Tag: Digital identity

Indicio launches blockchain-enabled network for identity

PCIS Support Team Leave a comment

Technology provider Indicio.tech, a public benefit corporation advancing decentralized identity software and solutions, today announced the public availability of the Indicio MainNet, a professionally-staffed decentralized identity network designed for global enterprises that need a reliable platform to develop and scale identity services and products.

The development of the Hyperledger Indy-based network follows on the successful deployment of the Indicio TestNet, a market leader in decentralized identity networks.

The Indicio MainNet uses distributed ledger technology—multiple identical databases spread across different nodes—to enable the use of privacy-preserving verifiable digital credentials. This provides the foundation for flexible, portable, and permanent digital identities that are always under the control of the identity holder—the individual—and which provide an evolutionary leap forward in security.

“Our clients asked for a stable, fully-staffed network based on Hyperledger Indy— one that could provide the Service Level Agreements their customers need for mission-critical workloads,” said Heather Dahl, CEO of Indicio. “Today, we are excited to announce that this MainNet is open for business.”

“This is the network we need to accelerate adoption of passwordless zero trust ecosystems for enterprise customers” said Mike Vesey, President of IdRamp, a leader in decentralized identity and a Genesis Node Operator on the Network. “Our customers are developing service delivery ecosystems that require world class support, and leading edge features managed by a team with deep technical experience. The Indicio network provides exactly that.”

“The Indicio Network enables GlobaliD to deliver a digital identity platform that puts you in control of your identity and your data,” says Mitja Simcic, CTO of GlobaliD, one of the first companies to use Indicio’s MainNet. “Most digital identity platforms take ownership and control of your digital identity and your data for their own purposes. For instance, social media companies make money from selling your data to unauthorized third parties. Indicio is creating an ecosystem for providers that are working to make this practice obsolete. This network is bringing real change to real people, all over the world.”

The Value of Decentralized Identity

Decentralized identity allows individuals to control their own data and solves the privacy and security issues that undermine current models for handling identity online. This privacy-preserving model for identity, where everyone controls their own information, makes it easy for companies and organizations to comply with data privacy laws, makes business partner integrations more secure, and does away with the need for third-parties to manage and hold personally identifiable information (PII).

It is important to note that as part of Indicio’s governance, no personal data, such as names, addresses, or birth dates, are written to any of the Indicio Network ledgers. Instead, machine-readable cryptographic information identifies the issuer of the credential and the details that demonstrate the credential is authentic. With just a few writes to the Indicio MainNet, millions of credentials can be issued, all pointing to the same few ledger writes making the system easily scalable.

How to use the Indicio MainNet

Anyone using technology to verify a verifiable credential that is presented to them may access the Indicio MainNet for free. Several wallets currently in production now point to the Indicio Network, enabling credentials to be issued on, and read from, the Indicio Network.

Global innovators interested in becoming part of the Indicio Network are welcome to become an Indicio Node Operator. This diverse, supportive, and collaborative network of dynamic companies, work together to support a copy of the ledger while helping to advance decentralized identity. Learn more about the other benefits of becoming a Node Operator.

Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn

Related:

  • No Related Posts

Business identity org started by Financial Stability Board pilots blockchain identity

PCIS Support Team Leave a comment

Today, The Global Legal Entity Identifier Foundation (GLEIF) said it is working with self-sovereign identity firm Evernym to enable organizations to use digital identity on the blockchain. The two are piloting a solution for ‘organization wallets,’ which would hold digital credentials of an organization and verify the authority of employees to act on its behalf.

GLEIF, established in 2014 by the Financial Stability Board, is tasked with implementing legal entity identifiers (LEI), a global identifier for companies and organizations participating in financial transactions. The blockchain-based solution uses the organization wallet and verifiable credentials to connect an employee’s name to the organization’s LEI.

This blockchain-based identity management system improves the trustworthiness of a business process, so it’s known that an employee is authorized when they sign a contract with new suppliers, or submit information to regulators.

GLEIF and Evernym ran a proof-of-concept (PoC) for a regulatory filing and leveraged verifiable credentials on the Sovrin Network. As a global foundation, GLEIF registered its own public Decentralized Identifier (DID) on the Sovrin Network. There are several LEI Issuers, typically financial exchanges, that issue and maintain these identifiers. GLEIF accredits each of these issuers.

An organization is validated by the Issuer and assigned an LEI.

For the PoC, an organization requested verifiable credentials with its LEI from the Issuer and used that data to issue verifiable credentials for its employees. These credentials were stored in the ‘organization wallet’.

“By partnering with Evernym, we have extended the idea of self-sovereign identity beyond individuals to legal entities for the first time,” said Stephan Wolf, CEO of GLEIF. “The process of cryptographically recording credentials, linked to an organization’s LEI in a chain of trust rooted on distributed ledger technology, gives organizations full control over the issuance and management of their own employee’s digital credentials,”

GLEIF has previously trialed blockchain digital identity for LEIs on Ethereum and Hyperledger blockchains. The Sovrin Network, originally initiated by Evernym, is based on Hyperledger Indy.

Among its recent projects, Evernym is participating in the COVID Credentials Initiative. It is on the steering committee of Trust over IP (ToIP) Foundation, a standards initiative of the Linux Foundation.

Last year, the governments of British Columbia (BC), Ontario and Canada jointly explored decentralized identity and trusted credentials for businesses using Hyperledger Indy. The solution is called Verifiable Organizations Network (VON).

Related:

IBM, R3, Mastercard join open source digital identity consortium

PCIS Support Team Leave a comment

Today the Linux Foundation announced the launch of the Trust over IP (ToIP) Foundation with the aim of creating digital standards to enable parties to share data with trust. It’s about ensuring interoperability between different solutions for trusted data and digital identity.

The 17 founding steering committee members include Accenture, Evernym, IBM and Mastercard with contributing members such as DIDx and R3.

Motivations for forming the initiative were cited as the business challenge of managing digital assets and data as well as low consumer confidence with personal data. The combination, the group believes, is hampering the adoption of digital identity.

“The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the Internet and to trigger a new era of human possibility,” said Jim Zemlin, executive director at the Linux Foundation. “The combination of open standards and protocols, pan-industry collaboration and our neutral governance structure will support this new category of digital identity and verifiable data exchange.”

“In today’s digital economy, businesses and consumers need a way to be certain that data being exchanged has been sent by the rightful owner and that it will be accepted as truth by the intended recipient,” said Dan Gisolfi, CTO, Decentralized Identity, IBM Security. “Many privacy focused innovations are now being developed to solve this challenge, but there is no ‘recipe book’ for the exchange of trusted data across multiple vendor solutions.”

The ToIP Foundation says it plans to use models that leverage interoperable digital wallets and credentials that use the W3C Verifiable Credentials standard.

Hyperledger and the Linux Foundation

There’s quite a big overlap between the membership of this group and Hyperledger, which is part of the Linux Foundation. For example, its Hyperledger Indy project, which underpins the Sovrin identity network was contributed by Evernym. Drummond Reed Evernym’s Chief Trust Officer commented: “We are thrilled to help stand up the ToIP Foundation at the Linux Foundation and hope that it attracts every company and contributor who wants to build a strong and lasting trust layer for the Internet.”

The rationale for ToIP being separate to Hyperledger is two-fold.

Firstly, Hyperledger is primarily about business blockchain, whereas digital identity and privacy protocols is a broad topic and can be decentralized without using blockchain, although blockchain is often used for public key infrastructure.

And secondly, in a previous discussion with Hyperledger Director Brian Behlendorf in a different context he explained that “it’s really, really good to have a standards body in a domain separate from the leading open source project in a domain or from the open source projects in a domain.”

Hyperledger is not a standards body, it’s about open source projects.

However, in today’s announcement, ToIP appears to intend to be both a standards setter and home to open source projects. It has two standards working groups, the Technical Stack Working Group and the Governance Stack Working Group. And also two development groups, the Utility Foundry Working Group and the Ecosystem Foundry Working Group for “projects that wish to collaborate on the development of ToIP utility networks or entire ToIP digital trust ecosystems.”

“The Trust over IP (ToIP) Foundation is bringing together a powerful mix of experts and doing it at the exact right time given the urgent need to encourage greater adoption and increase trust in data privacy and ownership,” said Christine Leong, managing director, global lead for Decentralized Identity & Biometrics at Accenture.

