6Sense: Generating New Possibilities in the New Internet.
Produced by: IPv6 Summit, Inc.

Ubiquitous Identification using IPv6
By Luis Gopez
CEO, InfoWeapons, Inc.

Luis Gopez
InfoWeapons

As New Internet (IPv6) technology adoption gains momentum, we are seeing a convergence of information services growing in parallel with the convergence of network access onto the IP model. IP-based addressing is fast becoming the ubiquitous standard for connecting devices, and information, too, is moving from diverse storage types and localized access systems to IP-based directory and storage services.

IPv6 addresses, because they are globally unique, can serve as a starting point. The protocol is flexible and secure enough to allow it to work with other technologies to create an all-around, always-accessible data repository and authentication system using components that already exist. The good news is that some groups that have committed themselves to making viable IPv6 products and services are already working on just this very idea.

IPv6 ID
 There have already been other efforts to tie in different types of personal information to a single, efficient and widely-deployed addressing system. The current Domain Name System (DNS), for example, has begun to integrate Electronic Numbering (ENUM), which supports the E.164 global telephone numbers. This allows DNS nameservers to create subdomain names for telephone numbers within the e164.arpa domains, and associate other information with these domains, such as multiple e-mail addresses, addresses for SIP/VoIP phones, web URLs and more. Since DNS is used all throughout the Web, it is a good idea to associate such diverse data with such an accepted directory system. ENUM allows the most common communications address — a telephone number — to become an identifier that can be used across multiple devices and services.

Taking advantage of IPv6, however, opens up new possibilities and can take ENUM farther than it is presently used. The unimaginable number of available IPv6 addresses, along with the security and mobile networking built into the protocol, makes an IPv6 address an ideal focal point for gathering and managing all sorts of personal information. And because IPv6 is part of the infrastructure upon which the New Internet is being built, it will be ubiquitous — cheap, widely used and readily available.

A full, 128-bit, valid unicast IPv6 address is difficult to spoof and could be used as a vehicle for authentication. When a network node with a valid unicast address sends out data packets, the packet is stamped with a source address and a destination address. Now, the first 48 bits of that packet's source address must be the same as the first 48 bits assigned to the network of which the node is a part. If not, the border router will not route it to the Internet. Furthermore, only those packets with a destination address that contains the first 48 bits of a destination network's address can enter that destination network. So while it is possible for hackers to use bogus border routers that allow packets with spoofed source addresses out of their networks, the replies to such spoofed source address packets would end up going to the real owner of the address, not to the hacker. Such unsolicited network traffic would be a dead giveaway and alert administrators to spoofing attempts.

Going Mobile
 Mobile IPv6 gives this system even more flexibility and is the key to its ubiquity and usefulness. Users who change network access points (and thus local IP addresses) can still make use of this IPv6 identification method, no matter where they are. Mobile IPv6 allows a mobile user to always be reached via his IPv6 Home Network address, which always remains the same regardless of the user's current point of attachment to the Internet. That user can also use that Home Address as an IPv6 ID, or associate it to another IPv6 address used as a published IPv6 ID address.

A digital authentication scheme can be tied to a user and IPv6 address to enable users to identify themselves to their home networks — or to any device or authority that accepts such authentication. This will turn IPv6 addresses into globally unique, non-replicable identification tokens.

IPv6 ID Applications
 Thus, a unique IPv6 address assigned to every person or user profile can be used to access and distribute personalized data streams. User viewing and listening preferences, for example, can be accessed by authorized video or audio servers to tailor their output to suit a user. On a more serious note, news agencies can offer personalized news feeds directly to designated IPv6 devices associated with an IPv6 ID.

Even online communities and massively multiplayer gaming stands to benefit from such a scheme, since user profiles and saved data can be accessed securely from anywhere using an IPv6 ID. This is far more secure than the simple username-password methods in use today. This built-in ubiquity will open the way for wide acceptance among all network users. Unlike other systems like RFID cards, which are localized and used only for specific purposes, an IPv6 ID can not only be used for a great many purposes, it can also be accessed and referenced by practically any IP-based device anywhere on the Internet.

Building the Future
 Of course, for all this to work, the necessary infrastructure must be built. At the very least, a distributed public directory service is required. It also has to be secured. Applications have to know how to make use of such associated information, so as to implement identity verification for various transactions and data streams.

Fortunately, none of this is unattainable Star Wars technology. The components already exist today. All that is needed is for visionary action to put this all together and make a ubiquitous IPv6 ID system a reality. And those who move first and find ways to create services and products that take advantage of this idea can corner the market in this wide-open field.

What is needed now is an IPv6 ID Authority, perhaps similar to existing Certificate Authorities that can maintain an authoritative, secure and trusted database of IPv6 IDs. That will be coming because some of the best minds in IPv6 are working on it, even as this article is being written. And it's a good bet that it will be accepted. A ubiquitous, easy-to-use IPv6 ID will probably be a reality a lot sooner that some of us think.