The present invention relates, in general, to a process for authentication and protection of identity, and to a method for granting privileges based on that protected identity. More particularly, the invention is directed to a process for authenticating and protecting identity simply, and with high reliability, wherein the cost of granting such high reliability privileges is greatly reduced.
Positive identity verification has become critical in a wide range of applications involving public safety and security. In addition, it has become more and more important to provide secure personal identification of individuals to support the proper granting of privileges such as, for example, driver's licenses, travel documents, commercial transactions, access to various locations or information, and the like. Sophisticated techniques for generating and protecting documents such as passports, driver's license cards and the like, and for the granting of various privileges have been developed, such techniques relying on signatures, fingerprints, images of faces, PIN numbers, and similar identifiers, in attempts to avoid counterfeiting or illegal modifications which can lead to misrepresentation of an individual or improper granting of privileges and can result in fraudulent transactions and breaches of security. With recent heightened security concerns throughout the world, the need to protect against identity and privilege theft and the need to ensure accurate and reliable identification of individuals has become paramount.
One approach to providing secure identification of individuals or documents has been to detect security information on a document itself or on accompanying identifying material and to determine whether that information has been altered in any way. An example of such a prior system is found in typical credit, debit and charge cards that utilize holographic images, the encoding of cardholder information on magnetic strips on the card, a requirement to obtain validation for transaction approval, and/or signature verification. Laminating techniques, invisible inks, embedded magnetic and RF detectable tags, and embedded microminiature smart chips have all been used to provide additional protection. However, a deficiency of all of these systems is that they rely on information encoded on the card or document being presented, and although they may incorporate sophisticated encryption, the fact that such cards or documents are in the possession of the individual presenting them means that they are susceptible to modification, contamination, duplication or counterfeit. Any time a potential counterfeiter has access to a verification medium, the potential exists for corruption of the medium, no matter how sophisticated the level of security.
A significant failure in the securing of identity has been the confusion between identity and privilege. For example, a driver's license incorporates both an identity and the privilege to drive. The focus of a Department of Motor Vehicles is to ensure that a person has adequate training, vision and skills to operate a motor vehicle; their focus is only secondarily on identity. In some jurisdictions the only proof of identity needed might be as informal as a water bill. Yet a driver's license is often used for proof of identity, and is all that is required to be granted many privileges. Separation of the process and responsibilities for establishing identity from the process and responsibilities of granting a privilege is essential. If an identity is created and maintained separately from privilege, issues such as the loss of identity when a driver's license is impounded can be avoided.
A recent technique for authenticating transactions is the use of a digital certificate, such as that defined by the X.509 and the ANSI X.9 standards, which allows users to authenticate electronic documents and electronic transactions through the use of cryptographic techniques, including public key cryptography. Such certificates may be generated, for example, by combining a public key with a data set that may include an identification field that is unique to the individual or entity possessing a corresponding private key. Other fields in the data set may include such things as a serial number, the name of the issuer, a validity period, a subject name, or the like, as well as indicators of privileges and attributes that go with the document. The digital certificate may then be processed using a conventional hash function to generate a hash value that is then signed, or encrypted, using the private key of the user, to generate a digital signature. The digital signature is then appended to the certificate. The X.509 and the ANSI X.9 standards incorporate a hash function that generates a unique digital signature from a given data set, and require that such a signed certificate could only have been signed by a trusted Certification Authority (CA).
Such digital certificates, although of value in authenticating electronic transactions, fail to authenticate a human transacter, for they only authenticate the possession of the private cryptographic key used in the transaction. Since private keys are physically stored on computers or electronic storage devices, they are not physically related to the entities associated with the keys, but instead may be assigned to a group or organization. Private keys are subject to physical loss, theft, or destruction, since they must be stored on physical media in untrusted locations, and the locking mechanism protecting such keys can be forgotten. Private keys are, therefore, the Achilles' heel of digital certificates.
Another technique for authenticating documents for proving identities is the use of biometric(s) information such as fingerprints, voice prints, photographs, eye prints or the like that, in the past, have been recorded on passports or other documents and which can be compared to information stored in a database when the bearer of the document wishes to prove identity or seeks a privilege. Such biometric(s) information has been encrypted and stored in two-dimensional barcodes on identity documents, and document readers have been used to verify whether that information properly identifies the person carrying or presenting the document. In addition, photographs on documents such as passports can automatically be compared with photographs in a “watch list”, using matching algorithms, for example, to confirm the identity of an individual bearer. Thus, for example, in such a system biometric data is prestored in a database. Subsequent transactions utilize biometric data generated from the physical characteristics of the current user, which is then appended to a document or other authenticating product, and which may then be used to authenticate the user by comparison against the prestored biometric data at a later time. It is also common to centralize the comparison of biometrics, so that a comparison is achieved by forwarding biometric features from a point of privilege (POP) to the central database where the comparison is to be made. However, these systems have not dealt with the problem of biometric substitution or corruption in the operation of a central database. These systems also do not have the flexibility to provide different levels of assurance by providing multiple algorithms based on the value of the privilege. Such flexibility can only be achieved by moving the biometric comparison from the central database out to the point of privilege.
Although prior technology has improved significantly, problems still exist, for currently there are no means for securely binding a granted privilege or authorization with a person's identity, using a printed document. One example of such a printed document would be the use of printed itineraries at airports that are used to grant individuals access to the airline terminal. There is no method available for the airport to know that the information, including flight information, on the itinerary is authentic, nor is there any mechanism for authenticating the identity of the person holding the document, for, as noted above, the fact that the individual is carrying the document means that it is susceptible of tampering.
A second example is the granting of a license such as a driver's license. An individual must appear in person to have some biometric information, such as their photograph or fingerprint, physically included on the license document, and tamper resistant techniques are used to protect the physical license. However, collecting such biometrics does not in and of itself provide any proof of identity, and such documents, which are in the possession of the user, do not provide authentication, because such documents can be generated by non-authorized sources. For example, it is possible for an individual to obtain a driver's license either from multiple states or several licenses from the same state, all with different identities. Documents such as passports, social security cards, credit cards and the like are all susceptible of counterfeiting since there is no absolute tie between the document and the person seeking to use the document.