Inimitable Identity from reality to utopia Tarvi Martens SK, - - PowerPoint PPT Presentation

inimitable identity
SMART_READER_LITE
LIVE PREVIEW

Inimitable Identity from reality to utopia Tarvi Martens SK, - - PowerPoint PPT Presentation

Feb 02, 2023 167 likes •353 views

Inimitable Identity from reality to utopia Tarvi Martens SK, Estonia Pride of E-stonia 10 years of successful ID-card history Population: 1.3 Mio Penetration: 1.15 Mio e-Used: > 0.5 Mio persons > 3.5 Mio authentications

slide-1
SLIDE 1

Inimitable Identity

from reality to utopia Tarvi Martens SK, Estonia

slide-2
SLIDE 2

2

28.03.2012 Tarvi Martens

Pride of E-stonia

  • 10 years of successful

ID-card history

  • Population: 1.3 Mio
  • Penetration: 1.15 Mio
  • e-Used: > 0.5 Mio persons
  • > 3.5 Mio authentications / month
  • > 3 Mio digital signatures / month
  • 25% of votes over Internet (2011)
slide-3
SLIDE 3

3

28.03.2012 Tarvi Martens

Personal info from the (e)ID

First name and last name Personal Identification Code (PIC)

47302200234

Female born in 20th century Birth date: 20.02.1973 pseudorandom+checksum

slide-4
SLIDE 4

4

28.03.2012 Tarvi Martens

Personal info over the X- Road

slide-5
SLIDE 5

5

28.03.2012 Tarvi Martens

X-Road explained

PIC,x,... PIC,ü,... PIC,õ,... PIC,ä,... PIC,ö,... PIC,y,... PIC,z,...

X-Road

Citizen Portal

Data Protection Inspectorate

slide-6
SLIDE 6

6

28.03.2012 Tarvi Martens

Desirable qualities of ID

  • Uniqueness and persistency
  • OK  Achieved via infologistics and biometry
  • User control and consent
  • So-so  Hopefully law and guardians function
  • Minimal disclosure
  • NOK  eID minimum: name+gender+birthdate
  • Role-based identity
  • NOK  Always a citizen
  • Anonymity and pseudonymity
  • So-so  Services exist but hardly used
slide-7
SLIDE 7

7

28.03.2012 Tarvi Martens

You is You

and you can’t deny it wet dreams of ideal identity management

slide-8
SLIDE 8

8

28.03.2012 Tarvi Martens

Initable Identity defined

  • There exists a foolproof method of deriving

a number (IID – inimitable identity) from biometric data. The number is:

  • 100% unique in The World
  • As short as possible
  • The derivation process is under full control
  • f the person

IID

method

slide-9
SLIDE 9

9

28.03.2012 Tarvi Martens

Challenges for “method”

  • Biometry today is not 100% foolproof
  • But combination of methods might help
  • Body cells are replaced in every 7 years
  • Persistency could be achieved via proxies?
  • It is hard to maintain the derivation process

under full control of the person

  • Sometimes – like in medical emergencies – it is

neccessary to invoke the “method” when the person is not in full control...

slide-10
SLIDE 10

10

28.03.2012 Tarvi Martens

Attribute Authority defined

  • Attributes are assigned to persons (IID-s)

by Attribute Authorities (AA) in form of assertions which bind IID to specific a attribute

  • One assertion is binding IID with one

attribute at a time to ensure granularity

  • Attribute is assigned to a person only with

agreement and full control of this person or his/her parents/custodians

slide-11
SLIDE 11

11

28.03.2012 Tarvi Martens

Examples of assertions

Assertion AA In control

{IID,BirthDate} MoI / local gov. Your parents {IID,BirthPlace} MoI / local gov. Your parents {IID,Name} MoI / local gov. Your parents/You {IID,Citizenship} MoI / local gov. Your parents/You {IID,MatrialStatus} MoI / local gov. You + spouse {IID,AcademicDegree} University You {IID,BloodGroup} Hospital You (?)

slide-12
SLIDE 12

12

28.03.2012 Tarvi Martens

Rules for AA

  • AA-s are obliged to keep attribute history
  • AA-s are capable of giving out assertions

in real-time

  • Person never carries assertions with him/her
  • AA-s give out only with permission of the

IID owner

  • Exceptions apply:

Some attributes need to be public by definition Some attributes should be available to authorities

slide-13
SLIDE 13

13

28.03.2012 Tarvi Martens

AA information

  • Information about AA-s shall be maintained

by the government

  • Ref: Trusted Lists of QCP-s

TSL Tag Scheme Information TSP[1] Information TSP Service[1] Information History[2] Information TSP[2] Information History[1] Information History Information TSP Service[2] Information Service Information Signature

Signed TSL List of TSP-s Services

slide-14
SLIDE 14

14

28.03.2012 Tarvi Martens

Special AA - CSP

  • Certification Service Providers assign

public keys to IID-s

  • A person can have multiple certificates
  • “permission to release an assertion”

means:

{My_IID,AAid,”Surname”,3rd_person_IID,time}

e.g. “Say to the 3rd_person what my Surname was 10 years ago”

slide-15
SLIDE 15

15

28.03.2012 Tarvi Martens

Roles and Aliases

  • An AA can assign derived IID-s
  • {IID,IID’} – my second IID but cannot be derived

directly from my biometrics

  • {IID,IIDjob} – my professional IID
  • Attributes can be asserted to derived IID-s
  • {IID’,Name} – my artist name
  • {IIDjob,Public_Key} – my certificate for

professional signing

slide-16
SLIDE 16

16

28.03.2012 Tarvi Martens

ID qualities in the IID World

  • Uniqueness and persistency
  • OK  Achieved via
  • User control and consent
  • OK  AA-s do keep secrets
  • Minimal disclosure
  • OK  Attribute assignment is granular
  • Role-based identity
  • Anonymity and pseudonymity
  • OK  Derived IID-s will do the job
slide-17
SLIDE 17

17

28.03.2012 Tarvi Martens

From Reality to Utopia

  • Step1: obsolete paper documents, start

behaving as AA-s:

  • Open online service instead of issuing

passports, marriage certificates, diplomas etc

  • Step2: work out the “method” of deriving

IID from physical person

  • Hint: Aadhaar in India
  • Keep the direction in mind
slide-18
SLIDE 18

18

28.03.2012 Tarvi Martens

Thank You!

tarvi@sk.ee