As written in previous blog posts blockchain and digital identity are two very different technologies and the blockchain killerapp within digital identity is yet to been discovered. We recognise blockchain as a promising technology with many interesting angles and as part of our strategy to pursue the blockchain as tool for improving the identity handling, Signicat joined the Dutch Blockchain Hackathon (https://blockchainhackathon.eu/) this weekend with a team of hardcore eID and blockchain resources.
At the end, we showed a fully working demo of a blockchain solution, which addressed the following issues.
Safe storage of the user’s private key is one of the challenges with any digital identity schemes which is based on private keys, is that this private key typically is stored on a device in the possession of a user, and if this device is lost, the private key is gone with it. There is no way to get the private key back.
Our demo showed a model where the private key is split into parts, and stored across the nodes of the blockchain, in such a way that no single node has the complete key, but multiple nodes are required to reconstruct the key. The user must prove that he or she is the owner of the key, by using one or more identity providers, as explained in the next section.
Independence of identity providerIn typical identity schemes, the user is dependent on ONE identity provider. If this identity provider is compromised, or if this identity provider decides either to discharge a user or to take control of the private key, it can do so. Instead, we set up multiple identity providers, where the user must authenticate with several of these at the same time to retrieve the private key. In addition, the identity providers must be approved by the blockchain, so an identity provider which has been compromised, will be excluded.
The worst-case scenarios are where a government issuing identities, decides to target a group of users based on an attribute, for example deleting them. The blockchain will provide safe storage, and the users would have other identity providers, e.g. social media or even a private community.
Privacy, and putting the user in control of attribute sharing, a user is often asked to provide some information, e.g. being over a given age or living in a specific country. The current solution is to provide an identity paper, which shows ALL this information and much more, which is not required to share.
By having each attribute verified by one or more IdPs, and then encrypted by different encryption keys, the user can expose any subset of the attributes to the recipient. So, it is possible to share only the date of birth, or even the derived “I’m over 18”, if this is verified by an (or more) identity provider.
We got some blockchain hands on and a working demo to show how blockchain can be used including additional blockchain insights working intense together and meeting a lot of other blockchain nerds.
Signicat take these new technologies very seriously and we therefore have a dedicated blockchain team and innovation test / demo platform to test our latest blockchain ID software on.
By John Erik Setsaas, Identity Architect, Signicat