Last weekend Team Blockwise in cooperation with Eugene Pavlenko took the third place at London Blockchain Hackathon, organized by Larson Digital and Future World Financial Holdings. We have decided to publish the award-winning white paper.
Blokwise Global ID
Any person’s identity data today is scattered across many different organisations and data silos. Regulators require businesses to perform extensive KYC checks thus complicating the life of people. Moreover, 39% of the world’s population doesn’t have a bank account because they can’t prove their identity.
Any person can be reliably identified by a combination of his unique characteristics (e.g. biometry) and unique knowledge (e.g. passwords).
The difficulty with the knowledge is that no one can be sure who else knows the same things.
Biometry based protection implies other disadvantages:
- Special equipment is necessary to collect the biometric images
- The biometric key cannot be replaced if compromised
- Most biometric keys are easily compromised (Hi-res photos, vendors’ access to touch-ID data, etc)
The Blockwise Global ID system is designed to address the following requirements:
- The person owns their identity (self-sovereign identity)
- The person is able to share any part of the data with any entity which requires the identity check in an easy and secured way (secured selective disclosure)
- The person can revoke the access to their data
- The person is guaranteed that no part of their identity, including biometric data, is used for any identification purposes without their consent
- The system can be used as a platform for storing and sharing any personal data, such as health records, educational records, credit scores, etc.
With all challenges of the biometric identification, biometry is the only way to reliably identify the person today. The biometric data cannot be stored in a blockchain smart contract because all the data in contracts is public. Encryption is not a solution either as the biometric data has to be decrypted before use, which means it can be compromised at the moment of decryption. Biometric data is fuzzy, the samples are always slightly different and therefore is it not possible to use traditional hash functions as the results will be dispersed and not comparable.
Blockwise proposed to use so-called Fuzzy Hash functions which, for similar arguments, produce hashes of the same degree of similarity in terms of Hamming weight.
We have designed the following solution for fingerprints hashing:
1) The fingerprint image is processed by NIST mindtct function (minutiae extraction)
2) The ssdeep or similar fuzzy hash function is applied to the result
3) The resulting hash is compared to the hash generated from the other sample
There are alternatives schemes available. Our research shows that the technology is mature enough to achieve reasonable accuracy.
Multi-factor Identity Check
We propose to create a ‘Hash Silo’ in the form of smart contract in Ethereum. This smart contract will store the hashes of the factual data (names, addresses, etc) and fuzzy hashes of the biometric data (photos, fingerprints, etc). As all the data is hashed we are able to maintain anonymity and prevent any possible data misuse as all the hashes, including fuzzy hashes are irreversible and therefore, it is not possible to recover the original data from the hashes. The hashes array is linked to the address of the smart contract containing the real ID data which is encrypted to ID owner’s public key (Global ID contract).
Every time someone wants to check the identity by using any data, including biometric, the Hash Silo contract will inform the ID owner’s contract. Before the identity check is confirmed to the requestor, Global ID contract will require the owner to digitally sign the consent.
The identity is therefore checked against the biometric data, the knowledge (password) and the ownership of the blockchain private key at the same time.
Governance is very important part of any globally distributed system. The blockchain is a perfect rule enforcement machine, but it has to be transparent who creates the rules to be enforced via blockchain.
Identity data normally cannot be changed by the owner, for example, to change the name the person has to apply to the relevant authority. Some of the data, such as address, must be confirmed by a reputable organisation, such as bank or utility provider. If the biometric data is collected, someone has to confirm that this particular biometric sample belongs to the particular person.
Personal data creation has to be regulated as well. For example, the health record can only be updated by the qualified healthcare provider. On the other hand, the person should have full ownership over their personal data, including the ability to change healthcare provider or share the health records with another one or with an insurance company.
Our Governance smart contract defines the list of the organisations which have the rights to create or change identity data. Every organisation is entitled to update only the data it creates throughout the life of a person. For example, DVLA can update the driving license data, while the City Hall can update the name or the date of birth, police can collect the fingerprints, etc. Any operation they perform is authorised through multi-factor identity check on the blockchain.
The organisations entitled to create or change the identity data form so-called ‘Governance Circle’.
Same principles work for the personal data. For example, health records can only be updated by a healthcare provider, educational records by an education provider etc.
There should be a Steering Committee which decides what organizations are to be added to the Governance Circle, define the types of organizations able to work with the personal data and certify that the particular entity belongs to the particular type.
Through the course of life, any person communicates with the organizations from the Governance Circle. Every time the interaction happens, the identity data is being added to the Global ID. For example, the name and date of birth can be added by the City Hall at birth, the photo can be updated by a passport issuing authority from time to time, the biometric data can be collected by the police, etc.
