Digital signatures are enough to transact millions of dollars worth of cryptocurrency. It’s not that they are “not ready”, it’s that there isn’t enough surrounding infrastructure for it. If everyone was issued a digital signature key embedded into the smart chips of their ID cards and every phone and computer came with the hardware and software needed to read and sign things, paper signatures would be the ones regarded with suspicion for not being digital and not the other way around.
The technology to embed digital signatures into smart chips on cards is already used on payment cards. We’re just not making full use of the technology available to us.
The ideal set-up would be that everyone’s ID card comes with a smart chip containing a private key issued by the Government. Everyone has a phone app that can sign and request signatures for messages. The public keys associated with any given identity can be freely accessed on some public database.
To sign a message, the card can be tapped against an NFC reader or inserted into a chip reader. This will cause the hardware inside the card to sign the message and return a signature to the requesting device. The requesting device must send the signature to a Government server in order to timestamp the signature and verify that the person who signed is the person they claim to be. The message itself does not need to be sent, just the signature and the hash of the message.
When your card is used to sign a message, you’ll get a notification through the app on your phone. Allow for some short timeframe (perhaps 24 hours) when the signer can cancel their signature without excuse, so that unauthorised signatures can be quickly caught and cancelled and the damage limited. If your card is lost or stolen, reporting it as such will revoke the corresponding key on the database and any messages purportedly signed after the revocation date will be invalid.
This set-up would also allow for 2FA to be implemented easily by using a simple PIN scheme where users configure a PIN in advance and this PIN must also be reported to the server in order for the signature to be regarded as valid.
Time for the US to bite the bullet and do that with SSN cards.
It’s already being used as an ID, even if the inventor didn’t intend for it to happen.
Just put up a picture and a smart chip on it.
The social security number can really be retired altogether. There already exists a form of national identity card in the US, and it’s called the passport card. It contains all the information found on a passport except the visa pages, contained in the form of a smart card. It already has RFID capabilities. The only thing is that passport cards are not universal, but they can be if they are made free and the Government phases out social security numbers for passport card numbers in all contexts.
Digital signatures are enough to transact millions of dollars worth of cryptocurrency. It’s not that they are “not ready”, it’s that there isn’t enough surrounding infrastructure for it. If everyone was issued a digital signature key embedded into the smart chips of their ID cards and every phone and computer came with the hardware and software needed to read and sign things, paper signatures would be the ones regarded with suspicion for not being digital and not the other way around.
The technology to embed digital signatures into smart chips on cards is already used on payment cards. We’re just not making full use of the technology available to us.
The ideal set-up would be that everyone’s ID card comes with a smart chip containing a private key issued by the Government. Everyone has a phone app that can sign and request signatures for messages. The public keys associated with any given identity can be freely accessed on some public database.
To sign a message, the card can be tapped against an NFC reader or inserted into a chip reader. This will cause the hardware inside the card to sign the message and return a signature to the requesting device. The requesting device must send the signature to a Government server in order to timestamp the signature and verify that the person who signed is the person they claim to be. The message itself does not need to be sent, just the signature and the hash of the message.
When your card is used to sign a message, you’ll get a notification through the app on your phone. Allow for some short timeframe (perhaps 24 hours) when the signer can cancel their signature without excuse, so that unauthorised signatures can be quickly caught and cancelled and the damage limited. If your card is lost or stolen, reporting it as such will revoke the corresponding key on the database and any messages purportedly signed after the revocation date will be invalid.
This set-up would also allow for 2FA to be implemented easily by using a simple PIN scheme where users configure a PIN in advance and this PIN must also be reported to the server in order for the signature to be regarded as valid.
Time for the US to bite the bullet and do that with SSN cards.
It’s already being used as an ID, even if the inventor didn’t intend for it to happen. Just put up a picture and a smart chip on it.
The social security number can really be retired altogether. There already exists a form of national identity card in the US, and it’s called the passport card. It contains all the information found on a passport except the visa pages, contained in the form of a smart card. It already has RFID capabilities. The only thing is that passport cards are not universal, but they can be if they are made free and the Government phases out social security numbers for passport card numbers in all contexts.