner’s LDV
• If the learner enters any AI/AR/VR type learning environment, consent agreements are created instantly on the fly with the learner, school, school districts, learning specialists, etc. 
• These specify how the learner will be identified, learning data use, storage, deletion, etc.
• When the learner acquires learning credentials, these are digitally signed by the authoritative learning authority, and written to the learner’s SOLICT.
• The SOLICT in turn pushes these out to the learner’s LSSI devices
• The learner is now in control of their learning credentials
• When the learner graduates, they’ll be able, with their consent, to offer use of their DLT, IEP and LDV to employers, post-secondary, etc. This significantly reduces time and costs to train or help the learner learn
• The learner continually leverages their DLT/IEP/LDV until their die i.e., it’s a lifelong learning system
• IT’S TRANSFORMATIONAL OVER TIME, NOT OVERNIGHT