Mobile Device Remote Identity Proofing Part One

Download PDF of Complete Paper

How smart phones could change the identity management system ecosystem

Part One:

This concept paper was recently submitted for consideration for an up coming technical conference. After receiving notification that the abstract met with positive peer review I decided that a healthy topical discussion may be in order before I finished up the final version.  Rather than posting a lengthy paper in one shot I decided to break it up into its key components to allow you, the reader, to digest each section and focus any comments you may have accordingly.  This first post is the abstract with which I hope to whet your appetite. I have a bit of time before the final paper must be submitted.  I rather selfishly hope that any comments you may make over the next week or so as each section is posted will help in its refinement.

The Abstract

Questions regarding an individual’s identity are addressed millions, if not billions, of times a day.  E-commerce, healthcare, government and financial institutions, among others, must constantly address the question, “is this person who he/she claims to be?”  Each institution struggles with results of varied “discrete multiplicities” (Deleuze, 1966) on which they must base a decision to the relying party’s pivotal question “what rights or privileges should be granted to this individual?”  This paper addresses the persistent challenges of extending strong identity management from government sponsored programs for government employees to privacy and security protection programs for the general population.  Among the proposed concepts is a solution based on leveraging the rapid acceleration in hardware/smart-phone sophistication and network availability incorporated into the worldwide wireless telecommunications system.   These elements provide a modality allowing validation of claims to a specific identity, binding that identity to the claimant, and securing the identity for use in an environment requiring various levels of trust by a wide array of relying parties.  

Although it is unlikely that development and adoption of a single ubiquitous identity will occur in the next five years it is reasonable to assume that various manifestations of an individual’s cyber identities are, and will continue to be established at various and increasing levels of trust and assurance.  The challenge to be faced is to fast track the ecosystem’s ability to work at moderate and high levels of assurance.  Historical barriers to widespread use of trusted identities at a high level of assurance are predominantly based on the high cost and limited availability of “approved” identity proofing “tools” and the infrastructure requirements in the security and maintenance of the “representation” of that identity.

The most common biometric identifiers currently used in IdM systems are fingerprint and facial recognition.  With the current PIV and PIV-I programs a dual approach in accordance with NIST recommendations (NIST, 2003)is used.  The capture of these biometric identifiers is easily within the scope of commonly available commercial technologies incorporated into today’s smart devices.  It is the analogous algorithms required for image analysis and development of minutia for analytical and comparison purposes that pose the challenge.  Obstacles include contrast, depth of field and background, or non-finger regions (Lee, Lee, & Kim, 2008)  Current facial recognition software is more than capable of effectively using images captured within the common 8-14 megapixel range of the average smart phone.  The technology is rapidly outpacing the market’s ability to sustain new releases and/or uses as evidenced by Nokia’s release of a smart phone with a 41 megapixel camera sensor dubbed the 808 PureView (Foresman, 2012)  So the specific challenge relates to the fingerprint.

(1966). In G. Deleuze, Bergsonism (H. Tomlinson, & B. Habberjam, Trans.). New York, New York: Zone Publishing Inc.

NIST. (2003, February 11). Both Fingerprints, Facial Recognition Needed to Protect U.S. Borders. Retrieved March 5, 2012, from NIST; Public and Business Affairs: http://www.nist.gov/public_affairs/releases/n03-01.cfm

Lee, S., Lee, C., & Kim, J. (2008). Image Preprocessing of Fingerprint Images. Biometrics Engineering Research Center at Yonsei University., Korea Science and Engineering Foundation, Seoul, Korea.

Foresman, C. (2012, March 2). Innovation or hype? Ars examines Nokia's 41 megapixel smartphone camera. Retrieved March 5, 2012, from arc technica: http://arstechnica.com/gadgets/news/2012/03/innovation-or-hype-ars-examines-nokias-41-megapixel-smartphone-camerainnovation-or-hype-ars-examines-nokias-41-megapixel-smartphone-camera.ars?clicked=related_right