As more and more transactions with high security and privacy requirements are executed over the Internet, there is a need for an effective means of identifying remote transaction participants. In a commonly used method of remote identification, a verifier asks a subject questions that require the knowledge of personal information to be answered correctly. However this method has become ineffective as more and more personal information is available to impostors on social networks and on black markets where hackers sell information obtained through database security breaches.
Federated identity protocols allow a relying party to obtain information about a subject from an identity provider by redirecting the subject's web browser to the identity provider, which authenticates the subject and redirects the browser back to the relying party, passing identity information. Social networks such as Facebook and Twitter, and email service providers such as Google and Yahoo routinely serve as identity providers to enable third-party login to web sites. Such third-party login providers have large data centers with many thousands of servers that enable them to support a large number of login transactions per second, but they are not authoritative sources of the kind of identifying information needed to enable transactions with high security and privacy requirements. On the other hand, authoritative identity sources such as a Department of Motor Vehicles, a certification authority, a financial institution that has performed know-your-customer due diligence, or a health-care provider that has vetted its doctors and nurses will not typically have the computing resources needed to participate in large numbers of identification events as federated identity providers. Furthermore, by being actively involved in a subject's identification events, federated identity providers gain knowledge of the parties that the subject interacts with, and of the timing of the transactions that require identification. This impinges on the subject's privacy, especially so in the case of privacy-sensitive transactions.
Identification by means of a traditional cryptographic credential such as an X.509 certificate does not have the above drawbacks of federated identity protocols because the cryptographic credential issuer is not involved in the presentation of the credential by the subject to the verifier. However an X.509 certificate provides only one identity verification factor, viz. proof of possession of the private key associated with the public key that the certificate binds to attributes of the subject.
Identification of a remote participant in a security-sensitive transaction requires multiple verification factors, preferably including something that the subject has (a computing device containing a private key), something that the subject knows (a password), and something that the user “is” (a biometric feature of the subject). If a biometric sample is used as a verification factor, it must be presented directly to the verifier, rather than to a computing device controlled by the subject such as a smart phone, so that the verifier can perform presentation attack detection (a.k.a. spoofing detection), including liveness verification and replay detection, on the presentation of the sample. And identification of a remote participant in a privacy-sensitive transaction requires selective disclosure of attributes and selective presentation of verification factors, so that the subject is able to only present those attributes and verification factors that each particular verifier needs to identity the subject for each particular transaction. No existing method of remote identification comes close to satisfying all these requirements.
Therefore there is a need for better methods of identifying participants in Internet transactions with high security and privacy requirements.