Interview with Rudi Kesic: Blockchain in Digital Identity. In this interview, the second in a six-part series, Rudi Kesic, Chief Executive at Verify 365, discusses the challenges of fighting fraud in the post-Covid world, and how Verify 365’s latest innovations such as blockchain digital identity, automated client onboarding and NFC-biometrics are transforming the legal profession. Rudi talks about how the traditional identity verification systems of today are fragmented, and how the latest blockchain-driven technologies can enable a more secure management and storage of digital identities by providing unified, interoperable, and tamper-proof infrastructure with benefits to law firms and consumers. We kick off by looking at how the current digital identity technologies work.
How does Digital Identity technology work today?
Companies often collect sensitive information about their users and store them alongside less-sensitive routine business data. This creates new business risks with the rise of user privacy-centric regulations such as GDPR and the shifting industry focus to corporate IT responsibility. When these data are relegated to tight-lipped data vaults, they become less useful in driving product improvements and attaining true customer understanding. Only after receiving large fines or developing stronger IT capabilities will many enterprises pursue expensive and risky projects to achieve the right balance between data security and business needs.
There are about 7 billion internet-connected devices. This number is expected to grow to 15 billion in 2023 and 22 billion by 2025. In a still-nascent industry, most IoT technologies do not incorporate appropriate identity and access management capabilities, not unlike the early Internet which consisted solely of trusted institutions. Interconnected internet of things (IoT) devices and objects must identify sensors, monitors, and devices, and manage access to sensitive and non-sensitive data in a secure manner. Leading IT vendors have begun to offer IoT management systems to address these service gaps. For example, it is not uncommon for a single organisation to have tens of thousands of IoT devices, in contrast to the mere dozens or hundreds of traditional servers and user devices. Mismatching standards across devices is a common ailment with such volume. Security frequently remains an afterthought to the already-taxing implementation of simple management capabilities at scale, evident with large-scale IoT hacking emerging as a vogue topic at top IT security conferences.
What about Digital Identity technology for the consumer?
Identity is integral to a functioning society and economy. Having a proper way to identify ourselves and our possessions enables us to create thriving societies and global markets. At its most basic level, identity is a collection of claims about a person, place or thing. For people, this usually consists of first and last name, date of birth, nationality, and some form of a national identifier such as passport number, social security number (SSN), driving licence, etc. These data points are issued by centralised entities (governments) and are stored in centralised databases (central government servers).
Physical forms of identification aren’t widely available to every human for various reasons. Approximately 1.1 billion people worldwide don’t have a way to claim ownership over their identity. This leaves one-seventh of the world’s population in a vulnerable state – unable to vote in elections, own property, open a bank account, or find employment. The inability to attain identification documentation jeopardises a person’s access to the financial system and in turn, limits their freedom.
Citizens with officially recognized forms of identification continue to lack complete ownership and control over their identities. They have a fragmented online identification experience and unknowingly lose the value that their data generates. Companies holding their data are subjected to frequent hacks, which forces a lifetime of fraud mitigation for the end-user. Once a social security number is issued and lost, there is little to no recourse.
Why do you need Blockchain for Digital Identity?
Blockchain identity management systems could be used to eradicate current identity issues such as
– Data insecurity
– Fraudulent identities
What is the issue with “Inaccessibility”?
Approximately 1.1 billion people around the world have no proof of identity, and 45% of those without an identity are among the poorest 20% on the planet. Cumbersome identification paperwork processes, expenses, lack of access, and the simple lack of knowledge around personal identity are primary roadblocks that keep over a billion individuals outside of traditional identification systems.
Without possessing physical identities, one cannot enroll in school, apply for jobs, get a passport, or access many governmental services. Having an identity is crucial to gaining access to the existing financial system.
Conversely, 60% of the 2.7 billion unbanked people already own mobile phones, which paves the way for blockchain-based mobile identity solutions which better suit the needs of vulnerable citizens.
What about “Data Insecurity”?
At present, we store our most valuable identification information on centralised government databases supported by legacy software with numerous single points of failure. Large, centralised systems containing the personally identifiable information (PII) of millions of user accounts are incredibly appealing to hackers.
Despite regulatory legislation and enterprise efforts to increase cybersecurity, 2.8 billion consumer data records were exposed at an estimated cost of more than $750+ billion in 2021.
How can blockchain digital identity technologies solve the issues of “Fraudulent Identities”?
The user’s digital identity landscape experience is exceptionally fragmented. Users juggle various identities associated with their usernames across different websites. There is no standardised way to use the data generated by one platform on another platform.
Furthermore, the weak link between digital and offline identities makes it relatively easy to create fake identities. Fake identities create fertile ground for the phenomena of counterfeit interaction, which can help in the perpetration of fraud and lead to inflated numbers and lost revenue. In society, this vulnerability facilitates the creation and dissemination of evils like “fake news,” which poses a potential threat to democracy.
