The DIAC Project: Access Control through the Disposable Identity Framework
Access control systems are used to protect system resources from inappropriate or unwanted user access. The process of granting access involves two phases: Authorisation and Authentication. Authentication is used to verify that the person is who they claim to be. When access control systems are used in the context of physical devices, they are mainly based on user identification using smart cards (with chip) or contactless cards such as RFID. Biometric systems such as fingerprints or PIN codes are also used.
Today, IT systems consist of multiple cloud and local networks, many of these systems are geographically distributed around the world and may contain devices with high synchronisation latency. Systems with high penetration bring with them some privacy and security issues that can arise, for example, from the loss of the identification card, card cloning and the disclosure of the access PIN to another person. The user’s identity is also threatened as they and their details are assessed in the distributed system.
In this article, we present a solution that aims to avoid direct user interaction with access control through what we call a Disposable Identity Framework. A Disposable Identity is a contextual and temporary identity that is limited in scope, time and location. It allows end users to present specific and limited information/credentials to validate themselves for a service, in our case building access control.
Keywords: data, access control, privacy, event identity, one-way identity.
Introduction
The thought leaders of organisational management are just about tuned in to signals of paradigm shifts. The Italian linguist and author Antonio Gramsci sees “monsters” because the old has not yet passed, but the new cannot be conceived as “pre-normal” to “normal”. The French mathematician René Thom points to the moment when the attractors (signs of “success”) tied to the current situation lose their attractiveness. US computer scientist Mark Weiser, in his 1991 text “Computers for the 21st Century”, explains the fundamental nature of change by showing that the success of Ubicomp (the 1990s term for #IoT) is that it completely disappears as a visible technology in the “fabric of everyday life”.
If we look at governance and technology through the centuries as an encroaching agency for the tools that were attuned to visible interfaces, it becomes clear how important it is to fully grasp this disappearing moment. For where is the handle to the door? The knob to adjust sound, power, speed on the machine? The cursor on the screen that guides you through virtual data sets? What happens ontologically to an architectural position when it can no longer distinguish between the analogue and the virtual digital twin?
Today, entities that were temporarily filled by the notion of the psychologically “whole”, administratively numbered (social security, passport, telephone…), socio-economically responsible and ethically accountable “person” are shifting from “occupied” back into the “void”. This gradually renders ineffective all the instruments that worked at any of these levels. The agency at each level (architectural, ethical/moral, economic, well-being and politics…) shifts to the level below: the set of attributes, properties, characteristics that we can discuss as event identities.
On the nature of event identity
In today’s hybrid world, networked artefacts react and act in real time with real-time data streams coming from automated information systems. Decisions are usually made too quickly for humans to intervene. This leads to a new approach to cause and effect and a new way of evaluating the first thing humans do, namely who is responsible.
Take the following example. A connected self-driving car collides with a person, hits a rock and falls into the water. In workshops held as part of the Next Generation Internet project (NGI Forward, https://research.ngi.eu), a scenario was developed in which the car, the person, the rock and the water were all given a temporary identity. An ‘event identity’, which is a combination of these identities, now forms the basis on which liability, responsibility and eventually some form of payment are either demanded or made. Such event identities are combinations of real events, derived behaviours and contexts from surrounding sources (cameras, sensors, wearables) and proactive scenarios that exist purely in virtual (non-embodied) analytics combined with AI capabilities.
It becomes clear that in this hybrid world, the notion of identity as it is used in everyday life – having a full, rounded life, consistently being that one person in all situations, always being identifiable, etc. – is no longer relevant and productive. – is no longer relevant and productive. We therefore propose a more contemporary concept of identity: instant identity.
On the nature of instant identity
Instant identities are temporary, attribute-based identities that can be integrated into any smart contract between a recipient and a provider. A digital context-based exchange of data that is generalisable, i.e. a digital identity internet layer can be applied to any existing communication service. The entire ecosystem in which one-way identities would operate requires a similar trust infrastructure, where the combination of seamless connectivity and personalised support does not rely on continuous real-time tracking of identified users.
Instead, it works with attribute-based relational identities that are created for each individual interaction between user and service (or object and service) and disposed of immediately afterwards. With instant identities, new applications can be added to this ecosystem using a strictly attribute-based solution that does not require full disclosure (of identity). All that is required is age, the ability to pay for the service, and compliance with insurance and accountability laws. Digital services can be provided to authenticated users without the need to disclose a single complete set of identifying information.
