On identity theft life insurance scams and obscure database querying

There are so many potential threats that we are all vulnerable to, and we should strive to secure ourselves against them as best as we can. My attention has been drawn to how some terrible criminals may exploit identity theft, where personally identifying documentation that is replicated may be used to setup a life insurance policy that may benefit someone who becomes close, but whose intentions of doing so may be as part of wider organised crime. Some such organisations may be private commercial companies enabled with weaponised spy satellites, that may force a party to become close to a wealthy intended target. Once the policy is made the target is slowly radiated by an elusive satellite until they die of terminal cancer. Then the benefactor is in a position to claim. They may also be forced to tranfer to the original manipulator.

This is such a horrible thing to do anyone, so much that I want to suggest what might be done about it. It is in the interests of security and anyone with a conscience as well as insurance companies themselves, to consider adopting the following scheme.

Anonymous database record checking

If someone suspects that they are a victim of the above form of criminality, and they know what insurance company someone else may have registered them with, they should be able to contact it to confirm this or not. In reality though, we may not know what names of companies to look for, and it is not easy to check them all, and we may also be forced to submit too many personal details each time just to be able to check, which we should be reluctant to do again.

So... to avoid the chances of this from happening, would be useful to be able to query any companies database in a simple way, that was sufficient for you to check if you are within their records, but without revealing your name if you are not. For example, if a company has a database record in the following form:

FirstName | SecondName | DateOfBirth | Nationality | Fields134 | Fields1234
Icarus | Hymnus | 16-19-1984 | Doldrumus | 3131255f0f5511455d4543 | 33313030353731643532303834215f5d544b45554547

Where the fields Fields134 and Fields1234 are calculated using some hashing function applied to the character bytes making up each field-string within the record. (This hashing function might XOR the consecutive fields of the record. See http://xor.pw/).

The hashing functions,

F_1234 (Icarus, Hymnus, 16-19-1984, Doldrumus) = 33313030353731643532303834215f5d544b45554547
F_134 (Icarus, Hymnus, Doldrumus) = 3131255f0f5511455d4543

may serve a client as a query anonymiser to interface with the companies remote online database. More specifically a client web-browser could fetch Java script from the companies online web-server, and pass in the indicated personal data fields generating a hash value such as those above. This hash value could then be sent back to the remote company server which would check to see if it contains any records containing either complete or the incomplete hash record hash values, then it would send a response to the client indicating whether they are registered on the company database or not.

Someone who is suspicious could apply this obscure method of querying a database on all existing insurance companies to ensure they are not registered, which would prevent identity theft style murder scams.

So far this method is useful, but anybody who knows someone else's personal details could also make this check. A simple constraint might then be to ensure that the IP address of the querying client is national. A more thorough approach might involve a personal random number generator function offered by an online national passport control service but this complicates the static hashes within the DB table records.

If this scheme became universal, forcing all insurance companies to allow clients to obscurely query their databases, then a national regulation could be defined forcing all companies active within that nation, to have to correspond with a national interface. This would allow a client to make an obscure query through a one-to-many online interface, that would relay to many companies active within that nation, one or many of whom might give a response indicating that multiple insurance policy accounts had been setup with them.

Lastly, it would be useful to see if, after receiving a life insurance claim, benefactors subsequently transferred to yet another account. This would be suspicious.