Identity checks that leave privacy intact

Consider the following problem. You want to start working for an employer, who must (for whatever lawful reason) check your identity against a black list. If your identity is on the black list, you should be denied the job.

This kind of problem usually means that a black list must be published somewhere. And that may conflict with privacy laws. Should that be allowed? No, there is a simple technical solution that allows the check but also keeps the privacy of the listed people protected.

The property of privacy-protection is useful, because it means that not only black lists can be distributed, but also white lists containing non-suspicious people. This may open a new range of applications.

Example: apply for a job

When you start a job, you surrender your identity. Nothing wrong with that, your boss should know who you are. He can enter the information from your passport or driver's license in a form like the one below, to see if you are on the black list that follows below -- the information given behind the form fields give an imaginary person who is on the blacklist below.

Your number:blacklisted: 12345
Your name:blacklisted: John Doe
Your address:blacklisted: Gully 13

The public black list

Following is the black list of identities -- these codes, so-called secure hashes, cannot be used to recover the personal identities, but they do allow identity checks. As a result, this list can safely be published! You can simply lookup the identity you entered and submitted above, to see if the secure hash calculated matches one of the black list entries below.

  • 55f3db9b1e3fde0b260469d878578b41
  • b865cb11767b98bb87c84d5093f17da7

If an entry turns red in the above list, it indicates a match with the identity calculated above.

Now imagine guessing the other entry. You would not know where to start -- and that's precisely the point that this demonstration wants to make you understand.

A word of caution

Please beware -- although the functionality of secure hashing is widely available, it only works well when applied accurately and cautiously. In this case, you should use a better hash, and more entropy. In general, security is a specialty domain, and you may want to seek expert help in using it properly.


 
   ------ 8< ---------- 8< ----------- 8< ------ | OpenFortress*