Trust Nexus

From IIW

In the very near future digital wallets on cell phones enabled by NFC technologies will create a radical transformation in identity management and financial transactions processing. This transformation will provide consumers with secure identities and secure financial transactions.

The basic question is, how can trust be established in the digital age? If you and I have never met and I come to your website or place of business, how can you be confident that I am who I say that I am? The Trust Nexus answers this basic question regarding the establishment of trust.

We have designed an identity management system, that will eliminate the possibility of identity theft for all participants, protect consumers and financial institutions from fraudulent transactions and solve many of the systemic problems of the current Public Key Infrastructure system, especially the problems of certificate revocation lists (CRLs) and on-line status checking.

Our solution is simple, practical and transparent to the consumer. Consumer acceptance will be rapid and widespread. Our solution protects individual privacy and prevents the establishment of monolithic government control. The essence of our approach is very different from the "Big Brother" approach recently announced by India (http://www.timesonline.co.uk/tol/news/world/asia/article6710764.ece#cid=OTC-RSS&attr=2015164). Rather than creating a centralized directory of private information, we will create a central repository containing a collection of localized decisions which will establish an Institutional Web of Trust.

Compared to a decentralized web of trust which creates a web of individuals with, "the expectation that anyone receiving [a list of signatures] will trust at least one or two of the signatures", we will create a system where trusted institutions legitimize individual identity. Additionally, the institutional web of trust established by The Trust Nexus will have centralized controller processes that rely greatly on self-management and automation resulting in great efficiencies.

The Trust Nexus does not secure identity by, "making personal data harder to steal". Rather, identity is secured by self-managing logical inconsistencies within the system, resolving identity conflicts and preventing fraudulent transactions.

As Bruce Schneier, author and security guru, pointed out, "Proposed [identity theft] fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second [preventing fraudulent transactions]. If we're ever going to manage the risks and effects of electronic impersonation [identity theft], we must concentrate on preventing and detecting fraudulent transactions." [Solving Identity Theft; http://www.schneier.com/essay-153.html]

In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on cell phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address). If there is a non-unique association, an inconsistency arises in the system. If the association is unique and verified by one or more legitimate institutions an individual's identity is secure (as long as the private key which he/she controls is secure).

Our system also provides the "Holy Grail" for single sign on. A user's cell phone will be provisioned with information cards containing specified security credentials for different systems and services. Rather than logging into a directory or utilizing a federated identity service, a user will log onto his/her cell phone with a PIN and a voice authentication signature. The user will then select the appropriate information card for the specified system or service (with no need to enter another user name or password). This approach also solves the "Keys to the Kingdom" problem where a single sign on to a directory service opens access to all the user's systems and services.

It is a certainty The Trust Nexus Repository will be a collection of geographically distinct repositories. It is very likely these repositories will be run in cooperation with governmental agencies.

In the United States, The Trust Nexus will solve all of the problems raised by the Real ID Act without any of the problems of privacy and governmental oppression. The Department of Homeland Security has already spent hundreds of millions of dollars trying to solve the problem of reliable identity. We expect to receive significant funding from the Department of Homeland Security.

In the European Union, the user centric nature of The Trust Nexus resolves all the privacy concerns specified by ENISA (http://www.enisa.europa.eu/act/it/eid/eid-cards-en). A system that secures identity, maintains privacy and eliminates fraudulent financial transactions will certainly gain support from the European Union.

Considering China, "The number of mobile phone subscribers in China had amounted to 702.7 million by the end of July, more than the combined populations of the U.S. and the Eurozone, according to statistics by the local government." (http://www.tradingmarkets.com/.site/news/Stock%20News/2514497/) For their own reasons, Chinese government officials will enthusiastically adopt a workable identity management system based on cell phones; again, this will be a "natural" development based on technology and social forces.

We expect to become both the de jure and de facto system of national identity for all nations. We are confident that whoever controls the infrastructure for secure identity will also control the infrastructure for financial transactions.

Please visit our website (http://www.thetrustnexus.com) for technical details.