The fatal flaw of all biometric (or cognitive) identity validation is that once its signature is stolen it is unusable for that individual again. Hence, the system eventually makes it more difficult to verify identities, particularly valuable identities, as the system’s records are progressively compromised. This flaw is not discussed (or is minimized) by purveyors of identity security systems. Informed security experts are well aware of the threat of extremely well-funded foreign national, foreign corporate and organized crime to crack into any targeted repository of identity records given sufficient time and incentive. Hence any viable system for identity validation must deal with this critical flaw.

I propose three primary ways to counteract theft of biometric identity records:

   1.    No central repository

   2.    Biometric data converted to encrypted key at source, never shared

   3.    Voting between identity processing centers

My design would have multiple levels of security as well as redundancy. It could utilize all current and future biometric fingerprints. The elegance of my idea is the biometrics never leave the individual. Only a shared key generated from the individual’s one or more biometrics is supplied to multiple international security processing centers. These centers are funded and managed internationally by both federal and private agencies. At the lowest level (sufficient for a $200 cash register purchase) no validation of the key is done. A cell phone or other near field device uses the personal biometric device to approve a purchase. At the highest level, the personal biometric collects votes from multiple repositories that have registered its intermediate key. If any vote fails to confirm the device, it immediately regenerates its key and announces the requirement to the repositories that it be re-registered.

The frequency of required re-registration would depend on the desired security level. A short frequency absolutely assuring that all repositories of the associated key could not be simultaneously stolen. The flaw of my design is that it requires the individual to be present to initiate a new biometric registration. This works fine in secure military and institutions. It does not lead itself well to micropayments. This is the primary reason for providing a hierarchy of security levels. Low levels being similar to finger prints, medium levels to a birth certificate, and at the highest security levels the security is higher than has ever been achieved anywhere.

Since the biometric data is managed by each individual, it is impossible for any agency to gain control of a significant number of the devices. This provides the most robust protection of biometric data possible. The individual’s biometric device would contain failsafe destruction of its memory if the device is requested to provide its key (composed of multiple actual biometrics) without the biometric owner confirming with one or more biometric signatures. USB sized devices are already capable of reading eye, finger print, blood vessel, or voice. My design would combine these signatures (or future biometric technologies) to generate an extremely robust encryption key. If today’s technology is not yet capable of combining all these functions into a USB key size or smaller, it soon will be, at a cost of less than $100 each. Within 10 years it is likely to decode your DNA at that price.

We should not be yielding our biometrics to other agencies. We should maintain them ourselves and still gain the security of their unique description of our identity via a personal biometric device