Gimel ID Technologies is building a custom biometric device, called the Gimel Device. In the following we explain the building blocks for an effective proof of personhood mechanism:
and how they are implemented in the context of Gimel ID.
Deduplication
The hardest part for an inclusive yet highly secure PoP mechanism is to make sure every user can receive exactly one proof of personhood. Based on the previous evaluation DNA biometrics are the best means to accurately verify uniqueness on a global scale.
The other potential error inherent to biometric algorithms is the false acceptance of a user. The false acceptance rate is largely dependent upon the system's capacity to detect presentation attacks, which are attempts to deceive or spoof the verification process. While no biometric system is entirely impervious to such attacks, the important metric is the effort required for a successful attack. This consideration has been fundamental to the conception of the Gimel Device. Developing the Gimel Device has been a decision that has not come lightly. It is representing a high-cost endeavor. However, from first principles, it has been required to build the most inclusive yet secure verification of humanness and uniqueness. The Gimel Device is being designed to verify uniqueness with high accuracy, even in hostile contexts where the presence of malicious actors cannot be excluded.
To accomplish this, the Gimel Device will be equipped with every viable intelligence that transforms individual DNA data (e.g. in FASTA files) into a unique ID information, leveraging proven hash mechanism (like Keccak256) as well as distributed matching algorithms which are complemented by a suitable cybersecure accommodation. This will be enabling the device to differentiate between fraudulent attempts and legitimate human interactions with a high degree of accuracy. The Gimel Device will be further equipped with a powerful computing unit to run several neural networks concurrently in real-time. These algorithms will be operating locally on the Gimel Device to validate humaneness, while safeguarding user privacy. While no hardware system interacting with the physical world can achieve perfect security, the Gimel Device is being designed to set a high bar, particularly in defending against scalable attacks. The anti-fraud measures integrated into the Gimel Device are being refined constantly.
Authentication
Authentication seeks to ensure that the legitimate owner of a Gimel ID issued by the Device proofs herself to be the legitimate and can authenticate themself beyond proving that they own the keys. This plays a critical role in preventing the selling or stealing of Gimel IDs. Within the scope of Gimel ID, there are two process phases to be considered. Selecting the appropriate proof mechanism is up to the issuer as each credential offers varying degrees of assurance and friction. As typically the Gimel operator can be the issuer, the assignment of such operators needs a diligent accreditation.
Selecting the appropriate authentication mechanism beyond issuing, i.e., by the verifier as each credential offers varying degrees of assurance and friction. For example, to protect the Gimel ID on the wallet a face-based authentication works like Apple's Face ID.
Gimel Token’s security features are being inherited from web3 like Ethereum. E.g., Ethereum is a community-driven technology that drives thousands of decentralized applications.
Recovery
The simplest way to restore Gimel ID is via a backup. Social recovery will not be implemented as first step but is likely to be explored in the future. The most important recovery mechanism for Gamma-based proof of personhood is re-issuance. If the user has lost access or the Gimel ID has been compromised by a fraudulent actor, individuals can get their Gimel ID re-issued by returning to the Gimel Device, without the need to remember a password or similar information. It is critical to understand, however, that the recovery facilitated by biometrics exclusively refers to the Gimel ID. Neither other credentials held by the user's wallet nor the wallet itself can be recovered, due to security considerations.
Revocation
In the event of a compromised Gimel Device, malicious actors could theoretically generate counterfeit Gimel IDs . If it is determined by the community that an issuer is acting inappropriately or a device is compromised, the Gimel ID community in alignment with the prevailing governance structure, can "deny list" Gimel IDs linked to a specific issuer or device for its own purposes, while other application developers can implement their own measures. Users who inadvertently find themselves impacted can simply get their Gimel ID re-issued by any other Device. Details around the revocation mechanism are being backed by the requirement of decentralization.
Gimel ID value proposition (click to zoom)
Expiry
Even in the absence of tangible fraudulent activities, a device could retrospectively be identified by the community as vulnerable, or simply as having outdated security standards. In such instances, in line with the governing principles of the Gimel ID community, Gimel IDs can be subjected to a set expiry. This essentially amounts to a revocation process but with a predefined expiry period that affords individuals ample time for re-verification, such as one year. Further, in accordance with its governance, Gimel ID community could eventually decide to expire verifications after a set period to further strengthen the integrity of the PoP mechanism in the interest of all participants. However, such period should be in sync with DNA diagnostics cycles, if any.
Please share and contact us: