LAUSR

A leading cause of Identity Theft is that attackers get access to the victim’s personal credentials. We are warned to protect our personal identifiers but we need to share our credentials with various organizations in order to obtain services from them. As a result the safety of our credentials is dependent on both the ability and diligence of the various organizations with which we interact. However, recent data breach incidents are clear proof that existing approaches are insufficient to protect the privacy of our credentials. Using a Design Science methodology, we propose a new technology, veiled certificates, which includes features that prevent fraudulent use of user’s credentials and provides a degree of user anonymity. We also incorporate biometric authentication so that service providers know that they are dealing with the owner of the credentials. Results of a bench scale test that demonstrates the feasibility of the approach are reviewed. We also suggest four major applications which could take advantage of these certificates.