VideoTicket: Detecting Identity Fraud Attempts via Audiovisual Certi cates and Signatures

Identity fraud (IDF) may be defined informally as exploitation of credential information using some form of impersonation or misrepresentation of identity, in the context of transactions. Thus, IDF may be viewed as a combination of two old problems: user authentication and transaction authorization. We propose an innovative approach to detect IDF attempts, by combining av-certificates (digitally-signed audiovisual recordings in which users identify themselves) with av-signatures (audiovisual recordings showing users’ explicit consent for unique transaction details). Avcertificates may be used in on-site transactions, to confirm user identity. In the case of remote (e.g. web-based) transactions, both av-certificates and av-signatures may be used to authenticate users and verify their consent for transaction details. Conventional impersonation attacks, whereby credentials (e.g. passwords, biometrics, or signing keys) are used without the consent of their legitimate users, fail against VideoTicket. The proposed solution assumes that identity thieves have access to such credentials.