Skip to content

IdentityServiceOffice

Jump to bottom
Jörg Hohwiller edited this page Feb 23, 2020 · 5 revisions

Identity Service Office

In each participating region an identity service office has to be set up. It is run by at least three certified identity service officers. Each of them has a personal key pair and at the end of the certification their identity (containing a hash of their public key) is signed and published accordingly on the identity directory.

Identification Grant

Every newcomer (a person that wants to join in) has to phyiscally meet with two identity service officers from his region. He provides his public key signed with the according private key to the identity service officers and needs to show his identity card ("domestic passport"). Further he has to fill and sign a participation contract. The identity service officers will do the following:

  • check that the identity card is valid and not expired

  • match the identity card with the newcomer

  • match the signature of the participation contract with the signature from the identity card

  • create a hash from the following data from the identity card:

    • (first) given name (of birth)

    • last name (of birth)

    • date of birth

    • city of birth

    • TODO define another property that does not change during lifetime but is hard to get for a foreign person. (e.g. the hash of the DNA but it should be relativly easy to determine and not super-sensitive. So maybe the hash of the generified pattern of a finger- or toe-print)

  • This hash combined with the current timestamp and the region code

  • This combination is signed with the private key of the identity service officer dedicated for the identification

  • The signed result is sent as request to the global identity service

  • That service will respond with a signed message

  • The message is verified and checked if the newcomer is not already registered for a different region. Otherwise the entire application is rejected and the process terminates here.

  • If all is valid the unique identity is associated with the public key of the newcomer. This information is written on the participation contract and kept secure.

  • Finally the identity service officer(s) sign the following data and publish it to the identity directory:

    • public key of the newcomer

    • corresponding region

    • valid from date set to today

    • valid to date by default set today plus one year (1st of March instead of 29th of Feburary)

    • adult flag set to true if newcomer is at least 18 years old, false otherwise

  • The participation contract is field in the archive of the identity service office.

Data privacy

Please note that the public key of the newcomer is not written on the participation contract. Also the contract only contains the year and not the exact date. Matching a natural person with a public key would still not be possible even if all participation contracts as well as all data from the globlal identity service would be stolen and combined.

Further, you should also note that the only real information that can be revealed from the public key registered for universal income is when value was generated and where it has been spent. As the amount of the universal income is fixed and given there is no sensitive information in it. As it is generated per day the only additional information is the exact time when this happend. If you care extremly about data privacy you can

  • transfer all community income and all sustainability income directly to the corresponding governments.

  • transfer your person income to a random number of pseudonymous IDs with each transaction after a random delay before using it for real payments.

  • do not reuse peseudonymous IDs for other transactions

Prolonging Grant

If you already have an identity for universal income you can prolong it without another identification grant. Therefore you send a prolonging request containing a new public key to the identity service office that you sign with your current private key before it is expired as well as with your new private key. The new public key will then be signed by two identity service officers without the need to show up phyiscally again.

Cancellation

In case you move to a new region you can request a cancellation at the identity service office. The process will be similar to the identification grant but the identity service officers will send the cancellation to the global identity service for the cancellation date. This date has to be equal to or after the expiry date of your current ID for person income. After the cancellation date you will be able to run through the identification grant in the identity service office of a different region.

Creative Commons License Agreement
This documentation is licensed under the Creative Commons License (Attribution-ShareAlike 4.0 International).

Clone this wiki locally