SovereignImage.com – "Better than your wallet"

Agent-Based Digital Identity Architecture

Problems — Analysis — Solution — Adoption

Problems Plaguing the Web

The Internet lacks an identity layer for specifying and verifying user identity. PKI, HTTPS and SSL/TLS have reliably secured online transactions for decades. But identity, security, privacy, and ease-of-use have been neglected. The Internet is supported by a patchwork of identity and authentication schemes relying on browsers and passwords. Browsers do not explicitly identity the user and are sometimes shared. Browsers generally have bloated functionality making them vulnerable to hacking. Passwords can be “phished”, are often weakly specified and reused, and can be cracked. Password compromise is the most common cause of Internet impersonation and breaches. Meanwhile, users are frustrated maintaining countless passwords and online profiles over their many web providers. User-asserted identifiers, online passwords, second factors and biometrics can be relatively straight-foward to use but are not intuitive and do not prove who users are. Unsurprisingly, these unresolved issues continue to undermine the web economy.

Fixing the Problems

Digital Identity: Users are ideally-positioned to specify and verify digital identities given they control their foundational identifying documents and know the identifying attributes of family, friends, and associates.

Decentralizing: Shifting responsibility over identity from providers to users puts digital identity squarely in the hands of users, off-loads providers, and disperses the attack surface over the global user population.

vCard 4.0: Exploiting this standard can give digital identities the “look and feel” of credentials in one’s wallet making them much more intutitive to use than passwords, second factors, and biometrics.

Biometrics: Using biometrics to bind users to digital identities can mitigate loss and tampering but captured biometric minutia should not be disclosed.

Cryptography: Digital identities integrated with elliptic curve cryptography are much harder to phish and break than remote access passwords. Digital identities with integrated cryptographic keys can be used to mutually identify and authenticate users across multiple providers, secure transactions and private data, and cryptographically bind users to documents and to each other’s digital artifacts.

Identity Validation: Digitally enabled physical credentials like credit cards can be used to validate digital identities. For example, credit card data enabling an online Card Not Present (CNP) transaction for a given user can be employed to validate the identifying information specifying that user’s digital identity.

Identity-Proofing: Online and in-person identity-proofing involves a user submitting identifying data and their digital identity to an independent party who “proofs” the user and attests their digital identity to establish who they are.

Identity Agents: Identity agents focused on implementing these fixes for the owner while avoiding undue complexity will resolve these problems.

Solution Synopsis

The architecture is comprised of identity agents deploying digital identities enabling owners to mutually identify, authenticate, and secure transactions and private data.

Solution: Better than your Wallet

Technology Adoption

The architecture‘s critical features are specified in four US patents, one patent application, and eleven conference papers and journal publications. A progressive roadmap anchored by focused initial projects is planned. To facilitate technology adoption, ease-of-use, privacy, and security are baked in. A proof-of-concept prototype has been developed to validate the solution. The architecture is comprised of identity agents deploying digital identities that “look & feel” like physical credentials; have three (3) long-term elliptic curve key-pairs; and are verifiably owner-controlled (self-sovereign). Public copies of digital identities are securely exchanged using the ECDHE (Diffie-Hellman) key agreement protocol.

Artificial Intelligence (AI)

Going forward, it is expected that identity agents will be able to exploit artificial intelliegence (AI) to help owners avoid, detect, and prevent impersonation and man-in-the-middle (MITM) attacks, as well as help them decide which digital identities to select and how much private information to disclose.