Content
@
0 reply
0 recast
0 reaction
Dan Romero
@dwr.eth
How do the apps that scan the NFC chip in a passport to ZK proof prevent fraud?
5 replies
2 recasts
27 reactions
tldr (tim reilly)
@tldr
cc @web3pm
1 reply
0 recast
1 reaction
Dan | Icebreaker
@web3pm
@dwr.eth https://withpersona.com/blog/nfc-e-passport-verification-guide https://docs.rarimo.com/zk-passport/biometric-passports-101/ NFC chips have a token ID (in addition to an optionally incrementing nonce) that can be used as a unique identifier Within the context of a single app, you can create a zk scheme where you can detect duplicates of the same passport being used for multiple proofs, without revealing the ID. This is harder to pull off across multiple apps however while preserving zero-knowledge without coordinating ahead of time to use a consistent way of detecting duplicates Also note that with persona, they force you to also take a picture because they are comparing the NFC scan itself against the physical passport. I haven't dived into how you guarantee authenticity just from the NFC scan itself- not sure there is a way to validate an authentic NFC scan if you do not trust the user without querying a third party (e.g., issuer) for verification that a particular tap is valid
1 reply
0 recast
2 reactions
Dan Romero
@dwr.eth
> I haven't dived into how you guarantee authenticity just from the NFC scan itself- not sure there is a way to validate an authentic NFC scan if you do not trust the user without querying a third party (e.g., issuer) for verification that a particular tap is valid Right, so this is the issue. If I'm sophisticated enough, I can create a fake NFC tag and physical document for the photo. There's no API to ping to see if John Doe with SSN XXX-XX-XXXX in USA is a real person.
2 replies
0 recast
2 reactions