Aug 22 2011

Why aren’t Social Security numbers cryptographic public/private keys?

Published by at under technology

I’m not a security person and I don’t know what I’m talking about. Stories about children’s Social Security numbers being stolen and used without detection until they come of age and other similar tales are legion, and the problem is almost always Social Security numbers lying around unsecured at some service provider or company.

What if instead of using a single number, you protected a private SSN key, signed a token with it, and provided your public key and the token to whoever it is who thinks they need SSN verification? If you’re applying for a loan, you would send the bank this signed token, and they could verify your identity with your public key. Then if your bank was hacked, they don’t actually have your private SSN or the ability to generate new tokens with the information they’re storing. I guess you’d have to make sure that whatever was signed with the private key was unique to that institution though, so that the exact same signed token wouldn’t be accepted by someone else.

People may still leave their private SSN lying around, but it seems it would be significantly more secure than the current system of spreading it among a large number of organizations, where you are vulnerable to the security practices of the weakest link.

Problems: everyone needs a computer, so it’s not as accessible to the general public. Could you make the private key a physical object and have some kind of cheap handheld device for signing a hardware token the bank / doctor / etc sent you, which you would then send back? You’d have to guard against counterfeit signature devices, but maybe the SS administration could send a trusted signature device with your physical SSN key?

Now maybe there are issues with something like this when the service provider is trying to use your SSN to query 3rd parties. For instance, a bank wants your SSN so they can turn around and query credit reporting agencies, so your signed token from the bank wouldn’t mean anything to the third party. However, the bank could get the unique token from the credit reporting agency, and hand it to you to sign, then hand it back to the agency for the credit history perhaps?

I’m not sure how workable something like this would be, but it certainly seems like there must be some scheme which would work better than the current system.

One response so far

One Response to “Why aren’t Social Security numbers cryptographic public/private keys?”

  1. evan t says:

    I just had this same idea. I think there would have to be a trusted intermediary for this to be feasible though. Too many DB’s built on having the actual SSN.

Leave a Reply