Current identity verification systems and methods for security purposes, including, but not limited to, personal identity cards, passports, passwords, personal handheld devices, symmetric and asymmetric encryption, public-key cryptography, multi-factor authentication methodologies, including biometric identity verification (fingerprint, retina scans, body structure, physical and chemical composition on molecular and atomic levels, etc.) are subject to replication and man-in-the-middle attacks, as these identification features can be replicated with no deviations from the original. These systems rely on possession of physical and digital keys, physical features, or characteristics of the user which thus increases the opportunity for attack and decreases security by relying on identity verification subject to information given by the user. This security risk is as applicable to remote identity verification systems as it is to physical in-person identity checks because it relies on physical properties, objects, or knowledge that a user must provide. This makes current remote identity verification systems inherently insecure against man-in-the-middle attacks allowing intruders to gain access by means of replication.
Further risks are present when a user himself performs or is involved in the process of verifying his identity; in addition to the risks of traditional man-in-the-middle attacks, possession of private keys can be obtained by means of coercion or extortion, whether direct or indirect. In such instances the ability to detect intrusion is minimal, as the user may not be able to report the intrusion until after the attack is over. Even the implied security strength of a one-time pad, or any other single-use encryption key, is diminished against such an intrusion.
In the event a user loses access information, current identity verification systems are insecure, inconvenient, and time consuming when providing reset functionality as they require additional information from the user or rely on third-party services to reset access to a system. A user may lose access information via loss of a one-time pad, password, private key, memory, physical characteristic (biometric data points damage, for example, damage to facial, fingerprint, iris, DNA, etc.), mobile device, wearable device, or mobile token generator. Further, in situations where even one version of a user's identification feature or security credentials such as, for example, a password becomes compromised, a chain reaction (a sequence of reactions where a product or by-product of one event causes additional reactions and events to take place) of security breaches for a particular user or group of users across multiple access points may also be compromised where the same identification feature or security credential provides access at all such access points. Alternatively, in systems where password or access reset procedures are not available for security reasons, such as, for example, encrypted file storage, complete loss of access may occur.
Even when encryption and decryption algorithms are used, their use may be complicated by the inability of a user to remember multiple password or key combinations. Also, the requirement of the user to change access keys or passwords on a regular basis is time consuming and subject to eavesdropping and password or key capture. In addition, many current access systems cannot prevent a user that has provisions for access from accessing the system whether consciously, for malicious purposes, or unconsciously, in situations where the user has an altered state of mind due to chemical imbalances within the body from natural causes or under influence of outside elements, whether chemical, physical or alternative agents impacting their behavior or mental state.