My apologies for asking this trivial question,
but is this Kantara mailing-list allowed to be
used for “advertising” emails?
Regards.
/thomas/
__________________________________________
Thomas Hardjono
MIT Kerberos Consortium
Massachusetts Institute of Technology
77 Massachusetts Ave W92-152
Cambridge, MA 02139
email: hardjono[at]mit.edu
mobile: +1 781-729-9559
desk: +1
617-715-2451
__________________________________________
From:
community-bounces@kantarainitiative.org
[mailto:community-bounces@kantarainitiative.org] On Behalf Of Michael
Duffy
Sent: Friday, January 29, 2010 8:47 AM
To: community@kantarainitiative.org
Subject: [Kantara - Community] Institutional Web of Trust
We believe we have THE solution that will realize the vision of the
Kantara Initiative: Ensure secure, identity-based, online
interactions while preventing misuse of personal information so that networks
will become privacy protecting and more natively trustworthy environments.
We realize that is a bold statement. We humbly ask the members of the
Kantara Initiative to review our approach:
Digital credentials on NFC enabled smart phones will soon transform the
world of identity management.
The Trust Nexus is a startup company
located in Austin, TX. We hold intellectual property rights that will
enable us to build the infrastructure for secure identity in the digital
age. Whoever controls the infrastructure
for secure identity will also play a leading role in the emerging world of
m-Commerce.
The basic question is, how can trust be established in the digital age?
If you and I have never met and I come to your website or place of business,
how can you be confident that I am who I say that I am? The Trust Nexus answers this basic question regarding the
establishment of trust.
A key component of our infrastructure will be an easy to use digital wallet
where credentials can be securely provisioned and transactions occur smoothly.
This digital wallet will be the cornerstone of NFC technologies on mobile
devices and provide the interface for identity, marketing and financial
services. Every aspect of digital life
that depends on identity and transactions will flow through the digital wallet.
The digital wallet on NFC enabled smart phones will be one of the most valuable assets in the digital age.
The digital wallet and supporting infrastructure will be based on industry
standards that will enable the mobile network
operators (MNOs) to meter services that flow through their networks and
participate in new marketing/advertising models.
The identity infrastructure we have designed will eliminate the possibility of
identity theft for all participants, protect consumers and financial
institutions from fraudulent transactions, greatly reduce cyber-crime and solve
many of the systemic problems of the current Public Key Infrastructure system,
especially the problems of certificate revocation lists (CRLs) and on-line
status checking.
Our solution is simple, practical and transparent to the consumer. Consumer
acceptance will be rapid and widespread. Our solution secures identity,
protects individual privacy and prevents the establishment of monolithic
government control. Under our system, the user is always in control of
his/her credentials.
The essence of our approach is very different from the "Big Brother"
approach recently announced by India. Rather than creating a centralized
directory of private information, we will create a central repository containing
a collection of institutional decisions which will establish an Institutional Web of Trust.
Compared to a decentralized web of trust which creates a web of individuals
with, "the expectation that anyone receiving [a list of signatures] will
trust at least one or two of the signatures", we will create a system
where trusted institutions legitimize individual
identity. Additionally, the Institutional
Web of Trust established by The Trust
Nexus will have centralized controller processes that rely greatly on
self-management and automation resulting in great efficiencies.
Digital wallets on NFC enabled smart phones will enable users to secure their
private keys and control/present their digital credentials. Because a user's
identity will be authenticated by the processes of The
Trust Nexus (not a trust authority) there is no need for a trust
authority to issue and vouch for public/private keys for individual users. It
is only necessary that the public key be registered and the private key be
secured. Users can self-issue their keys.
The Trust Nexus does not secure
identity by, "making personal data harder to steal".
Rather, identity is secured by self-managing logical inconsistencies within the
system, resolving identity conflicts and preventing fraudulent transactions.
As Bruce Schneier, author and security guru, pointed out, "Proposed
[identity theft] fixes tend to concentrate on the first issue--making personal
data harder to steal--whereas the real problem is the second [preventing
fraudulent transactions]. If we're ever going to manage the risks and effects
of electronic impersonation [identity theft], we must concentrate on
preventing and detecting fraudulent transactions." [Solving
Identity Theft]
In essence, there are a limited number of institutions worldwide
(measured in thousands) that truly matter when it comes to legitimizing
identity. Digital wallets on smart phones will enable the efficient
association of unique public/private keys to a specific legal identity (legal
name and legal address). If there is a non-unique association, an
inconsistency arises in the system. If the association is unique and
verified by one or more legitimate institutions an individual's identity is
secure (as long as the private key which he/she controls is secure).
In the process of adding a credential to a user's digital wallet, the
provisioning institution (government agency, bank, university, etc.) will
calculate a secure hash value (numerical representation) of the credential
combined with information from the user's primary
credential (legal identity). This hash value will be encrypted
with the user's private key and then encrypted again with the provisioning
institution's private key; this encrypted hash value will then be stored in The Trust Nexus Repository representing an
institutional validation of the user's identity.
This dual encryption establishes that the credential was associated with the
user during the provisioning process rather than simply asserting the
association by a reference from the repository. Also, There
is no need to store any specific information (account number, balance, etc.)
about user's account. The user is in complete control of the information
he/she presents and his/her privacy is maintained.