Due to the increasing sophistication of smartphones, advances in cryptography and the advent of blockchain technology, Verify 365 are now building a new identity management system and digital identity framework, DynamicID®️, based upon the concept of decentralised identifiers (DIDs) – potentially including a new subset of decentralised identities known as self-sovereign identity (SSI).
How will decentralised Digital Identities work on Verify 365?
Blockchain digital identity allows for users to create and manage digital identities through the combination of the following components:
– Decentralised identifiers
– Identity management
– Embedded encryption
What is Digital Identity in Blockchain?
A digital identity arises organically from the use of personal information on the web and from the shadow data created by the individual’s actions online. A digital identity may be a pseudonymous profile linked to the device’s IP address, for example, a randomly generated unique ID. Data points that can help form a digital identity include usernames and passwords, driver’s licence number, online purchasing history, date of birth, online search activities, medical history, etc. biometrics, behavioural, biographic are the modals that make up a person’s identity.
How can a Blockchain Digital Identity be created on Verify 355?
This is still work in progress, but as one example, users will sign up to Verify 365 identity and data platform (MyID®️) to create and register a DID. During this process, the user creates a pair of private and public keys. Public keys associated to a DID can be stored on-chain in case keys are compromised or are rotated for security reasons. Additional data associated with a DID such as attestations can be anchored on-chain, but the full data itself should not be stored on-chain to maintain scalability and compliance with privacy regulations.
What exactly do you mean by a “Decentralised Identifier”?
A decentralised identifier (DID) is a pseudo-anonymous identifier for a person, company, object, etc. Each DID is secured by a private key. Only the private key owner can prove that they own or control their identity. One person can have many DIDs, which limits the extent to which they can be tracked across the multiple activities in their life. For example, a person could have one DID associated with a gaming platform, and another, entirely separate DID associated with their credit reporting platform.
Each DID is often associated with a series of attestations (verifiable credentials) issued by other DIDs, that attest to specific characteristics of that DID (e.g., location, age, diplomas, payslips). These credentials are cryptographically signed by their issuers, which allows DID owners to store these credentials themselves instead of relying on a single profile provider (e.g., Google, Facebook). In addition, non-attested data such as browsing histories or social media posts can also be associated to DIDs by the owner or controllers of that data depending on context and intended use.
How are decentralised identities secured through Verify 365?
Verify 365 are currently involved in a number of digital identity blockchain projects. In each one of these, a key element of securing decentralised identities is cryptography. In cryptography, private keys are known only to the owner, while public keys are disseminated widely. This pairing accomplishes two functions. The first is authentication, where the public key verifies that a holder of the paired private key sent the message. The second is encryption, where only the paired private key holder can decrypt the message encrypted with the public key.
How can decentralised identities be used in the legal sector?
Once paired with a decentralised identity, users can present the verified identifier in the form of a QR code (MyID®️ on Verify 365 app) to prove their identity and access certain services. The service provider verifies the identity by verifying the proof of control or ownership of the presented attestation — the attestation had been associated with a DID and the user signs the presentation with the private key belonging to that DID. If they match, access is granted.
What are the use cases of the new blockchain digital identities in the Identity Management industry?
Decentralised and digital identification can be used in many ways.Here are some of the top use cases that Verify 365 has identified:
– Self Sovereign identity
– Data Monetisation
– Data Portability
What is Self Sovereign identity?
Self-sovereign identity (SSI) is the concept that people and businesses can store their own identity data on their own devices, so our MyID®️ Digital ID Wallet on the Verify 365 app, choosing which pieces of information to share to validators without relying on a central repository of identity data. These identities will be created independent of nation-states, corporations, or any organisations.
What is Data Monetisation?
As the world begins to examine who owns and should profit from user-generated data, blockchain-based self-sovereign identities and decentralised models give users control and carves a path to data monetisation.
Data Monetization refers to using personal data for quantifiable economic benefit. Data on its own has value, but insights derived from personally identifiable data substantially increases the value of the underlying data. There are quintillion bytes of data created each day, by 4.39 billion internet users. Over 60% of the global GDP is expected to be digitized by 2022, meaning personal data will continue to increase in value.
Currently, the online data that we generate is intangible, invisible, and complex. Attribution is critical in the processes of ownership, and SSI makes it possible to attribute your online data to your DID. From there, individuals could monetise their personal data, for example, by renting it to AI training algorithms or choosing to sell their data to advertisers. Users would also have the option to keep their data hidden and protected from corporations or governments.
What is Data Portability?
Article 20 of the European Union General Data Protection Regulation (EU GDPR) grants users the right to data portability, which pertains to the data subject’s right to have their personal data transmitted directly from one controller to another, when technically feasible. This right has the potential to enhance user experience, cutting down on the need to reverify their identity across various services and platforms, and this is what Verify 365 launching in January 2023.
