The Purple Tornado Delivers DHS Report Concerning Worldwide Digital Security Vulnerabilities

TWENTYNINE PALMS, Calif., Dec. 17, 2019 /PRNewswire/ — The Purple Tornado, a foresight and strategic intelligence consultancy that delivers thinktank research insights for corporate and government use, has announced a report addressing critical vulnerabilities in U.S. Non-Person Entity (NPE) digital identities. Commissioned by the Department of Homeland Security with specific emphasis on Banking and Finance, the report yields far-reaching implications for virtually every industry. In response to its findings The Purple Tornado proposes a new taxonomy for non-human identity in the form of Self-Sovereign Identities (SSI) that will be of indispensable use in future and vital to the resiliency of U.S. national security.

Digital Identity, Non-Person Entities and the IoT

Simply expressed, digital identity is the infrastructure necessary to perform or do almost every action on the Internet. Both companies and individuals have separate, though not autonomous, digital identities. It has been generally accepted that companies explicitly own the digital identities of the people who use their services.

The ubiquitous use of centralized databases by companies — coupled with the low integrity of that data — has put the identities and resources of millions of people at daily risk from cyberattack. And although a myriad of solutions have been tried with varying degrees of success, these digital risks continue to be exploited on a constant and sustained basis by cybercriminals.

“Private Sector companies build products and services for market segments where they can make profits. This leaves certain broader technology problems unsolved. The technology responsible for web browser was similarly funded. This research identifies 11 market gaps – problems the private sector is not solving today,” said Heather Vescent, CEO of The Purple Tornado. “Solving these problems is critical to safeguard privacy and increase security for governments, companies and individuals.”

Entities, Identities, Registries: The Market Gaps

Recognizing the implications of these technological advancements The Purple Tornado has defined market gaps within its research as problems that the market failed to provide a solution for. In most cases these categories emerged as market gaps when there was a problem or need without a solution. The Purple Tornado finds critical vulnerabilities in the following markets;

  • Legal Identity of Corporations: Digitally native identity credentials don’t exist, nor do ways to receive and give verified credentials about an organization’s identity from an authoritative source.
  • Conclusive Ultimate Beneficial Owner: Banks aren’t required by statute to conclusively find the Ultimate Beneficial Owner (UBO) of a company before proceeding.
  • Conclusive Verified Corporate Data *: In the digital world, there is no standard way to find verified corporate identity data, like legal name, address and jurisdiction along with the identification of authorized delegates who have authority to sign contracts, transfer funds, and take action on behalf of the company.
  • Corporate Delegation: Companies have humans that manually enter into contracts, make financial transactions, and undertake other actions on behalf of the corporation, lending to propagation latency.
  • Real-Time Verified Identity: Identifies a missing piece to the Corporate Delegation process: real-time confirmation that a delegatee has the authority to take the action they are requesting to take on behalf of the company. Current corporate delegation data is updated anywhere from 30 days to 2 years.
  • NPE Responsibility: Scrutinizes the relationships and responsibilities of the company (an NPE) selling NPE IoT devices to a human owner.
  • Legal Identity of IoT Things: Identifies concerns that there are no universal standards or regulations around which IoT objects have an identity assigned at “birth.”
  • Tracking and Auditing Goods in the Supply Chain: While many goods are tracked with a barcode or serial number, there is the desire to more thoroughly track goods in the supply chain, including their components, sources of raw material, and the chain of custody. This information could differentiate between a licensed and unlicensed product as well as verify any origin claims.
  • IoT Security Standards *: Smart homes, surveillance devices, connected appliances, and vehicles have persistent and structural vulnerabilities that makes them difficult to secure for many real-world situations.
  • IoT Self-Authentication *:  While Legal Identity describes the legal identity assigned to a thing; IoT Self-Authentication uses built in identity to prove the device is the device it says it is.
  • Data Integrity from IoT Sensors *: Addresses a vulnerability in the lack of ability for a human to verify the data retrieved from a sensor is authentic. There is no mechanism to verify data coming off sensors, drones, and other IoT data-generating devices is reliable for high-security applications.

While the report focuses on the relationships between humans and NPEs within banking, finance and the IoT, the implications of the market gaps discovered apply to virtually every industry including the military, government, supply chain, healthcare and retail.

Self-Sovereign Identity (SSI) Technologies: A New Taxonomy

The Purple Tornado is now exploring SSI technologies that give companies and private individuals the ability to manage and control their own digital identifiers. SSI is gaining momentum as it solves multiple identity challenges, and presents a new paradigm shift that will inevitably change the future of identity completely.

The full report on ‘Entities, Identities, Registries: Exploring the Gaps in Corporate and IoT Identity’ can be found online at

* Market Gap where current solution became obsolete, fell short in its adoption, was costly for broad adoption, or is in early stages of development.

About The Purple Tornado

The Purple Tornado is a foresight and strategic intelligence consultancy that delivers thinktank research insights for corporate and government use. In addition to winning multiple awards from the Association of Professional Futurists, The Purple Tornado produces films and has authored and co-authored multiple volumes on cyber issues and digital identity. The firm’s  research has been covered by the New York Times, CNN, American Banker, CNBC, Fox and the Atlantic. Learn more about The Purple Tornado, its ongoing research and future reports at: Follow The Purple Tornado on LinkedIn or on Twitter @purple_tornado.