4D/ End-User Identity Paradox “Curing Identity” – Don’t lose your phone
The end-user Identity Paradox - “Don’t lose your phone number.”
Convener: Jay Carpenter
Notes-taker(s): Jason Wrang
Tags for the session - technology discussed/ideas considered:
Phone Number Identity
System level End-user Identity
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Rich web experience through a phone #
Who controls a telephone #?
PHONEWORLD: Human friendly telephone number with an embedded phrase
The end-user Identity Paradox
An assigned telephone number has an end user, but the end user has no face.
The phone # has become a key identifier, but who has the rights to that number?
- “Hackers Have Stolen Millions Of Dollars In Bitcoin – Using Only Phone Numbers”
- “I-Team: Thieves Take Over Phone Numbers to Steal Identities”
The Catch-22 or Liar Paradox
Carriers don’t perform any end user authentication -- easy to hijack phone numbers.
Central DB to break end user paradox
Electronic Number Mapping (ENUM): RFC 6116
Identity – Determination of End-User Identity for a given telephone number is a current dilemma at the overall telecommunication and media delivery system level without an objective database that contains the definitive identity of the End-User
Self-Referential - The existing circular structure of the End-User designating the Carrier-of-Record/RespOrg while the Carrier-of-Record/RespOrg designates the End-User Identity created a key Next Generation Network telecommunications and media delivery paradox.
External Database – Creation of objective database such as End-User ENUM for registration and incorporating public vetting and aging to establish definitive End-User identity for a given telephone number could break the current circular dilemma surrounding determining End-User Identity.
Registration, Pubic Vetting and Aging – This process could contain key components for establishing and validating overall system level End-User Identity for successful implementation of Next Generation Network services. Moving forward with End-User ENUM implementations and an enhanced End-User ENUM registration process could be the key to ending this vexing paradox.
Registry constructs allows for whitelists, blacklists, present information based on who is attempting to contact the number.
Consider mobile phones as a dial-able SSN.
If phone/device is stolen, attacker can assume the identity.
In this construct, the number may relay a lot of information about the person.
There is a security concern regarding spoofing caller-id.
The database is dependent on the quality of the vetting, and the quality of the vetting is a problem today.
Can this globally registry remain secure?
Shared plans with single subscriber controlling multiple phones.
Anonymity could still be achieved through the use of burner phones, where registration is set as anonymous.
There are 3rd party vetting services today that offer similar services.
- Financial transactions:
- Numbers to exchange crypto currency.
- Rich Media
- Lookup number in browser for rich media, fallback to telephone call
- Mobile carriers could become trusted 3rd parties