Blockchain and Digital Certificates Enhance Security

Blockchain and Digital Certificates Enhance Security

Quiz

What is the definition of a Personal Client (IC)? Describe two (2) types of ICs.

What is the difference between a Secure Computing Device (SCD) and a Portable Computing Device (PCD)?

What information does a Biometric Digital Certificate (BDC) contain?

What is the primary purpose of blockchain technology in this invention?

What are the four (4) key functions of a Data Analytics Authentication Processor (DAAP)?

How is a Service Access Authentication Tag (SAAT) generated? What is its significance?

How does this invention address security issues related to Man-in-the-Middle (MITM) attacks?

What role does a trusted source play in verifying the IC's personal data?

How does this invention enhance the security of the IC's personal data?

What is the significance of IC live video clips in the authentication process?

Answer Key

A Personal Client (IC) is a user who uses a portable computing device or a secure computing device to conduct online transactions. The two types of ICs are ICs using PCDs (e.g., individuals using smartphones) and ICs using SCDs (e.g., employees using desktop computers equipped with authentication applications).

The difference between an SCD (like a desktop computer) and a PCD (like a smartphone) lies in their security features and intended use. An SCD is equipped with a specialized hardware security module (HSM) to protect the IC's digital certificates and cryptographic keys, making it suitable for sensitive transactions. On the other hand, a PCD relies on a less secure cryptographic processor.

A biometric digital certificate (BDC) contains the IC's public key, the IC's name, a unique serial number, an issue date, an expiration date, the name of the Biometric Certification Authority (BCA) that validated the IC's biometric data, the digital certificate that issued the BCA, the algorithm used to sign the BDC, and the URL of the blockchain database where the biometric data is stored for verification.

In the present invention, blockchain technology acts as a tamper-proof distributed database that stores timestamped and immutable electronic data records of the IC, thereby ensuring data integrity and preventing unauthorized changes.

The four key functions of DAAP are: (1) collecting IC data from various sources, (2) analyzing and correlating the IC’s biometric, biographical, and live video data, (3) calculating the Service Access Authentication Tag (SAAT) score, and (4) updating the biometric and biographical blockchain databases.

SAAT is generated by comparing and correlating the IC’s personal data collected during registration and service request sessions. The SAAT score represents the confidence level of the authentication, which the SP uses to grant or deny access to services.

The present invention addresses the MITM attack problem by requiring authentication from multiple sources, including the IC’s biometric data, biographical data, live video clips, and historical transaction data stored in the blockchain database. This multi-layered approach makes it nearly impossible for an attacker to intercept and tamper with all data points.

Trusted sources are verified entities that hold the IC’s personal data, such as credit history, driver’s license information, or educational credentials. DAAP accesses these databases to verify the information provided by the IC, adding a layer of assurance.

The present invention enhances the security of IC personal data by storing it in a blockchain database, controlling access using digital certificates, and employing public key cryptography to protect data transmission.

IC live video clips provide proof of liveness during the authentication process, confirming that the IC requesting services is a live person, not a static image or recording used by a fraudster trying to impersonate the IC.

Paper Questions

Discuss how the present invention addresses the limitations of existing multi-factor authentication (MFA) systems.

Explain the synergy of biometric data, biographical data, and live video clips in establishing reliable authentication of ICs.

Analyze the advantages and disadvantages of using blockchain technology in the authentication process, focusing on data security, integrity, and privacy.

Evaluate the impact of incorporating trusted sources into the authentication process. How does this enhance the overall security of the system?

Explore the potential applications of the present invention in various fields and discuss its impact on enhancing security and preventing fraud.

Glossary

Term Definitions Personal Client (IC) A user who uses a PCD or SCD to conduct online transactions. Secure Computing Device (SCD) A device equipped with an HSM for increased security, such as a desktop computer. Portable Computing Device (PCD) A portable device with a lower level of security, such as a smartphone. Biometric Digital Certificate (BDC)A digital certificate issued by a BCA that contains the IC's biometric information. Data Analysis Authentication Processor (DAAP)A system that analyzes IC data and generates a SAAT score. Service Access Authentication Tag (SAAT)An authentication score that determines access to a service. Trusted SourceA verified entity that holds IC personal data. Biometric Blockchain Database (BBD)A tamper-proof database that stores IC biometric data. Biographic Blockchain Database (BGBD)A tamper-proof database that stores IC biographic data. Man-in-the-Middle (MITM) AttackAn attack where an attacker secretly intercepts and potentially alters communications between communicating parties.