I personally think a 3-factor system could work, but you'd never get the changeover to happen.
1. The government would have to invalidate all SSN numbers and re-issue them.
2. To re-issue, you have to go down to a govt office to pick up a smart-card like device (let's call it a "multi-pass" for s&g's) that would have built into it a keypad and a fingerprint scanner.
3. This person would validate you as you (perhaps you present your driver's license/id/passport/birth certificate), and issue you one of these cards and a reader device (for home).
4. The card device itself would have a unique value embedded in it, but otherwise be "blank". Perhaps the government might also have a copy of this value matched to your other info, for tax purposes (so, it would act like your SSN for tax purposes and such).
5. This value would come from a one-time programming, where in front of the official, you would scan your fingerprint, and enter your pin. The card would hash everything together, and burn the hashed value into the card's read-only memory.
6. So now - to verify your identity, you would need: The card (something you have), the pin (something you know), and your fingerprint (something you are). If one of these isn't present, you can't identify yourself.
7. To do a transaction, you'd need to slot the card in to your reader (if at home doing something online), or into a vendor's or bank's reader - then put in your pin and scan your fingerprint. It'll hash the values again, and compare with what is on the card, and output (the only output, mind you) "yes" or "no" for the question of "identification".
The downside to all of this is that if you lose your card, or your fingerprint changes, or you forget your pin (or some combo), getting a new card will be tough. But really all it should take would be another in-person visit to the same govt office - more or less.
I also admit that there are very likely other glaring flaws with this idea (beyond the fact that it won't ever be implemented because of the costs to switch over, and other issues). But I think it comes close to a potential solution.
As long as you have to be physically present and always use a reader of some sort, if you don't have any one of the pieces of info, you can't verify your identity:
1) You need the card, if you don't have that - no dice of course.
2) You need the fingerprint that was originally used - that's only going to belong to the person who originally picked and configured the card at the govt office.
3) You need the pin number - presumably only known by the proper owner of the card.
So if the card is stolen, that doesn't matter. If they chop off your hand or finger, that won't help. They'd basically have to beat the pin code out of your, chop off your finger, and steal the card. I'm not saying there aren't criminals who would do that, but they'd have to be in the minority. Plus, such criminals are not likely id thieves anyhow.
1. The government would have to invalidate all SSN numbers and re-issue them.
2. To re-issue, you have to go down to a govt office to pick up a smart-card like device (let's call it a "multi-pass" for s&g's) that would have built into it a keypad and a fingerprint scanner.
3. This person would validate you as you (perhaps you present your driver's license/id/passport/birth certificate), and issue you one of these cards and a reader device (for home).
4. The card device itself would have a unique value embedded in it, but otherwise be "blank". Perhaps the government might also have a copy of this value matched to your other info, for tax purposes (so, it would act like your SSN for tax purposes and such).
5. This value would come from a one-time programming, where in front of the official, you would scan your fingerprint, and enter your pin. The card would hash everything together, and burn the hashed value into the card's read-only memory.
6. So now - to verify your identity, you would need: The card (something you have), the pin (something you know), and your fingerprint (something you are). If one of these isn't present, you can't identify yourself.
7. To do a transaction, you'd need to slot the card in to your reader (if at home doing something online), or into a vendor's or bank's reader - then put in your pin and scan your fingerprint. It'll hash the values again, and compare with what is on the card, and output (the only output, mind you) "yes" or "no" for the question of "identification".
The downside to all of this is that if you lose your card, or your fingerprint changes, or you forget your pin (or some combo), getting a new card will be tough. But really all it should take would be another in-person visit to the same govt office - more or less.
I also admit that there are very likely other glaring flaws with this idea (beyond the fact that it won't ever be implemented because of the costs to switch over, and other issues). But I think it comes close to a potential solution.
As long as you have to be physically present and always use a reader of some sort, if you don't have any one of the pieces of info, you can't verify your identity:
1) You need the card, if you don't have that - no dice of course.
2) You need the fingerprint that was originally used - that's only going to belong to the person who originally picked and configured the card at the govt office.
3) You need the pin number - presumably only known by the proper owner of the card.
So if the card is stolen, that doesn't matter. If they chop off your hand or finger, that won't help. They'd basically have to beat the pin code out of your, chop off your finger, and steal the card. I'm not saying there aren't criminals who would do that, but they'd have to be in the minority. Plus, such criminals are not likely id thieves anyhow.