Topics

Secure Identity wallet development


 

A joint effort would be helpful to gather alternative tools and technologies in order to develop secure and user friendly identity wallets.
For example,
  • TEE, HSM products and standards, their shortcomings for identity operations.
  • Biometric authentication technologies and multiparty computing components taht can be used for wallet recovery.

Survey on existing wallet products and their capabilities related to identity management.


Eric Welton (Korsimoro)
 

Taner,

TEE came up a bunch in the recent W3C DID working group meetings.  I am very interested in hearing more about how TEE relates to your core use cases.

Biometrics are another key area - I've done some biometrics and I'm always struck with the problem of registry (e.g. AFIS) vs. confirmation - the 1:N vs. the 1:1 case.  I think that the 1:N case is unavoidable, it is being built whether we like it or not.  But national registries should focus on the 1:1 only, and push away from 1:N capabilities.

When it comes to key-recovery.... this is an issue that spans economic boundaries.  I am working with a global physician community on a solution - now, you can imagine that physicians should be able to handle "key-management".  I also work with illiterate and uneducated migrant farmers - and while they are absolute geniuses in some classes of problems, when it comes to the abstractions of key-management they look at me like I am completely nuts.

Biometrics against a central registry has been offered, many times, as a solution - but extreme care must be taken w/ that sort of 1:N matching, because it can so easily be abused.  Biometrics as a format for wallet recovery - e.g. Physicians w/ Fingerprints is an ideal - but how to balance the 1:1 and 1:N characteristics of biometrics remains, to me at least, a mystery.

Perhaps, for the next APAC/ASEAN call we can find a few participants willing to share insight and experience?

best,

    -e


On 2/5/20 6:02 PM, Taner Dursun wrote:
A joint effort would be helpful to gather alternative tools and technologies in order to develop secure and user friendly identity wallets.
For example,
  • TEE, HSM products and standards, their shortcomings for identity operations.
  • Biometric authentication technologies and multiparty computing components taht can be used for wallet recovery.

Survey on existing wallet products and their capabilities related to identity management.


 

Hi Eric,
We plan to involve TEE based wallets in order to store user's core key materials and to perform cryptographic operations for interactions with Identity Providers and Verifiers.
Of course TEE alone could not satisfy all the requirements. Therefore, integrating it with a security module which is embedded in a uSDCard is the other issue we are dealing :)

We have also encountered the problems what you mentioned about biometrics during our National Identity Card project. For Decentralized identity wallets,  we are just starting to adopt. I'd be glad to share new experiences.


Eric Welton (Korsimoro)
 

One of the concerns voiced at the AMS F2F for W3C DIDs was the connection with TEEs.

I wonder if we might do well to provide a short introduction to TEEs - and associated regulatory actors - in our next call?

I was chatting w/ BCGov re: their concerns about the same - how do you connect pillars of authority with a "bring your own ID" model.  Their solution is to invite participants to bring a DID and then to issue VCs linking the core authority with the citizen.  That might work in some cases, but I do not think it is a global model.

On the other hand, the "Self-Certifying" properties of DIDs can be shared across boundaries - that SC capability seems important.  The ability to link an identifier directly to a statement of trust control - of Key-registration and announcement - that seems essential.

May I ask for more information about the "uSDCard"?

best,

    -e

On 2/7/20 10:35 PM, Taner Dursun wrote:
Hi Eric,
We plan to involve TEE based wallets in order to store user's core key materials and to perform cryptographic operations for interactions with Identity Providers and Verifiers.
Of course TEE alone could not satisfy all the requirements. Therefore, integrating it with a security module which is embedded in a uSDCard is the other issue we are dealing :)

We have also encountered the problems what you mentioned about biometrics during our National Identity Card project. For Decentralized identity wallets,  we are just starting to adopt. I'd be glad to share new experiences.