ZeroCool2u
commented
9 years ago @relabit Sounds like you and I are thinking about the exact same thing, I like where you're going with this. Your salt & hashing methodology is exactly what I had in mind, but I wrote up my last post during my bio lecture and couldn't communicate it as precisely as I would have liked. That being said, I agree with all your assertions.
The only serious issue I can foresee would be the new ID generation. It seems like it would be necessary to link the old/compromised ID with the new one, so we don't have random users that "slip through the cracks" if you will. My reasoning is such that it seems pertinent to be able to follow every users history back up to the inception of their original ID, perhaps it would be more effective to somehow link the ID's normally, but be able to tag a given ID as compromised and mark it as invalid?
I suppose ultimately what I'm getting at, is that while our system is designed to be fool proof in terms of security, we really should try to imagine a built-in protocol for an event in which an ID is compromised and a new one needs to be generated, such that the system can keep track of both the compromised ID and the new ID, as well as allow a user to report an ID as compromised while generating their new ID instantaneously.
I know our goal is to create a system in which it is physically impossible to impersonate a user, but not having a set plan and protocol in place for a compromised ID seems rather foolhardy. Seems like that would be similar to how CC companies handled ID Theft back in the day and just tried to hold customers responsible for all charges.
I like the nymi band and it's a solid ID, but it seems like there might be at least a couple of flaws in terms of their security model based on what's happening here: http://forums.nymi.com/t/nymi-trust-model-stronger-security-scenario/253/4 Another thing to consider is if our goal is for a global ID, the hardware used will more than likely need to be open source, a proprietary model simply does not suit our purposes considering we can't verify the the hardware designs etc.
patcon
This post builds on #21 in particular.
This might be out of line with how some imagine this system working, but my hope is that it's a step toward creating a non-governmental system that can effectively guarantee one unique identity per person, and no more.
Most obvious safeguard: Photos
If the goal is making sure that this passport confers one identity per person, then in the future, I can imagine part of the protocol of issuance should involve a search of passport photos for possible duplicates.
This cannot be done unless the system and its photos are open, just as bitcoin can't be a ledger and avoid "double-spends" unless all the important data is open. A double identity strikes me as a failure analog of bitcoin's double-spend.
Alternative: DNA fingerprinting
Note: My background, although a bit rusty, is in biochemistry.
It's understandable that people would be uncomfortable with their faces in a public database, so perhaps we can eventually find a better solution. I can imagine a future where photos might not be necessary. This could arrive once a simple and cheap genetic fingerprinting can be carried out at one of these events. If we know to a high degree of certainty that each fingerprinting will be unique among the world, then we can carry that out as part of the process, and store that as the record to prevent double identities.
To make it clear, a genetic test does not necessarily give away any relevant health information. Nor does it give more information away (in bits) than it is strictly designed to for purposing of unique identification. So in other words, we can design something that only reveals enough bits of info about your DNA to uniquely identify you in the world, which is a surprisingly infinitesimal amount compared to your whole genome. A set of tests can be designed to cut DNA at random places where a short genetic sequence takes place. Since everyone has different genetic code, the snips happen at different places, and so the fragments are different sizes for different people. Running these DNA fragments through a gel, separates them out by size, and creates a characteristic banding pattern. Use several different DNA-cutting enzymes, that recognize and cut at different short sequences of DNA, and you can get different banding patterns from the same person. Put of few of these "banding patterns" together for each person, and you get a unique fingerprint that when digitized (unlike photos), they won't reveal something as personal as a face.
Phewf. That was a brain dump. Sorry, been thinking about non-governmental ID system for awhile, so this project was perfectly timed :)