| Basic Principles |
>>> page 1 - page 2 -
page 3 - |
 |
| Managing institutions within The Trust Nexus Repository will be simplified based on the self-interest and self-management
of the institutions. The institutions will be authenticated by established certificate
authorities. The major certificate authorities have high level processes for
institutional authentication and security; these processes have established a record of
reliability over many years. Institutions will have a vested interest in maintaining
the validity of their certificates within The Trust Nexus Repository. |
|
| Similar to the default list within web
browsers, The Trust Nexus
Repository will maintain a default list of
legitimate certificate authorities. The certificates presented by the institutions
will be verified by an automated process within The Trust Nexus Repository.
This list of approved certificate authorities will be very manageable. Microsoft's
Internet Explorer and Mozilla's Firefox web browsers each utilize fewer than one hundred
standard certificate authorities. |
|
| For institutions and for individuals, the
processes of The Trust Nexus
Repository make it much more than a
traditional PKI "trusted directory" of certificates and private personal
data maintained by a central authority. When such systems reach a very large scale
they require great resources for administration. The self-management aspects and the
automated process of The Trust
Nexus Repository will enable it to grow to a
world wide scale. |
|
| In terms of Game Theory,
The Trust Nexus is a "Highly
Cooperative" game where everyone who plays by the rules wins. There are no
penalties in playing the game. The only potential loss comes from not playing the
game. |
|
 |
|
| The The Trust
Nexus is a three factor identity system: |
|
- Something the user has (a digital wallet with a
private key secured on the user's cell phone).
- Something the user knows (a PIN number to access the
user's digital wallet).
- Something the user is or does (photo ID, voice
recognition and other forms of biometrics)
|
| The The Trust
Nexus meets the criteria for strong authentication as
defined by the U.S. government's National
Information Assurance Glossary: "Layered authentication approach relying on
two or more authenticators to establish the identity of an originator or receiver of
information." |
|
| The geo-spatial capabilities of cell phones
opens the possibility of location-based authentication being incorporated
into The Trust Nexus. |
|
|
|
| Because private keys will only be stored on
users' cell phones and no account or other personal information will be stored, The Trust Nexus Repository will be perfectly secure. Even if an espionage team assaults
one of the data centers they would only be able to access the legal identity of users and
publicly available encrypted hash codes. A direct attack or a successful cyber
attack on a particular data center could cause temporary havoc; however, there could never
be a breach that allows fraudulent transactions to become valid. |
|
| The Trust Nexus
meets all the goals of the Real ID
Act with out any of the problems.
According to NetworkWorld, "The Real ID Act was approved by Congress and
signed into law by President Bush in 2005 as part of the government's effort to combat
terrorism. Though states are not mandated to implement it, all citizens will eventually
need ID cards that comply with the Real ID requirements in order to board planes, enter
federal buildings and receive benefits from the federal government. Between 2006 and 2008,
the DHS handed out more than $360 million in grants to states for implementing Real
ID." We expect to receive significant DHS funding for The Trust Nexus. |
|
|
|
| The Trust Nexus
does not secure identity by, "making personal data harder to steal".
Rather, identity is secured by self-managing logical inconsistencies within the system,
resolving identity conflicts and preventing fraudulent transactions. |
|
| Rather than creating a centralized data store of
private personal data, a much better approach is to allow users and institutions to act in
their self-interest and play a role in the management of their identity. Also,
rather than verifying private data it will be much better to store a collection of
localized decisions and to use those decisions to form an Institutional
Web of Trust. |
|
| As Bruce Schneier,
author and security guru, pointed out, "Proposed [identity theft] fixes tend to
concentrate on the first issue--making personal data harder to steal--whereas the real
problem is the second [preventing fraudulent transactions]. If we're ever going to manage
the risks and effects of electronic impersonation [identity theft], we must
concentrate on preventing and detecting fraudulent transactions." [Solving Identity Theft] |
|
|
|
| The simplicity of The
Trust Nexus will not prevent patents from being issued. As long as
the combination of processes that encompass a system are, "new, inventive, and
useful", the system is patentable. |
|
While there are thousands of patents
related to "Identity" and "authentication", there are no patents
covering, "A self-managed system designed to prevent fraudulent transactions based on
the resolution of identity conflicts within an institutional web of trust." We
are very confident our patent applications will pass the Graham Factors for
non-obviousness, especially the factors that show, "objective evidence of
non-obviousness":
- commercial success;
- long-felt but unsolved needs; and
- failure of others.
Basically, if we create a system that works, patents will
be awarded. |
|
| The utility of The
Trust Nexus will not lead to duplication even after the patents expire.
Once the infrastructure is created and widely adopted it will be nearly impossible
to displace the infrastructure. A good analogy is the electrical power grid.
There are many players that compete in the production of electricity, but no one attempts
to replace the basic infrastructure. |
|
| Regarding the Bilski case which was recently decided by the U.S. Supreme Court, some asserted this case would overturn all
software patents. This did not happen. |
|
There are those who
believe all software patents should be invalidated because they are merely ideas. One of
the commentators at Ipwatchdog gives a great refutation of this assertion:
"...you clearly do not understand computers and software if you believe they are
abstract ideas. The arguments against software patents have a fundamental flaw. As any
electrical engineer knows and software developer should know, solutions to problems
implemented in software can also be realized in hardware, i.e., electronic circuits. The
main reason for choosing a software solution is the ease in implementing changes, the main
reason for choosing a hardware solution is speed of processing. Therefore, a time critical
solution is more likely to be implemented in hardware. While a solution that requires the
ability to add features easily will be implemented in software. Software is just a method
of converting a general purpose electronic circuit (computer) into a application specific
electronic circuit. As a result, to be intellectually consistent those people against
software patents also have to be against patents for electronic circuits." |
|
| Additionally, the data of The Trust Nexus Repository can be protected under contract
law. This means we will be able to control the utilization of legal identities,
public keys and encrypted hash codes from the repository and prevent "secondary
use" of the data (e.g., an issuer of a Decoupled Debit
Card could not utilize data from the repository without abiding by contractual
provisions such as a usage fee). |
|
|
| >>> page 1 - page 2 -
page 3 - |
|
