Writing new rules for identity management with blockchain
When Bitcoin and the first public Blockchain were created in 2009, a functional peer-to-peer, trustless financial system emerged. The possibilities inherent in Blockchain for managing identity were immediately apparent, and efforts soon began to create a system that would allow individuals to store and maintain control of their own digital identities.
As we embraced the internet, and the possibilities it offered, we provided details of our identity to a variety of online agencies, including governments, corporations, service providers, and social media networks. Our data is stored on central servers, where it has been compromised by repeated hacks and breaches. Digital identity theft has seen exponential growth over the last decade, and many worldwide have been affected by data breaches of the organizations that we trust to retain and protect our most personal information.
At present, we’re in a situation where the technology available to us has outpaced our understanding of how to best apply it. This is particularly true regarding digital identity verification. Traditional approaches toward verifying identity have relied on some basic rules, which blockchain is only now beginning to break:[1]
1. Rely on multiple rules, created by humans. This may have worked in an analog era, where humans had to check and verify information, but in the current digital environment, people cannot keep up. Instead, we can use AI and machine learning to sift through data and reveal patterns that would otherwise be hidden. Automating digital identity verification will result in greater accuracy.
2. Rely on static data sources. Government and corporate databases have proven themselves vulnerable to hacking, so why should we trust the information that they store? When hackers use this data to create false identities, how can it also be used to verify legitimate identities? A blockchain record of digital identity that combines static data, including traditional forms of personally identifiable information (PII) such as social security numbers or credit card numbers, with sources of data mined from social and email sources, results in a much more nuanced digital footprint. It is also much more difficult to generate a fake identity that encompasses all these sources.
3. First-time users must be manually verified. Traditional methods of validating new customers are time-consuming, and they generate high numbers of false positives and false negatives. Using AI and digital methods to verify identity can resolve these issues.
4. Don’t break the rules. Digital transformation, particularly Blockchain technology, is transforming the systems and processes that depend on verified identities. In this context, continuing to follow outdated rules makes little sense.
First steps toward identity on the Blockchain
A key problem with recording identities on the Blockchain, of course, is that if transactions are stored in a transparent ledger, how can privacy, or security, be maintained? A solution to this problem emerged early in Blockchain history, with Namecoin, the first fork of Bitcoin.
Namecoin is a decentralized domain name (DNS) and identity system. It lets users securely record and transfer arbitrary names, or keys. It preserves privacy because the participants in a transaction use zero-knowledge proofs to prove that they each hold “knowledge of a shared secret without revealing the secret itself.”[2]
Some questions remain
If the guiding principle behind Blockchain is to remove trust and maintain anonymity, how can it be used to reliably manage individual identities? How will individual privacy be maintained? How can incorrect information be kept off the Blockchain ledger? What happens to the data (the identity) if keys are lost or compromised? How can identity be established in a truly trustless environment?[3]
A resolution to the problem
Companies such as KABN are attempting to solve many of these issues by using biometrics combined with KYC and AML processes to actively validate identity. The KABN solution is interesting as it changes the paradigm completely by extracting binary (valid / invalid) markers from the user’s identification and hosts these markers on the Blockchain for third parties to access to decision investment and other actions. By generating “Markers” on the Blockchain, KABN authenticates users without needing to transfer Source-of-Truth documentation, thus preserving individual privacy.
Users identify themselves and authenticate their identity only once, creating a binary marker that is hosted in smart contract Blockchain registries. When a company wants to verify a customer’s identity, they “ping” the smart contract registries to validate the marker and either allow or disallow the customer relationship based on the response. As a result, PII remains separate and distinct from technology. Solutions such as these are compliant with jurisdictional privacy requirements, including GDPR.
Digital identity verification solutions need to provide solutions that reduce friction for both parties — customers and issuing companies — in the ICO onboarding process not to mention also offering solutions such as crypto- to-fiat banking wallet, debit cards, and direct-to-bank transfer programs.
[1] https://www.csoonline.com/article/3271791/identity-management/why-it-s-time-to-break-these-4-identity-verification-rules.html
[2] https://medium.com/humanizing-the-singularity/a-brief-history-of-digital-identity-9d6a773bf9f5
[3] https://medium.com/verime/the-promise-of-verifying-and-authenticating-your-digital-identity-on-the-blockchain-2c1e9693007b
For more information contact Ben Kessler at ben.kessler@kabn.network or visit https://cryptokabn.com/
This article has been reposted from Pegasus Fintech, an advisory partner of KABN. It has been modified with permission.