With DIDs and verifiable credentials, it is possible to migrate identities that were anchored on one target system to another with ease. Data portability reduces friction for the user, while simplifying the sign-up process which increases user adoption. DID data portability also allows for reusable credentials, where user can quickly re-verify themselves while meeting regulatory Know Your Customer (KYC) requirements.
This is especially useful to reduce client onboarding time that avoids drop-out rates and cut costs in the legal and financial sectors by skipping the cumbersome identity verification process where usually a lot of documents need to be provided and checked by different parties, e.g. mortgage lenders, estate agents and lawyers.
How does MyID®️ blockchain enable increased economic contribution?
MyID®️ Digital ID Wallet is expected to contribute greatly to economic growth worldwide over the next 10 years, and it is considered inclusive since it benefits individuals largely while stimulating economic activity for the global market. For example, a McKinsey study reveals that reaching the unbanked population in ASEAN could increase the economic contribution of the region from $17 billion to $52 billion by 2030.
Additionally, the reported value attributed to digital identities is estimated to expand by 22% yearly, with economic benefits of close to €330 billion for European businesses and governments by 2020, and nearly twice as much value for consumers – €670 billion.
Decentralised identity models give users the chance to unlock this value, which will, in turn, grow the global economy.
What are the benefits of using Verify 365 Decentralised Identity?
Regulations such as the EU General Data Protection Regulation (EU GDPR) strengthen identity standards that require modern identity solutions. Governments look towards distributed ledger technology to bestow identities to the unidentified and to protect citizen’s personally identifiable information.
Verify 365 Digital ID Blockchain technology offers the following benefits:
– Decentralised Public Key Infrastructure (DPKI)
– Decentralised Storage
– Manageability and Control
How does Decentralised Public Key Infrastructure (DPKI) work?
DPKI is the core of Decentralised Identity. Our blockchain technology enables DPKI by creating a tamper-proof and trusted medium to distribute the asymmetric verification and encryption keys of the identity holders.
Decentralised PKI (DPKI) enables everyone to create or anchor cryptographic keys on the Blockchain in a tamper-proof and chronologically ordered way. These keys are used to allow others to verify digital signatures, or encrypt data to the respective identity holder.
Before DPKI, everyone had to buy or obtain digital certificates from traditional certificate authorities (CA). Thanks to Blockchain technology, there is no need for a centralized CA anymore. In turn, DPKI is an enabler for many use cases, namely verifiable credentials (VC).
Many people today use the term verifiable credentials (VCs) to refer to digital credentials that come with such cryptographic proofs.
What is Decentralised Storage so important?
Identities anchored on blockchains are inherently safer than identities stored on centralised servers. By using the cryptographically secure blockchain, in combination with distributed data storage systems like InterPlanetary FileSystem (IPFS) or OrbitDB, it’s possible to disintermediate existing centralised data storage systems while still maintaining trust and data integrity.
Decentralised storage solutions, which are tamper-proof by design, reduce an entity’s ability to gain unauthorised data access in order to exploit or monetise an individual’s confidential information.
Decentralised storage is one of the core components of secure identity data management. In a decentralised framework, credentials are usually stored directly on the user’s device (e.g., smartphone, laptop) or securely held by private identity stores.
Such private identity stores are referred to as identity hubs such as uPort’s TrustGraph or 3Box. When solely under the control of the user, identities are considered self-sovereign. This, in turn, means the user can both fully control access to the data without having to worry about access being revoked.
Data under the user’s control makes the information more interoperable, allowing the user to employ data on multiple platforms, use the information for different purposes, and protect the user from being locked into one platform.
What about Manageability and Control?
In centralised ID identity systems, the entity providing the identity is generally responsible for the security of the identity data. In a decentralised identity framework, security becomes the responsibility of the user, who may decide to implement his or her own security measures or outsource the task to some service, such as the Verify 365 app.
Additionally, blockchain-powered, decentralised identity solutions would force hackers to attack individual data stores, which is costly and generally unprofitable.
What’s next for Verify 365’s MyID®️?
Digital identification can be authenticated unambiguously through a digital channel, unlocking access to banking, government benefits, education, and many other critical services.
The risks and potential for misuse of digital ID are real and deserve careful attention, so this will be our focus in 2023.
However, a well-designed, digital ID not only enables civic and social empowerment, but also makes possible real and inclusive economic gains — a less well understood aspect of the technology.
Our latest innovations, such as MyID®️ Digital ID Wallet, which is based on the blockchain technologies, hold the promise of fighting identity fraud and enabling economic value creation by fostering increased inclusion and providing greater access to services, so Verify 365’s focus is now shifting to increasing the use of blockchain technology, which will help reduce fraud, protects identity rights, increase transparency, and help increase digitisation of the legal, property and financial sectors, which will drive further efficiencies in these industries.
– END –
By Verify 365 News Team
19 November 2022 – Stratford Upon Avon, UK