What is ID-PKI?
When you type a username and a password or you use your fingerprint, someone can capture that username or password or fingerprint as it's sent to the server.
In an ID-PKI system you don't send a password at all. Instead, when you send your ID, the server uses it to make a “proof puzzle” which it sends to your phone or computer.
The server says: “You claim to be Jane Jones. If you send me the solution to this proof puzzle, that proves that you have the isolated secret number that corresponds to Jane's ID. In that case you must really be Jane.”
If someone captures every bit of that exchange – the username, the puzzle, the whole thing – it will be of no use to them. Every puzzle made with that ID will be different. A solution to a previous puzzle is useless. So the first thing to know about ID-PKI is that it totally eliminates this common way that thieves break in.
Does That Sound Familiar?
Perhaps there's something about that ID-PKI explanation that seems familiar to you. If so, it's probably because you're familiar with site certificates, which stand behind websites whose address starts with https://. The technology of site certificates is identical to the technology behind ID-PKI. In the case of a site certificate, the site is proving its legitimacy to you; with an ID-PKI certificate you are proving your identity to the site.
Making ID-PKI work in the real world requires things that are not particularly technological, which is one reason why you haven't seen it so often. Technologists tend to know how to deploy technology better than non-technology. Authenticity is much bigger than technology, so it needs the involvement of people other than technologists.
ID-PKI requires reliable procedures and reliable enrollment professionals for enrolling people. It calls for a source of duly constituted public authority to qualify and license those enrollment professionals and hold them professionally accountable.
The City of Osmio is here to provide those much needed pieces that will bring the incredible capabilities of ID-PKI to the real world.