Difference between revisions of "Proof of Presence"
(→Solution) |
(→Full Title) |
||
| Line 1: | Line 1: | ||
==Full Title== | ==Full Title== | ||
| − | [[Proof of Presence]] of user and app: | + | [[Proof of Presence]] of user and app: This is a proposed work item pending funding. |
==Context== | ==Context== | ||
Revision as of 14:12, 3 April 2021
Contents
Full Title
Proof of Presence of user and app: This is a proposed work item pending funding.
Context
- Decentralized ID presents a problem with assurance of the trustworthiness of the wallet apps.
Goal: to convert a verifiable credential into a verifiable presentation that includes online proof of presence of the subject of the Verifiable Presentation.
Orie Steele (Transmute) 5:46 AM @Tom Jones I did some work on biometric verifiable presentations a while ago. I used BioID Face Recognition & Liveness Detection Software. BioID provides software-based biometric authentication with presentation attack detection using face recognition and liveness detection. Most likely you would make a presentation that included a short lived liveness credential and the credential of primary concert to the Verifiable Presentation, for example: {DriversLicense, BiometricLivenessCheck}.
Tom Jones 7:42 AM @Orie Steele (Transmute) thanks - I guess you are saying that some other element in the phone must be trusted to create creds.
Stephen Curran (Cloud Compass) 7:55 AM I think that's a great use case and it would be good to make that possible. But you've nailed it that for such a credential to work, there has to be an element on the phone that is a "trusted" issuer -- something that the verifier can trust. In theory an open source, signed wallet might be able to do that, I suspect it will need to be at the phone OS level.
Solution
there are two ways to get a trusted signer on the phone or other user computing device.
- register an app that is trusted. If that is the method the easiest way is to register the actual instance of the wallet itself to the user.
- depend on the trusted element in the phone to boot up an assurance element - the TPM code in the TEE could do that, but it depends on a trusted server in the could. All of these depend on a web of trust that is not based on any human intervention. Not sure what the rWOT guys think about that? (nb this could be accomplished with a webauthn token like that from Yubikey)
Android
Apple
Windows
Government
The IATA traveler Identification process is compliant with ICAO standards. The process that a passenger would take to securely identify themselves in the IATA Travel Pass uses government issued ePassports to create a digital travel credential as per the standards developed through ICAO. The process has six steps:
- Download the free IATA Travel Pass to their Smart phone and login
- Take a selfie with the smart phone
- Complete a liveness test as instructed by the phone – i.e., move their head, close their eyes in front of the camera as instructed
- Scan the data on the two lines at the bottom of the passport photo page with their smart phones and scan the data-chip on the passport as prompted by the phone
- The IATA Travel Pass then matches the photo with the passport data (which contains a digital biometric photo of the passport holder) to verify that:
- the passport belongs to the person in front of the phone and
- that the passport is genuine and has not been tampered with.
- The verified digital travel credential is then stored on the passenger's phone and can be used as their ‘digital passport/ ID’.
References
- This wiki is part of the larger problem of Apps on User Devices.
- A related problem is described in the Over 21 with Proof of Presence Use Case.
