Posted by Umair Abbasi on March 30, 2018 in Technology
Did you wake up to another security breach where your personal information just got compromised? We have to build a technology future where our information isn't stored on vulnerable vendor servers. Instead we provide them access to revokable credentials to our information.
What follows is a thought process on what may be done to secure our social security numbers, credit card information, email addresses, all the components that constitute us in the digital world and how it affects our non-digital presence.
It's a thought process. It can be poked with questions, holes drilled in the logic.
The Concept - Public Keys and Private Keys
A unique public key is generated in our app for our SSN for every vendor that would like to use any component of our digital us (social security, credit card, bank account numbers, email address). The credit reporting agency has received the unique public key associated to us. They know it's us because we have verified in the past by some verification method that this is us.
The public key is tied to that vendor. So an access control of sorts that allows only that vendor to use that public key. If another vendor/system tries to access or use the key the key fails and doesn’t expose the underlying results of the key.
On the user (our) end, we have a list of public keys and vendors authorized to use that key. We can see who has access to the key, who else might have tried to use the key based on the unique public key tied to a particular vendor, and the key can be revoked anytime, think unsubscribe.
Any attempts to use that key by another vendor is logged too. That way you can trace back the original vendor the key was shared with and hence traceability to the original vendor the key was shared with and where the leak might have taken place.
If the vendor where the public key is stored was ever hacked the only information the hacker receives is a set of public keys that are useless since they won’t be evoked from the system that was authorized to use the key. Also when a hack takes place the vendor notifies the subscribers, they revoke the key, regenerate a new public key for the vendor and we are good to go.
Saul and Beth - The Concept as a Story
Let's use this as an example. Saul is the vendor and Beth is the person applying for something that requires her SSN.
Saul sends Beth a request, hey can I please have your SSN? Beth generates a public key for Saul which is for her SSN. The key is given to the credit reporting authority via a blockchain acting as the ledger. I have generated this key for Saul and authorize them to receive the results of the inquiry for the next 24 hours. The credit reporting agency sends Beth a request, hey Saul wants to use this public key. Ok to do so? Beth responds to the server, Yes!
The credit reporting agency fetches the results of her credit report and sends the underlying information, which in this case is Beth's excellent credit rating, and a 800 credit score. The SSN is not part of the results. Credit reporting agency sends the information to both Beth and Saul. Credit reporting agency stores the key, request date and time, requesting vendor, results, in a blockchain ledger.
On Beth's app there is a list of all vendors a public key of her SSN has been generated for. Hackers hack Saul's servers and obtain Beth's public key. They can send it to the credit reporting agency. Beth receives a notification from the credit reporting agency that Saul is requesting to use the same key again, what do you think? Beth asks Saul hey why is my key being used again? Saul says we have been hacked!
Beth clicks revoke on the public key associated with Saul and the key no longer is valid. A message is sent to the credit reporting agency the key is now revoked and not to bother her with any more requests for that key. Do log requests for legal authority purposes.
Beth's SSN isn't stored anywhere on the credit reporting agency and the hacker really never receives Beth's SSN.
What's different about this from today?
At current times the SSN is filled into a web form on Saul's (hopefully) encrypted website. Saul receives the SSN and can actually see the SSN anytime they like. Saul thinks his I.T. folks are doing their due diligence and are storing the information in a highly encrypted form. Until you get the dreaded email from Saul, we have been hacked and all the underlying information has been stolen including your SSN. We will give you a year's worth of credit monitoring tool. Sorry!
Let's say even if it was encrypted why does Saul need the SSN? To do a credit check. The public key enables Saul to do that without actually having the SSN. Also, the public key can be revoked so the credit reporting agency doesn't authorize its use. Your SSN is still safe.
The question arises what if the credit reporting agency is hacked? In this scenario what if we went higher up into the chain and if the SSN generating authority is passing out the SSN and a encrypted private key to the user. The private key is the only piece of information that could be compromised and regenerated and associated with the underlying SSN. The SSN is never given or stored with the credit reporting agency. Instead it's a private key that establishes this is Beth. And if they are hacked and that key is compromised a whole new set of private keys are regenerated.
At present times there is no scenario in which to regenerate a SSN. Down the road using this method, new SSN's could be generated for Beth and a ledger stores that change and associates the private key with the new SSN.
You also have the authority to revoke access to your public key from the vendors. You are able to track who has access to which public key. A leak can be traced back. And just being able to revoke gives you back control of your privacy.
The concept is probably not sound. Haven't really given too much thought on all the oops scenarios. They probably come easier to others. Do share.
If nothing comes out of it, let's agree, we need a better way to store, access, and process confidential information. We can't just sit back and hope no one uses our SSN on the latest hack that we received a sorry for.
The initial concept drawing before the writing of this article below. The concept initially had a decryption engine in the cloud.