Every such operation has associated score recorded in the Governance smart contract. The total score of an ID is the sum of the scores of all the data collection operations performed.
The scoring provides a convenient mechanism for the enterprises accepting Global IDs. For example, a bank can set up a threshold of ID score, so that the IDs having lower score are not accepted while people having Global IDs of higher score can be served by the organization.
Another example: The Steering Committee may allow self-identification when the person adds the name and the selfie as their only identity data. Such a Global ID will have lower score which will not be enough for some institutions. However, this type of IDs can be accepted by a financial inclusion start-up, like Humaniq, which can limit the transaction volume.
Blockwise Global ID has several ways of secure sharing the identity and personal data and protecting the ownership of it.
Selective ID disclosure. Any part of the ID data can be sent over blockchain to any recipient via the message encrypted to the recipient public key. The recipient is able to confirm the correctness of the received data by running multi-factor identity check through the Hash Silo.
Know your Customer. Some organizations are required to have a copy of the identity data for the purposes of KYC compliance. For this purpose we suggest creating the copy of the Global ID smart contract where all the data is encrypted to the recipient public key. The data can be repossessed by deleting the copy.
Personal data disclosure. We use additional off-blockchain layer of symmetric cryptography to protect the personal data. Any part of the data can be encrypted with the key which is stored in the wallet on the client side. Whenever the owner wants to grant the access to someone, they send the message via blockchain containing the symmetric key encrypted to the recipient public key. The access is revoked by re-encrypting the data to the different symmetric key.
As an additional security measure, we have created the Smart Access List contract which stores the permissions granted to any party. Every individual ID or personal data contract, when called by any party, sub-calls the Smart Access List before returning any data to the caller. Smart Access List returns the confirmation of the caller’s rights. This mechanism helps to quickly revoke the access to the data without re-encrypting it.
As mentioned above, the only reliable way to identify the person is the biometry. Therefore, only those Global IDs having the biometric data attached can be reconnected in case of loss or theft of the cryptographic keys.
The reconnection procedure works as follows: the person gets the new blockchain key pair and visits a Governance Circle organization. The organization re-collects the biometry sample and creates new Global ID. After that the person sends the message to the special Mayday contract which matches the new ID with the old one by searching the Hash Silo and reconnects the personal data smart contracts to the new Global ID.
The Mayday contract can also trigger the re-issuance of ERC-20 tokens or re-sending the native pre-mined tokens to the new address.
Human interactions and transactions are moving online and rapidly growing. Social media, shopping, personal finance, wealth management, insurance are just few examples.
More and more customers adopt digital payments through all type of channels, such as phones, contactless cards and even watches. We believe that the trend will continue and the penetration rate of new payment media will increase.
Customers want to get value for their money and expect personalised experience and highly tailored solutions. This personalisation based on the personal data and behavioural preferences means one needs to share this data.
It is hard to decide whom to trust and whom to provide your data with when you are not sure how the data will be used. If the data is protected and it is you who ultimately owns it, you feel more confident sharing it.
There are numerous use cases of the Global ID platform:
1. Digital registry (life events records).
2. KYC for online financial services.
3. Visa and travel management – tax residency management.
4. Broader access to financial services (banking unbanked) subject to compliance with laws.
5. Refugees identity management.
6. Identity theft/cyber security protection.
7. Enhanced protection for personal e-commerce retail activity.
8. Personal data monetization for data owners.
9. Secured access to bank and segregated access to banking operations history, including its transfer when the person changes banks/countries.
10. Better risk scoring for the banks and financial services providers, i.e. you can prove your credit, trade history and wealth.
11. Electronic health records history which implies more effective treatment.
12. Insurance history and personalised insurance products pricing.
13. Education history
14. Employment history
15. Skills and CV verification
16. Clients’ investment experience and knowledge verification (asset allocation recommendations and portfolio allocation rules)
Ethereum allows integration of various private solutions between each other. This means the easiness of platform customization and adaptation for any business and regulatory needs.
The solution uses open source libraries and SDKs. The core of the system is based on Solidity smart contracts. Genesis block should be configured with pre-mined native Token (~10^12 ETH) or ERC-20 specification contract Token.
Proposed Tech Stack:
- Parity nodes with POA
- Smart contracts with Solidity
- Golang-coded backend
- Fingerprint recognition (NIST libraries)
- Fuzzy hash functions (to be further researched)
- Hashing Blake2s or SHA3 for security encryption
- Geth - Golang Ethereum node implementation (sources) for backend integration with blockchain for deploying the smart contracts and sending the transactions
- Solc - solidity contract compiler.