SECURE AND SELECTIVE: A FRAMEWORK FOR A CENTRALIZED FEDERAL IDENTITY SYSTEM WITH SCOPE-LIMITED INFORMATION SHARING
Keywords:
Federal Identity System, Scope-Limited Information, Sharing, Digital Privacy Protection, Centralized Identity Verification, Secure Data ManagementAbstract
This article proposes a novel approach to digital identity management by implementing a centralized federal identity system. The current practice of manually entering sensitive information across multiple platforms poses significant privacy and security risks. Our proposed system addresses these concerns by securely storing citizens' identities and implementing a granular, scope-limited information-sharing mechanism. The system minimizes data exposure and reduces the risk of identity theft by allowing users to authorize access to only the specific information required for each interaction. We present the architecture of this system, including secure data storage, encryption methods, and purpose-based information-sharing protocols. The benefits of enhanced privacy protection, improved security, and streamlined user experience are discussed alongside potential implementation challenges such as scalability, legal considerations, and public trust. This centralized approach represents a significant step forward in modernizing identity verification for the digital age through comparative analysis with similar systems in other countries and consideration of emerging technologies. Our findings suggest that such a system could mitigate current vulnerabilities in identity management while providing a more efficient and user-friendly verification process across various platforms.
References
D. J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigenbaum, J. Hendler, and G. J. Sussman, "Information accountability," Communications of the ACM, vol. 51, no. 6, pp. 82-87, 2008. [Online]. Available: https://dl.acm.org/doi/10.1145/1349026.1349043
P. Grassi, M. Garcia, and J. Fenton, "Digital Identity Guidelines," National Institute of Standards and Technology, Gaithersburg, MD, Special Publication (NIST SP), 800-63-3, 2017. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-63-3
Federal Trade Commission, "Equifax Data Breach Settlement," Federal Trade Commission, 2019. [Online]. Available: https://www.ftc.gov/enforcement/refunds/equifax-data-breach-settlement
G. Alpár, J. H. Hoepman, and J. Siljee, "The Identity Crisis. Security, Privacy and Usability Issues in Identity Management," Journal of Information System Security, vol. 9, no. 1, pp. 23-53, 2013. [Online]. Available: https://arxiv.org/abs/1101.0427
C. Gentry and S. Halevi, "Implementing Gentry's Fully-Homomorphic Encryption Scheme," in Advances in Cryptology – EUROCRYPT 2011, K. G. Paterson, Ed. Berlin, Heidelberg: Springer, 2011, pp. 129-148. [Online]. Available: https://link.springer.com/chapter/10.1007/978-3-642-20465-4_9
P. Seltsikas and R. M. O'Keefe, "Expectations and outcomes in electronic identity management: the role of trust and public value," European Journal of Information Systems, vol. 19, no. 1, pp. 93-103, 2010. [Online]. Available: https://www.tandfonline.com/doi/abs/10.1057/ejis.2009.51
N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore, "OpenID Connect Core 1.0 incorporating errata set 2," The OpenID Foundation, Nov. 8, 2014. [Online]. Available: https://openid.net/specs/openid-connect-core-1_0.html
S. Landau and T. Moore, "Economic tussles in federated identity management," First Monday, vol. 17, no. 10, 2012. [Online]. Available: https://firstmonday.org/ojs/index.php/fm/article/view/4254/3340
Y. Cao and L. Yang, "A survey of Identity Management technology," 2010 IEEE International Conference on Information Theory and Information Security, 2010, pp. 287-293. [Online]. Available: https://ieeexplore.ieee.org/document/5689468
K. Cameron, "The Laws of Identity," Microsoft Corporation, May 2005. [Online]. Available:
https://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf
T. Vassil, "Estonian e-Government Ecosystem: Foundation, Applications, Outcomes," Background Paper for World Development Report 2016: Digital Dividends, World Bank, 2016. [Online]. Available: https://thedocs.worldbank.org/en/doc/165711456838073531-0050022016/original/WDR16BPEstonianeGovecosystemVassil.pdf
E. A. Whitley and G. Hosein, "Global Identity Policies and Technology: Do We Understand the Question?," Global Policy, vol. 1, no. 2, pp. 209-215, 2010. [Online]. Available: https://onlinelibrary.wiley.com/doi/full/10.1111/j.1758-5899.2010.00028.x
A. Beduschi, "Digital identity: Contemporary challenges for data protection, privacy and non-discrimination rights," Big Data & Society, vol. 6, no. 2, 2019. [Online]. Available: https://journals.sagepub.com/doi/full/10.1177/2053951719855091
A. Othman and J. Callahan, "The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity," 2018 International Joint Conference on Neural Networks (IJCNN), 2018, pp. 1-7. [Online]. Available: https://ieeexplore.ieee.org/document/8489316