When a user presents a credential from his/her digital wallet a transaction ID
will be sent from the authenticating system to the user's digital wallet, be
encrypted with the user's private key and sent back to the authenticating
system. The user can be authenticated by decrypting the transaction ID with the
user's public key from The Trust Nexus Repository.
The credential can be authenticated by calculating the hash value of the
credential and then decrypting the hash value stored in The Trust Nexus Repository with the
institution's public key and the user's public key.
In a variation of this process the provisioning institution does not store the
encrypted hash value in The Trust Nexus
Repository; rather, the provisioning institution itself maintains a
repository and a reference to the repository is authenticated by an entry
contained within The Trust Nexus Repository
(through the institution's primary credential). In this way an
institution could federate the identity of it's users (or a subset of
its users) simply by adding (or modifying) a credential to each of it's user's
digital wallets and creating an institutional reference within The Trust Nexus Repository.
As part of the federation process, cooperating institutions will most likely
create standard authorization levels for various services and provision these
levels as part of a user's credential. For example, a coalition of
universities may have authorization levels for library services that will
enable users to access any library within the coalition; government organizations
may provision security levels within a user's credential that enable
inter-agency access to resources; etc.
There is significant debate regarding the effectiveness of biometrics in
identity management. When a user is not present (authenticating over a
network) there are fatal problems with biometric authentication. Most
significantly, "The main security problem with biometrics is the inability
to create a new secret. If you allow your fingerprint to be digitized and sent
across a network or scanned by a compromised scanner, it can be stolen. Then
someone has a digital copy of your fingerprint."
Even if a method of biometric identification proved to be completely reliable,
security issues would still remain. There would be opportunities to steal
someone's biometric signature and forge their identity credentials, especially
if there was a massive store of private personal data; one successful attack
could essentially render the entire system ineffective.
When a user is present bio-metric data can be an effective authenticator.
It will be possible to store bio-metric data within a user's credential
(not within a central repository) when the credential is created by the
provisioning institution. When a user presents the credential verifying
the biometric data in the credential against the individual in real time will
provide enhanced security along with verifying the encrypted transaction
code against the user's public key in The Trust
Nexus Repository and verifying the encrypted hash code of the credential
against The Trust Nexus Repository.
While there are many types of biometric identifiers, one of the simplest and
most usable is a photograph of the human face verified by a human being.
Any credential in a user's digital wallet that includes a photograph (driver's
license, passport, bank debit card, etc.) will be highly reliable when a user
presents the credential in person.
Why would a major institution (bank, university, corporation, government
agency, etc.) utilize The Trust Nexus Repository
instead of its own internal system? When there is no need for an external
third party to rely on a user's credential an institution may very well utilize
its own internal repository. In this same case, smaller institutions, for
reasons of convenience and cost, might still utilize The Trust Nexus Repository.
Whenever a third party (a party other than the provisioning institution) must
relay on a user's credential, the key services The
Trust Nexus Repository provides are assurance that the user is
unique and trustworthy, assurance that the provisioning institution is unique
and trustworthy and assurance that the credential is trustworthy. Also, The Trust Nexus Repository creates a "data
synergy effect" which establishes an Institutional
Web of Trust (when multiple institutions validate a unique user's
identity the identity becomes more secure and trustworthy).
If a unique user has digital credentials for a state driver's license, a
passport, a bank debit card, a university ID, insurance cards, credit cards, etc.,
all independently validated by trustworthy institutions, that user's identity
is secure and highly trustworthy. Similar to credit ratings, both
individuals and institutions will have "trust ratings" within The Trust Nexus Repository. A centralized
notification service will also be provided when credentials are lost or stolen.
The uniqueness test for legal identities within The
Trust Nexus Repository helps to secure identity and prevent identity
theft. If there is a non-unique association, an inconsistency arises in
the system. Also, easy access for online status checking establishes the
currency of a user's credentials in case the user's digital wallet is lost or
stolen. And most importantly, The Trust
Nexus creates a "data synergy effect" which establishes
an Institutional Web of Trust.
Additionally, our system provides the "Holy
Grail" for single sign on. All computers will soon have an
interface (USB plugin or internal card) that will enable NFC interactions with
mobile devices. The digital wallet on a user's cell phone will be provisioned
with credentials containing specified authorizations different systems and
services. Rather than logging into a directory or utilizing a complex federated
identity process, a user will log onto his/her cell phone with a PIN and a
voice authentication signature. The user (or the authenticating system) will
then select the appropriate credential for the specified system or service with
no need to enter another user name or password (the user's private key will be
used to encrypt a transaction ID). This approach also solves the "Keys
to the Kingdom" problem where a single sign on to a directory service
opens access to all the user's systems and services.
We are confident we have a transforming technology and a clear vision of the
future. No one has found a conceptual flaw in the system.
Existing providers of identity management services should not see The Trust Nexus as a competitor; rather, they
should see us as an infrastructure provider (similar to the electric power grid
that has hundreds of energy providers).
Best regards,
Michael Duffy
CEO / CTO ~ The Trust Nexus
http://www.thetrustnexus.com