Many countries are discussing the possibility of using a national identity card scheme. For example, the United Kingdom recently announced plans to introduce a British national identity card scheme. The British national identity card scheme will be linked to a national identity database. The national identity database is planned to perform a key role in the delivery of Government services. Within the next decade, the United Kingdom anticipates that up to about eighty-percent of the working population will have some form of British national identity card. The United Kingdom plans for the compulsory entry of information into the national identity database in return for government services. For example, a person's personal identification information would be automatically added to the national identity database when obtaining a passport or drivers' license.
An aspect of the British national identity card scheme may be a centralized computer database called the British national identity registry. To identify someone under the scheme, it may be necessary to check the British national identity card, such as by taking a biometric scan and matching it against the British national identity registry.
The British national identity registry is planned to record and store a variety of information, including, for example, personal information, identifying information, residential status, personal reference numbers, record history, registration and ID card history, validation information, and security information.
Consequently, due to the amount and type of information stored in the British identity database, the British national identity card scheme has led to much debate over privacy and security concerns.
In some traditional identity schemes, such as those used in the United States for age verification, authorization may typically be performed in two stages. First, the identity of the subject is authenticated by using a photograph. Second, an attribute, such as an age or a name, which is bound to the identity, is evaluated.
In the food and beverage industry, drivers' licenses are commonly presented to a relying party to verify that a patron is twenty-one years of age. However, in addition to verifying age, a number of establishments also capture information encoded on the magnetic stripe of the drivers' license. For example, for marketing purposes, the address and social security number of the license holder are often recorded, or, the information is often stored to track consumer behavioral patterns.
Therefore, in order for a person to prove they are over twenty-one, they must expose every other piece of information provided on the magnetic strip of the license. Many consider the use of this information unauthorized and an invasion of privacy.
Similar privacy concerns arise regarding a national identity card scheme. For instance, the national identity card scheme may not only record a person's biometric features, but, most likely will also record a personal history. As a result, when a civil servant accesses the database and searches files on a persons taxes or health, the civil servant may also have access to the individual's criminal history. Therefore, providing limited access to the identity database may be advantageous in order to mitigate privacy concerns.
Still other are concerned with security, and in particular, identity theft. Some security experts have argued that entrusting a single identity card or database may facilitate identity theft.
Existing privacy enhancement schemes are designed to provide relatively strong guarantees of privacy against all parties. Such schemes are not appropriate for a national identity card scheme where it may be desirable to control linkage so that a card can only be used for authorized purposes.
To address these concerns, in accord with the embodiments of the present invention, a privacy enhanced identity scheme using an un-linkable identifier, such as for use with a national identity card, is disclosed which may allow the holder to provide the relatively exact degree of information authorized and necessary to relying parties such as the police, government agencies and authorized third parties to reduce privacy and security concerns.