Instant identities can thus function as an e-ID that can ensure both the anonymity of the identity holder – the ability to be unidentified – and the ability to reliably identify and verify a person’s identity.
Advantage of lower data volumes
Instant identities are thus also another step towards minimal data processing: the amount of identity data processed should be appropriate, relevant and limited to what is necessary for the purposes, as required by the GDPR regulation. They are temporary, attribute-based identities integrated into a smart contract (in the broad definition of the term) between a recipient and a provider of a service. Enabled by a Self-Sovereign Identity (SSI) architecture, instant identities can also provide anonymised, near real-time, tamper-proof and verifiable identity information.
Furthermore, an instant identity can also be linked to an ‘official identity’, thereby distinguishing it from broader concepts of personal and social identities that may be relevant for unofficial purposes (e.g. unregulated commercial or social peer-to-peer interactions in person or on the internet). In other words, there is always the possibility of aligning an instant proof of identity (disposable proof of identity, DPI) with an official identity; if desired, such a proof of identity can be explicitly linked to an official identity (national ID card, eIDAS eID, online passport) via a “verifiable presentation”.
From the possibility of new values and claims
Instant identities enable mobile or web application developers to deploy a new type of self-managed identity and privacy framework that primarily aims to restore trust in digital services by providing greater transparency, decentralised identity and data control, and built-in mechanisms to comply with the General Data Protection Regulation (GDPR). With a user interface that allows for the management of multiple self-sovereign identities, privacy consents, digital authorisations and associated data-driven transactions, the added benefit of single-use identities is that they can also contain verifiable data such as the owner’s photo, official or even biometric identifiers to more proactively prevent identity misuse. Instant identities are designed for advanced decentralised privacy arrangements that can also be time, purpose and context bound through a secure digital contract; with verification capabilities based on tamper-proof technologies.
The framework outlined herewith thus introduces the notion of “instant identity” in a world where the properties of what we know – people, animals, objects and thus protocols, formats and processes – become fluid and blend into new entities. The decoupling of identity through thinking in terms of “claims” (combined one-way identities of objects and beings) opens up a new field of values and services. In the case of self-driving cars, this way of thinking could stand for establishing liability not with real person identities but with “entitlements”, i.e. any combination of a certain driver (with points in a passport and certain characteristics) and a certain car. This reasoning can basically be applied to any service on the network.
Disadvantages of traditional access control …
Currently, access control systems are mainly based on user identification with smart cards (with chip) or contactless cards (RFID). In other cases, biometric systems such as fingerprints or PIN codes are used. However, these identification systems are fraught with privacy and security issues: user authentication in an access control system, e.g. loss of the card, data breaches, cloning of cards, disclosure of the access PIN to another person, etc.
… and advantages of the DIAC solution
In this context, our DIAC solution aims to solve most of the problems that current access control systems have by using innovative solutions and avoiding the direct interaction of the user with the access control system through the Disposable Identity Framework. A disposable identity is a contextual and temporary identity that is limited in scope, time and location and allows end users to present specific and limited information/credentials to validate themselves for a service, in our case building access control.
DIAC provides a service-oriented structure in smart building environments to identify and register end users. To do this, DIAC assigns them a secure one-way ID based on cryptographic root IDs and contextual fingerprints. End-users can register for a secure but privacy-friendly identification (limited and context-only). Instant ID attributes are stored on resilient distributed ledgers through smart contracts. Identification can be done with a smartphone. We address access control through a device that requires credentials and the infrastructure for providing the Disposable ID. Our approach overcomes the disadvantages of current access control systems where access is granted to individuals and for an indefinite period of time. It also ensures that the issuer limits compliance with the GDPR by collecting too much irrelevant data and is less vulnerable in the event of a data breach.
Conclusion
The most difficult concept to grasp in this digital transition is the relatively (semi-) autonomous view of the network itself. This network is a mix of cloud and edge services (data storage on the device), with AI running in everyday objects (wearables, washing machines, cars). For this network, all its users are “entities”, which can be machines, people and processes (templates with predefined scenarios). This ultimately makes it clear that “identity” in the sense of individual identities is no longer a relevant and productive concept. Last not least DIAC is a project asvin works on with https://odins.es/ as part of the https://securit-project.eu/framework.