Customer Utility Bill Authentication – CUBA
CUBA is a new service that will reduce the ability to create a fraudulent identity based on faked
credentials and documents such as utility bills and statements.
The Challenge
The challenge in enrolling a citizen to an IDentity Assurance Provider (IDAP) is that it requires the
citizen to provide three types of credential for authentication; driver’s license/passports, financial
statements and utility bills, not all of which are easy to verify. At present these documents are sent
to citizens in a multiplicity of formats. They are not machine-readable and there is no common
method which everyone can use to check their authenticity. As a result it is fairly easy for a
fraudster to fabricate a utility bill and use it in support of a fake identity. One way of solving this
problem might be to require utility providers to store digitally signed customer or citizen data in a
central registry to which everyone can refer to check credential provenance, a similar approach to
that proposed by the NHS for patient records. The problem with this is that it creates a huge target
for data abuse and puts customer data into the public domain which would require their consent.
The Solution
A simpler, more effective and less costly approach would be for utility providers to ‘notarise’ bills
and statements to make them portable for citizens and verifiable by IDAP providers without the
need for a central data registry or any data aggregation which would potentially threaten data
privacy and create a single point of failure. This can be achieved by using an independent trust
authority such as Codel’s digital notary to fingerprint data and store only the digital fingerprints of
data in a searchable registry. Data can then be shared in an openly agreed format (see W3C XML
signature syntax) and anyone can refer to the registry of digital fingerprints to verify the documents.
This service should also allow issuers to update the status of previously notarised documents so that
verifying parties are notified if a document is valid, out of date, revoked, withdrawn or superseded.
To make this type of service user friendly, it is possible to provide utility bills, either in paper or
electronically, that carry a two dimensional QR code that encapsulates some or all of the relevant
data carried within the document itself, (which is also notarised for authenticity and so that it can’t
be faked) and which can be scanned using a smart phone or web camera to automatically extract
and verify the content. The data can also be carried and communicated as an electronic notarised
dataset, without the need for a QR Code, but providing the notarised information in both formats is
desirable because it allows everyone to be included – even those who do not have a mobile phone because those not on-line can be enrolled by third parties or a near relation, and all that is necessary
to verify the document is the necessary scanning capability. The following is an example of what
might appear when a document is verified;
Customer Utility Bill Authentication – CUBA
Codel Digital Notary
For absolute trust, the digital fingerprint registry
needs to provide accountability and proof that
data cannot be changed without detection. Codel
achieves this by openly publishing audit trails of all
its own data and transactions in the public domain
(once a week in the Financial Times). There is a
demonstration of how this works here. A full white
paper showing how Codel’s notary service works
can be found here and the following diagram
shows how the CUBA service works;
Research shows that there are approximately 40
utility providers who, were they to implement this
new service, could provide the trust in credentials
at the time of enrolment. This allows the IDAP to
rely on these credentials and raises the level of
trust they can invest in them.
About the Open Identity Exchange
The OIX is a not for profit organisation that
develops and registers trust frameworks: prenegotiated sets of business, legal, and technical
agreements that provide mutual assurance that
online transactions can be trusted. As such, it is
well placed to promote services that enhance
global trust, provided they are built on sound
principles. OIX is technology agnostic, that is to say
it does not recommend any one particular
technology, neither does it object to commercial
propositions
provided
they
satisfy
OIX
requirements for accreditation, transparency and
trust.
Summary
The potential benefits from providing a searchable, 24-7 accessible registry to which everyone can
establish utility bill provenance, in real-time to support identity enrolment, are huge. Once a utility
bill is Codelmarked, its provenance can be established in perpetuity and its validity in real time. This
service will reduce the ability to fraudulently get a false identity and reduce the costs of verification.
As more services are delivered online, industry and government can have far greater confidence in
the identity of the citizens they are interacting with.
Codel is working with major utility providers who benefit because it simplifies their own Know Your
Customer compliance requirements and reduces costs; IDAP providers to simplify enrolment; the
OIX to better scope the service for government; and also on an application for citizens to create
aggregated access to utility data, allowing single key-stroke update of personal information and
control of how much data is disclosed or shared.
If you would like to participate please contact martin.rice@codelmark.com , tel; 07970636534