D2.3: Models

 

Identification

Description

The identification attributes represent a category that is used primarily as a “referent” to a person. Their main function is to provide support for linkability.

 

The name 

One of the most well known identifiers is the name. A name is a “label for a thing, person, place, product (brand name), and even an idea or concept, normally used to distinguish one from another” (Wikipedia). A person’s name is principally used to refer to a particular person. For instance, the name of a person can be used in an article to indicate who the author of a particular writing is, i.e. to create a link (or association) between a document and its author. It is also used in people’s communication (such as in a discussion) to make reference to a person that is not present. A name can also be used in Information Systems to reference a person.

Different names can be associated with a person such as a surname (inherited from the parents), given name (chosen by the parents), married name (acquired from the husband), nick name (chosen by close acquaintances), pseudonym (chosen by the person, and used to reduce linkability) or stage name (a particular pseudonym chosen by an actor to help separate his private life from his work life). 

 

Pure identifiers 

Other categories of identifier exist that are often used for non-human processing. A typical person identifier is for instance the ssn (social security number). The ssn is an identifier that is issued to people by governmental agencies mainly for managing people’s identification in their relationships with the government (and not only social security). 

 

Other attributes also used as identifiers 

It is important to indicate that other attributes that can be associated to the person can also be used as identifiers, such as biometric information. 

 

More detail on identifiers can be found in FIDIS WP3, with deliverables related to identification and authentication. 

 

Examples of attributes

1. Name

   1. First name or given name 

   2. Last name 

   3. Married name 

   4. Maiden name 

   5. Nick name 

   6. Pseudonym 

      1. Stage name 

2. Identifier 

   1. ssn (social security number) 

   2. Login 

   3.  used as identifiers (identifier is only a secondary function)

      1. Biometric attributes 

      2.  Etc.

 

 

Application domains

The identification attributes appear in every application domain (for instance the name of a person is present in almost every user model). These attributes have however a very central role in applications that focus on authentication and identification, such as applications which function to manage access control (such as a passport or other ID cards) or applications concerned with the management of contacts (business cards). 

An example of the use of an attribute: the ssn (social security number)

Governments in general tend to make their habitants identifiable for different reasons. Several techniques for this purpose exist, as well as different legislations in various countries which imply different types. For the purpose of giving concrete examples, we will focus here on ssn implementation in three different countries, namely Switzerland, the US and France, and specifically what information is coded in the ssn. 

 

The ssn in Switzerland 

In Switzerland there is in fact no nationwide identification number available at the moment. This is the case for several reasons: first the federal structure of the country, second no one is obliged to possess either a passport or identity card, but also because many citizens are opposed to such a unique number in general. Notably however, there are plans for a unique number to be used for health care. At the moment, the only thing close to a unique identifier for people is the social security number (called AHV). This is a unique number attached only to persons who receive income and is delivered to the person usually when he/she starts employment. Hence only part of the population has and is therefore identifiable by such a number. Further, depending on different reasons, this number changes with time (marriage, change of name, sex, nationality, etc.). The number is used for different purposes, mainly for contacts between people and governmental agencies, and not only social security. Rarely is it used in the private sector. 

Technically, the number consists of 11 digits, from which information about the holder can be deduced: Consider for example the number 123’45’678’113. The first three digits (123 in the example) depend on the name of the holder, beginning with 100 for names between “A” and “Abi”, with 101 for names between “Abi” and “Abl”, and so on. The next two digits (45 in the example) denote the year of birth, the following three (678 in the example) the day and month of birth as well as the sex of the person, where roughly the first one denotes the quarter of the birth (1-4 for male, 5-8 for females) and the other two the day in the respective quarter. For example 678 means that the holder of the number is female and born June 16th (i.e. the 78th day of the 2nd quarter). The next two digits (11 in the example) are a running number delivered by a central office in Switzerland in order to differentiate between persons having identical first 8 digits. The second of these numbers tells if the holder is a Swiss citizen (numbers between 1 and 4) or foreign citizen (numbers from 5 to 8). The last digit is a weighted check sum used to ensure the integrity of the number when used and depends on the other 10 digits.

 

The SSN in the US 

A concept very close to the Swiss one exists in the US, the SSN (Social Security Number). Each person over 18 who receives income must have an SSN, although it is possible for anyone, including children to have one. In the US, the SSN is used in a variety of sectors besides social security, for example for opening a saving account; hence a large part of the population has a SSN. The SSN does not change in the person’s lifetime (besides some very rare cases), only the physical card carrying the number is replaced, e.g. when changing name because of marriage.

Technically, the SSN consists of nine digits which decompose into area numbers (3 digits), group numbers (2 digits) and serial numbers (4 digits). The area number relates to the state the application for the number comes from. The group numbers are used to “break” the area numbers into different pieces following a specific scheme. The serial numbers run through 0001 to 9999 without further information contained therein. Hence there is almost no information about the holder contained in this number. Some ideas about the age might be gathered from the group number. 

 

The SSN in France 

The French Social Security Number contains information, that is clearly readable, about the user. The first digit stands for the gender (1 for male and 2 for female), then comes two digits for the year of the birth and two other digits for its month. The next two digits represent the department of birth (one of the 95 administrative subdivisions of the country). The three next digits represent the city of birth and the last three digits are for the rank within the register of births in this city. It is therefore possible to know precisely the sex and age of the SSN holder, and from which region he or she comes from.

 

The differences 

What is the difference between coding lots of information in the AHV-number (like in Switzerland) opposed to coding almost no information in the SSN (like in the US)? There is on one hand the problem of data protection: everyone in possession of the AHV number can deduce all things described above, e.g. age, sex of the holder. This information is not protected. On the other hand, everyone can – at least to some degree – check if some number really belongs to a person claiming to be its owner. Typically this is done by cross referencing data contained in some other credential like a passport (containing name and date of birth) with the info contained in the AHV number. On the other hand, the SSN allows the holder to not disclose any information about himself. Clearly this raises the problem of SSN falsification, fraud detection, etc.  

 

Relevant standards and specifications

Most standards specify some attributes which have identification as a principal role. For instance the name of a person, if present, is the major representation specification in LDAP, vCard, HR-XML, IMS-LIP, JXDM, etc.

Some specifications are however addressing more specifically the identification dimension, and in particular provide more sophisticated “identification attributes”. 

Such specifications include: LDAP (directory services); vCard (the digital business card); Liberty Alliance (and Microsoft Passport); JXDM (global Justice mark-up language). 

More specifically, LDAP schema includes the “identification attributes” password and user certificate, and JXDM (used in the US) includes an attribute that is used to specify many (14) assigned ids of a person (SSNID, TaxID, DriverLicenseID, FBIID, StateID, AFISID, OtherID, RegisteredOffenderIndicator, FirearmSalesDisqualifiedIndicator, LicenseID, GeneralLedgerID, PersonHumanResourcesID, PersonVendorID, PersonNationalID). 

Finally, it is important to mention biometrics attributes (presented in the next section), whose function is essentially to contribute towards identification. 

 

 

12 / 53