Agent-Based Digital Identity Architecture

Problems — Analysis — Solution — Adoption

Problems Plaguing the Web

The Internet lacks an identity layer for specifying and verifying user identity. PKI, HTTPS and SSL/TLS have reliably secured online transactions for decades. But identity, security, privacy, and ease-of-use have been neglected. The Internet is supported by a patchwork of identity and authentication schemes relying on browsers and passwords. Browsers do not explicity distinguish users when shared; and they have bloated functionality making them vulnerable to hacking. Passwords can be “phished” relatively easily; and since they are often weakly specified and reused, are readily discovered and used to impersonate. Users are frustrated maintaining countless passwords and online profiles over the numerous web services they use. User-asserted identifiers, online passwords, second factors and biometrics are relatively straight foward to use but are not intuitive and do not prove identity (i.e. who users are). Unsurprisingly, impersonation and breaches continue to rise unabated.

Fixing the Problems

Digital Identity: Users are ideally-positioned to specify and verify digital identities given they control their foundational identifying documents and know the identifying attributes of family, friends, and associates.

Decentralizing: Shifting responsibility over identity from providers to users puts digital identity squarely in the hands of users, off-loads providers, and disperses the attack surface over the global user population.

vCard 4.0: Exploiting this standard gives digital identities the “look and feel” of credentials in one’s wallet making them much more intutitive to use than passwords while mitigating phishing and impersonation risk.

Biometrics: Using biometrics to bind users to digital identities mitigates loss and tampering risk. Captured biometric minutia should never be disclosed. Localized passwords/PINs can strengthen such bindings.

Cryptography: Digital identities integrated with elliptic curve cryptography are much harder to break than remote access passwords. Digital identities with integrated cryptographic keys can be used to mutually identify and authenticate users across multiple web services, secure transactions, attest identity, encrypt private data, notarize documents, and delegate consent.

Credit Card Validation: Credit cards verified online can be used to validate digital identities. The name displayed on a validated credit card comporting with a user’s identifying information validates that user’s digital identity.

Identity-Proofing: Online and in-person identity-proofing involves a user submitting identifying data and their digital identity to an independent party who “proofs” the user and attests their digital identity establishing who they are.

Identity Agents: Identity agents on smart phones, laptops, tablets and servers implementing these fixes for owners overcome these identity-related problems.

Solution Synopsis

The architecture is comprised of identity agents deploying digital identities enabling owners to mutually identify, authenticate, and secure transactions and private data.

Solution: Better than your Wallet

Technology Adoption

The architecture‘s critical features are specified in four US patents, one patent application, and eleven conference papers and journal publications. A progressive roadmap anchored by focused initial projects is planned. To facilitate technology adoption, ease-of-use, privacy, and security are baked in. A proof-of-concept prototype has been developed to validate the solution. The architecture is comprised of identity agents deploying digital identities that “look & feel” like physical credentials; have three (3) long-term elliptic curve key-pairs; and are verifiably owner-controlled (self-sovereign). Public copies of digital identities are securely exchanged using the ECDHE (Diffie-Hellman) key agreement protocol.

Artificial Intelligence (AI)

Going forward, it is expected that identity agents will be able to exploit artificial intelliegence (AI) to help owners avoid, detect, and prevent impersonation and man-in-the-middle (MITM) attacks, as well as help them decide which digital identities to select and how much private information to disclose.