PEER AUTHENTICATION MODALITY
Semi-automated privacy protection and verification modality that would utilize local population for digital identity authentication
Interaction of any form between family members, peers or individuals in social groups is natural and it is a way of life in any human society. In the proposed modality, identity verification would involve being identified by pre-selected family members, peers or individuals in social groups. Identity claimants would have their claims verified by offering evidence of something they know such as answering arbitrary questions from family members, peers or individuals in social groups through semi-automated SMV (short mobile voice) interactions.
During the registration process in the national ID Scheme, and at the time of issuance of virtual or physical identity credentials such as ID cards, the individual would be required to provide and register identification phone number and also generate encryption keys in form of passphrases or pronounceable passwords that would be easy to remember. Data collected during registration and identity proofing processes would be stored in the central data storage in encrypted format and encryption keys for several user-selected individuals would be used to encrypt and decrypt user data. During the data encryption process, the user would contact his or her peers to provide their pre-generated encryption keys, and the central access server would prompt the selected authenticators to input their encryption keys through SMS messages on their mobile phones. Selection of authenticators would be approved by the access server basing on the interpersonal connections pre-existing in the database between the data owner and the selected authenticators such as family connection, former or current work-mate or schoolmate. One set of authenticators would be for regular authentication and another set would be for backup authentication. Encryption keys from various authenticators would make up a single key for encrypting and decrypting user data, implying that the keys from various authenticators must be entered in a stored entry order so as to make a single encryption/decryption key. The entry order and authenticators for each user would be stored in the access server.
Registered third-party merchants would have Merchant ID issued, and identity claimants would enter the Merchant ID in the identity claim, wherein, the authentication confirmation from the central access server would be sent directly to the Merchant. When the identity claim is received by the central access server, a semi-automated SMV interaction would be initiated by connecting the claimant with Authenticators through cellular network. An interaction between identity claimant and each authenticator would last a few seconds before the authenticator is prompted to enter their encryption key through SMS messages on their mobile phone. The authenticator would enter their encryption key after the verifying the authenticity of the claimant. Encryption key would not be provided to the central access server, when the claimant is not confirmed by the authenticator, and identity claim would be declared unauthentic as illustrated below in Chart 1.
- Idea
The proposed is a new, cost-effective, credible and remote authentication modality that would use existing tools and technologies. Identity verification would involve being identified by pre-selected family members, peers or individuals in social groups. Identity claimants would have their claims verified by offering evidence of something they know such as answering arbitrary questions from family members, peers or individuals in social groups through semi-automated SMV (short mobile voice) interactions that take 30 to 60 seconds. Confirmation of identity claim would be sent directly to the third-party merchant by the central access server.
The design principle in the proposed concept is the encryption of personal data contained in the National ID schemes and using user-selected authenticators to verify the future identity claims. User-selected authenticators would not have access to user data but will be given power to verify the identity claims and jointly control data access and privacy protection.User-selected authenticators would be comprised of family members, peers or individuals in social groups and their encryption keys would be used to encrypt and decrypt user data.
Individual's connections and social interactions would be used to guard against false identity claims by integrating them into digital authentication systems, with no regard to literacy levels, language barriers, or economic status of individuals. Remote verification would be initiated and coordinated by the central access server to allow authenticators in different or remote geographical locations to interact with identity claimant through SMV (Short Mobile Voice) on individuals’ cell phones, but would depend on stable cellular coverage and users’ mobile phones. If one of the authenticators does not have a stable cellular network as in the case most developing countries, the central access server may switch to the peer of backup authenticators.
During the registration process in the national ID scheme, and at the time of issuance of virtual or physical identity credentials such as ID cards, the individual would be required to provide and register identification phone number and also generate encryption keys in form of passphrases or pronounceable passwords. Data collected during registration and identity proofing would be stored in the central data storage in encrypted form and encryption keys for several user-selected individuals would be used to encrypt and decrypt user data. During the data encryption, the user would contact their peers to provide their encryption keys, and the central access server would prompt the selected authenticators to input their encryption keys through SMS messages on their mobile phones. Selection of authenticators would be approved by the access server basing on the existing interpersonal connections registered in the database between the data owner and the selected authenticators, such as family connection, former or current work-mate. One set of authenticators would be for regular authentication and another set would be for backup authentication. Identity verification would be coordinated by the access server to allow authenticators in remote geographical locations to interact with identity claimant through SMV on individuals’ cell phones.
Interaction of any form between family members or individuals in social groups is natural and it is a way of life in any human society. In the proposed system, individual connections and social interactions would be used to guard against false identity claims by integrating them into digital authentication systems. The identity claimant would be connected to their family, or peers according to the list of authenticators stored in the central access server. The SMV (short mobile voice) interactions between identity claimant and authenticators would friendly to genuine claimant but could become hostile when claimant is unknown to the authenticators
Third-party merchants such as government agencies and authorities, as well as private entities such as private businesses would be registered and the nature of their operations integrated in the National ID schemes. Third-party merchants would register the nature and scope of data they would need from individual users, and assigned Merchant ID. Identity claimants would enter the Merchant ID in the identity claim, and authentication confirmation from the central access server would be sent to the Merchant. A temporary access key would be sent to the user, and the user would choose to share it with the corresponding merchant.
In the proposed system, individual connections and social interactions would be used to guard against false identity claims by integrating them into digital authentication systems, with no regard to literacy levels, language barriers, or economic status of individuals. Individuals would be required to generate their own encryption keys in form of passphrases or pronounceable passwords that would be easy to remember according their literacy, numeracy levels and language preferences. During identity verification through SMV interactions, if one of the authenticators does not have a stable cellular network, the central access server may switch to the peer of backup authenticators.
Peer authentication modality envisioned to be integrated in the National ID Schemes to provide a very strong protection against digital identity fraud of millions of people without compromising user privacy at a comparatively lower cost, and can well be adapted to social and technological conditions in most developing countries. Full-scale application of the new authentication modality is envisioned in 2022, after pilot testing that would begin in 2020 followed by engagements with government bodies in target countries. The innovators are already focused on mobilizing resources to develop and test software applications would optimally be compatible with the available hardware systems.
- Uganda
- Not Registered as Any Organization
- Employee of a company but submitting my solution independently
- 1-5
- 1-2 years
The innovator is self employed in technology and energy search.
The innovator is a practicing engineer, and has previously worked on various innovation projects.
The proposed authentication modality would be integrated in the national ID schemes sponsored and run by government entities. Revenue would be generated from registered third-party merchants such as financial institutions and private businesses that would rely on the centralized authentication system for identity authentication and user data access. The revenue model can be registration fees for third-party merchants and payment of service fees depending on the data accessed or authentication codes received over a certain period of time.
The idea is presented to Mission Billion Challenge for digital identity experts to assess and provide feedback on its promising potential to protect against digital identity fraud to millions of people in developing countries, and using the available resources. It is hopped that the exposure of the idea to Judges and experts would help scrutinize and point out possible areas of improvement or discover more fields of application.
The new authentication modality is also in alignment with Mission Billion Challenge goals and objectives.
The proposed authentication modality would rely on stable cellular coverage, which is lacking in some remote locations of developing countries. The system however, would accommodate redundancy measures such programing the central access sever to switch to the peer of backup authenticators, if one of the authenticators does not have a stable cellular network