Agent-Based Digital Identity Architecture

Problems — Analysis — Solution — Adoption

Problems Plaguing the Web

Today’s web is a server-centric patchwork of schemes incapable of ubiquitously distinguishing impersonators from reliable sources. Public Key Infrastructure (PKI) has reliably secured Internet services for decades. But identity, privacy, and ease-of-use for ordinary users have been neglected. Biometric authenticators and second factors have strengthened user-to-provider bindings, but reliable methods for users to digitally present their identities when needed are not available. Financial, government and defense sector organizations have instituted various (non-standard) procedures for identity-proofing users and issuing authenticating credentials. However, social networks and other providers gather little or no evidence validating user-asserted identifying information. Self-asserting identity does not prove who you are. Meanwhile, users and providers are frustrated maintaining countless passwords, resetting them, and keeping online profiles current. Passwords are often weakly specified and routinely reused across multiple services. And users are obliged to cope with harmful scams daily. Unsurprisingly, impersonators, hackers and fraudsters continue to exploit these deficiencies.

Analysis

Judiciously decentralizing control over identity from service providers to users mutually benefits them. Using proven cryptographic methods (elliptic curve, ephemeral keys, Diffie-Hellman) overcomes weaknesses and frustrations associated with having countless remote access passwords and user profiles to maintain. Excessive password dependency can be reduced by provisioning intutitive, easy-to-use digital identities enabling users and providers to mutually identify, authenticate, and secure transactions. Cryptographically-enabled digital identities can be safely used across multiple providers in many cases. Strategic application of biometrics, cryptography, and identity-proofing elevates identity and authentication assurances benefiting users and providers alike.

Solution: Better than your Wallet

Technology Adoption

A progressive approach anchored by a focused initial project is planned. To facilitate technology adoption, usability, privacy, security and ubiquity are baked into the architecture. A proof-of-concept prototype has validated the solution. Working in the best interests of users and providers, identity agents create inutitive digital identities having the look and feel of physical credentials in one’s wallet enabling ease-of-use. Digital identities are verifiably owner-controlled (self-sovereign). Users and providers create digital seals cryptographically binding them to their digital identities; to the digital identities of other owners; to documents; and to delegated consent tokens. These combined capabilities enable users and providers to create, exchange, and use digital identities to mutually identify, authenticate, collaborate, and protect their identifying and private information.

Possible Application of AI

Going forward, identity agents will exploit artificial intelliegence (AI) to prevent impersonation, phishing, and man-in-the-middle (MITM) attacks. They will optimize decision-making assessing which digital identities to use and how much private information to disclose.