Search

Blockchain and Digital Identity

Many initiatives and steps have already been taken towards improving identity and identification in the business world that try to incorporate Blockchain as a disruptive technology.

Blockchain Digital Identity will secure decentralized online user transactions (Photo by @carsonarias on Unsplash)

The truth is that the traditional identification problem through centralized entities has not achieved everyone's needs. Personal identity is one of the Fundamental Rights recognized internationally by a vast catalog of norms and agreements. For example, you can read The European Convention on Human Rights (arts. 7 and 8) in the Universal Declaration of Human Rights (art. 12).




The problem


The importance of an individual to own his identity is undeniable. Without a valid form of identification, effective social participation would become impossible simply because you can't prove who you are. However, there is a considerable amount of problems concerning this issue. All this information is generally centralized in servers and databases, which leads to some challenges:


  1. Those centralized entities would be the only ones empowered to issue and validate those identities to the subjects they choose under the conditions they stipulate. According to the United Nations, around 1.1 billion people worldwide do not have a proper way of claiming ownership of their own identity.

  2. These entities may be incorrectly using our personal information. Think of Social Media. To use their platforms, you have to register (create an identity) in their systems. As users, we are renting our identity to these agents without even having ownership over it. We enable these entities to sell and license our personal information to third parties.

  3. Identity theft: Security breaches are currently one of the biggest threats that affect the companies that store our personal information in their IT infrastructures. In addition to this, we can verify that in many cases, some "untrusted third parties" may not always act in a legally established manner when sharing our data with other actors. In many cases, data custodians do not correctly notify users about mismanagement or theft of our data.




Blockchain and Privacy Regulations


Blockchain technology in this scenario could solve all these problems since it provides its participants with a potential never seen before, even creating the possibility of closely controlling their data (including monetary transactions) on an unprecedented level. Three defining characteristics of this technology are:


  • The blocks that contain information, generally encrypted, cannot be easily replicated without a consensus from the Network.

  • Blockchain allows the creation of an immutable record.

  • Some digital processes can also be considered immutable since they would be recorded in the distributed ledger. Any participant in the Network would have an available and updated copy downloaded to their computers.


Suppose one organization needs to verify our identity. In that case, we as operators directly implied in our data management can allow these entities to verify our identity and access to personal information with our explicit authorization.


Blockchain does not resolve everything. One of the main regulatory problems is that users have the right to access, rectify, and delete their data. These rights relate to the well-known problem, at least in Europe, with the "right to be forgotten." Some regulations collide with the blockchain property of immutable data (modification or deletion). Another problem is data localization. Some European laws demand personal data be localized under specified jurisdictions. We all know that blockchain data is distributed across all participating nodes that are spread worldwide.


However, some recent developments seem to resolve the deletion/edition problem once the Blockchain nodes have recorded it. They are using a hashing procedure over the block contents. Public/private key pairs are created when a new block is being made, repeating the same process of "hashing" the information, empowering the new block's creator to delete or modify the content within it. Unfortunately, these solutions are not yet proven.


Another option is rewriting the Blockchain's information through a so-called "fork," which is a consensus of most nodes to create a new version of that Blockchain that includes the changes. After the fork, everybody must use the latest version instead of the original. This solution would be feasible if we're dealing with private Blockchains. In public Blockchains, the organization responsible for managing users' personal data disappears, and an agreed fork to edit data is almost impossible.



Digital Identity requirements


All based digital identity systems in Blockchain or DLT should first put the personal data owner's interests on the parts that third parties may have on them. Participation in any Digital Identity system should not be mandatory but voluntary: at all times, the user should delete her profile completely. Otherwise, the very basics of building the idea of ​​self-sovereign digital identity (SSDI) breaks.


As established in the applicable regulations for protecting personal information, users must give their explicit and informed consent.


The use of the user's data by a third party should be preceded by the clear and straightforward provision of what data are intended to be used, how they will be used, and which third parties will have access to them.


Software developers should structure the identity systems so that the privacy of users is enforced by default. That is, the software should be designed, taking into account security from the ground up, using the best cryptographic tools available like zero-knowledge encryption.




Some Digital Identity initiatives


Some people are trying to resolve the problems of Blockchain and digital identities. These are evolving projects, and not all of them will survive regulators scrutiny, but it's worth to know some of them:


Sovrin

it is a global decentralized identity network. Sovrin provides the missing internet identity layer. They enable individuals and organizations to create portable, self-sovereign digital identities that they control.


The Sovrin Foundation governs the Sovrin Network. The nodes that make up this Network are managed by third parties and approved by the Foundation. The information can be stored on the Blockchain or pointed to another storage.


Sovrin uses their proprietary consensus algorithm called Plenum, and they claim that it can process thousands of transactions per second.


Civic

Run by Vinny Lingham seeks to turn CIVIC into the global decentralized digital identity platform. They offer each member $1M insurance against identity theft. Civic can be used for digital processes such as shopping, secure digital identity, and voting.


User's information is stored on their devices and not on the Blockchain or a centralized database of the company. This scheme is a two-way benefit. Due to the different jurisdictions' privacy laws, no one can sue the company as they do not have any personal information under custody.


The IDs generated by Civic are revocable. The authentication process is between the user device and the app or service used.


SmartID

It is a project based on Ethereum and led by the private consulting and financial services firm Deloitte. SmartID stores the person's information, including their birth certificate, passport, or driver's license, within a Smart Contract. All the personal data is hashed and is this hash what's used as the user identity. In future versions, the user may be allowed to hash parts of their identity or specific documents to control how much personal information they want to share and with whom.


Serto

It is a secure, easy-to-use system built on Ethereum for a sovereign Blockchain digital identity. Serto is based on the concept that the Blockchain is already a decentralized certificate authority, maintaining the relationship of identities and public keys.


NEMid

This project seeks to provide an authentication service without logins on compatible sites. They currently only have a desktop client for MAC and Windows.


Conclusion


Self-sovereign digital identity is an evolving project that demands participation from governments, private companies, and, of course, people. Since technology and blockchain plays a fundamental role in digital identity management, the software developments must use state of the art software to handle with ease the trade-off between user privacy and security and the ability to operate on open networks. Collaboration between different jurisdictions is essential to provide interoperability across different regions.

  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • RSS

SUBSCRIBE TO THE NEWSLETTER

SUBSCRIBE TO THE NEWSLETTER

The advice provided on this website is general advice only. It has been prepared without taking into account your objectives, financial situation, or needs. All statements made on this website are made in good faith and we believe they are accurate and reliable. This website disclaims all and any guarantees, undertakings, and warranties, expressed or implied, and shall not be liable for any loss or damage whatsoever (including human or computer error, negligent or otherwise, or incidental or consequential loss or damage) arising out of or in connection with any use or reliance on the information or advice on this site. Before acting on this advice you should consider the appropriateness of the advice, having regard to your objectives, financial situation, and needs. Where any product(s) is/are detailed on this website, you should obtain a Product Disclosure Statement relating to the product(s), consider its contents and obtain professional advice before making any decisions. The information on this website is not a substitute for financial advice. Past performance is not indicative of future performance. Cardano™ is a trademark of Cardano Foundation, CHE-184.477.354, Dammstrasse 16, 6300 Zug, Switzerland, in Switzerland and other countries.  Copyright © 2020 by Vantica Trading. All rights reserved.. Madrid  Spain.

We receive, collect, and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile. Our website is hosted on the Wix.com platform. Wix.com provides us with an online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall. All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers... Please read our complete  Privacy Policy.

© 2020 by Vantica Trading,