for the time being). In the simplest of cases, possession of the credential establishes the differential identity of the credential bearer (presenter) in the eyes of the credential receiver. Of course, when physical possession is all that connects the credential token to the bearer it means that when the token passes to a new person, that person assumes the differential identity of the person that the token actually represents. To avoid this, we need more sophisticated methods of tying the token to the token bearer. So, while possession of a token with a name on it is a fairly straightforward paradigm, unfortunately its use requires that we answer the question “How do I know that the correct person is in possession of the token?”

Before we answer this question, let it be said again that probably the foremost challenge of any identification system is to properly separate the differential identity, which is a counting mechanism, from the experiential identity, which is an information mechanism. A differential identity without experiential identity does not carry private information in and of itself. Any experiential identity, on the contrary, is subject to privacy concerns. We have tried to be most careful on this. Also, the center of privacy lies in the link that can be made between experiential identities and a single differential identity. To emphasize the importance of this point, let’s consider again the example of the number carved on the apple. We discussed the fact that we don’t want to use this number as an identity index. We explained why by presenting the possible privacy issues of a person with leukemia; we showed that by using discrete identity indexes, the person could selectively disclose her private information according to the situations she was considering. We want to emphasize a point that we made earlier. While there are many ways to actually carve numbers or other indicators on a person, the most obvious one is the tattoo; obviously, such approaches always incur concerns about privacy. For example, using a tattoo as a differential identity marker is a total invasion of privacy since it would typically also be used as an identity index, and the indexed information about the individual could be traced back immediately to that individual. That’s why we react in horror to the physical marking of prisoners. Commingling identity indexes and differential identity markers destroys the notion of privacy.

Many more socially acceptable mechanisms have evolved for divining markers that are closely associated with a person. Among these are signatures, pictures or perhaps secret passwords or Personal Identification Numbers (PINs). All of these approaches are variants of identity establishing credentials. Each is plagued with significant trust deficiencies. For example, signatures are rather easily forged and they can be affected by the emotional state of the writer. Pictures are often ambiguous and with current digital photography facilities they can be fraudulently modified. There are lots of scams in play to capture personal identification numbers. Thus, it is the case that differential identity authentication based purely on credential systems is fraught with opportunities for counterfeiting, fraud or other forms of identity theft. What then is the most effective means of establishing a differential identity marker? Well, to guide us in answering that question, let’s consider some characteristics that we would like to find in a solid marker.

It is absolutely essential that the marker be unique for every individual. This suggests that we must be able to define unique markers for the six or seven billion people on the earth at the present time, and for many billions more that will exist in the relatively near future. So, to be somewhat safe, let’s assume that we need at least one hundred billion markers. Put another way, a marker must be unique to one part in one hundred billion. Next, given that we want to establish the differential identity of a person over their entire lifetime, we expect a marker to be immutable for that period. It will be necessary for the marker to be very closely associated with a person. In fact, the marker may actually already be part of a person. In this case, any equipment necessary to capture the marker or the value of the marker must be non-invasive to the human body. To give a

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)