4D/ End-User Identity Paradox “Curing Identity” – Don’t lose your phone

From IIW

The end-user Identity Paradox - “Don’t lose your phone number.”


Wednesday 4D

Convener: Jay Carpenter

Notes-taker(s): Jason Wrang

Tags for the session - technology discussed/ideas considered:

Phone Number Identity

System level End-user Identity

End-user ENUM

Identity Paradox

Registration/Vetting Database


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Jay Carpenter

JayCarpenter@DesertBlockchain.com

+1-602-228-4486 cell

1-800-HOLLYWOOD

PHONEWORLD.com


Rich web experience through a phone #

Who controls a telephone #?


PHONEWORLD: Human friendly telephone number with an embedded phrase


The end-user Identity Paradox

http://phoneword.com/images/1-800-AFTA-2008-09-16-11-00-00-USA-AZ_End-User_Identity_Paradox.pdf


An assigned telephone number has an end user, but the end user has no face.

The phone # has become a key identifier, but who has the rights to that number?

See article

  1. “Hackers Have Stolen Millions Of Dollars In Bitcoin – Using Only Phone Numbers”
  2. “I-Team: Thieves Take Over Phone Numbers to Steal Identities”


Circular Logic:


The Catch-22 or Liar Paradox


Carriers don’t perform any end user authentication -- easy to hijack phone numbers.


Proposed Solution

Central DB to break end user paradox


Electronic Number Mapping (ENUM): RFC 6116


Identity – Determination of End-User Identity for a given telephone number is a current dilemma at the overall telecommunication and media delivery system level without an objective database that contains the definitive identity of the End-User


Self-Referential - The existing circular structure of the End-User designating the Carrier-of-Record/RespOrg while the Carrier-of-Record/RespOrg designates the End-User Identity created a key Next Generation Network telecommunications and media delivery paradox.


External Database – Creation of objective database such as End-User ENUM for registration and incorporating public vetting and aging to establish definitive End-User identity for a given telephone number could break the current circular dilemma surrounding determining End-User Identity.


Registration, Pubic Vetting and Aging – This process could contain key components for establishing and validating overall system level End-User Identity for successful implementation of Next Generation Network services. Moving forward with End-User ENUM implementations and an enhanced End-User ENUM registration process could be the key to ending this vexing paradox.


Discussion

Registry constructs allows for whitelists, blacklists, present information based on who is attempting to contact the number.


Concerns:

Consider mobile phones as a dial-able SSN.

If phone/device is stolen, attacker can assume the identity.

In this construct, the number may relay a lot of information about the person.


There is a security concern regarding spoofing caller-id.


The database is dependent on the quality of the vetting, and the quality of the vetting is a problem today.


Can this globally registry remain secure?

Shared plans with single subscriber controlling multiple phones.


Anonymity could still be achieved through the use of burner phones, where registration is set as anonymous.


There are 3rd party vetting services today that offer similar services.


Use case:

  • Financial transactions:
    • Numbers to exchange crypto currency.
  • Rich Media
    • Lookup number in browser for rich media, fallback to telephone call
  • Mobile carriers could become trusted 3rd parties