Related:

Enthusiasts of Bolivia to promote the use of digital signatures to improve services | Breaking News

PCIS Support Team Leave a comment
Key facts:

The regulations of the bolivian disallow the use of criptoactivos, but not the certification in blokchain.Analysts bolivian clarify the difference between an electronic signature and a digital.Digital signatures are a technology-based solution that seeks to provide security and trust to electronic documents, and the community of enthusiastic Bolivian Mind Blockchain (BMB) sees it as the future of digital identity. This is why the promote with the aim of improving the services of public and private agencies in that country.Gabriela Melendrez Alaro, founder of the collective BMB, explained to Breaking News that the digital signature can be used to authenticate a user in the Internet systems of many public institutions. By means of this instrument the documents acquire legal value and character of evidence, to allow you to create files with more security than a handwritten signature.In the opinion of the founder of BMB, through the use of digital signatures reduces the use and transport of paper, and promotes the quantity and quality of services oriented to customers of the state and private institutions.He also explained that the network that is used for the development of this virtual instrument in Bolivia, is the platform of Hyperledger Fabric. But, why use a platform blockchain? The founder of BMB argues that it is a distributed system distinguished notably by its ability of consensus among participants.It also points out that its technology of distributed database between computers allows that, once entered in her codes, they remain there forever. With this “guarantee a transaction, an agreement or an identity, that lets you encrypt the elements that have to do with privacy”.

Blockchain and the security of the data

Around the security of the data is delivered Erick Poppe Yanez, electronic engineer, academic and specialist in hardware and software, networks and cryptography, a frequent special guest at events of Blockchain Lab promoted by BMB.Poppe believes that “the network of blockchain Hyperledger Fabric reduces scams by allowing participants to share the information consensus on the process. This avoids the single point of failure vulnerable to manipulation,” according to the opinion.It also stresses that this platform blockchain reduces the scams, by allowing participants to share the information agreed upon in the process. “So, avoids single point of failure vulnerable to manipulation,” he adds. Under its optics, this technology enhances both the security and privacy in the transmission of data, as in transactions with digital signatures via the Internet.For this reason, it seeks to take advantage of the features of this chain of blocks to reconfigure the way they are used in the rubrics of virtual identity.

One of the keys is that the book open and distributed technology blockchain would be able to detect and filter activities that potentially fraudulent or abusive on the part of some of those involved.Erick Poppe Yanez

Around the contribution of the network of Hyperledger Fabric to the verification of the identity, stressed that it contributes to the development of a system of public key infrastructure, which is included for the certification of the communication between participants at all levels.

Differentiate between digital and electronic signatures

The community BMB has been warning users about the need for you to know the difference between digital signatures and electronic. Through your account in Facebook warn that “all digital signatures are electronic but not all electronic signatures are digital”.In this sense, Melendrez Alaro and Diana Balderrama, another member of the community BMB, coincided in pointing out that despite the fact that these two terms are used commonly as synonyms, the reality is that they are different concepts.The electronic signature is only a signature equivalent to handwritten, that may well be a rubric, scanned into a data format. That is to say, is the proof that a real person has given his consent for a particular purpose. This has no legal validity.Melendrez Alaro explained that “the digital signature uses electronic signatures and the tecnifica to a level cryptographic”. But in addition to them adds a set of features that give it legal validity, and security. Therefore, they serve both to identify the person to certify the accuracy of the information. It adds a sort of lock that is given by the digital certificate, which is nothing more than an official certificate issued by an agency that validates the signature.

In sum, the main conceptual differences between an electronic signature and a digital are the uses and the nature of the same. While an electronic signature is related to the legal aspects of acceptance of certain conditions or the validation of an action (in different levels); a digital signature has the legal effects, because its function is to encrypt data to give greater security to a transaction, to authenticate and identify the person running the operation.Gabriela Melendrez, founder of the community BMB

Challenges of the blockchains private

In terms of the challenges facing the current platforms blockchains private, in order to make more effective the implementation of digital signatures, Erick Poppe noted that in Bolivia you must achieve a “normalization of entities in order to agree the standard encryption algorithms and standards of certificates X. 509″. In cryptography, X. 509 is a standard of the International Telecommunication Union (ITU-T) infrastructure of public keys.Warnings about which no one usually do about digital signatures, spoke to Judith Apaza, another participant of the events of BMB. The specialist in Political Management, Public Management and Electronic Government considers that something recurring that is not mentioned is that, beyond the technological, the digital signature is the way in which we exercise our identity in the digital world”.”It is very common for technicians to reduce their use in cryptography or mathematics, but the digital signature is also the way in which we can interact with others in the digital world,” he said.At the discretion of Apaza, a frequent occurrence is to display a scanned signature to represent the digital signature. “But currently, it is possible that a blank document is signed, and there are also ways in which we can all verify the existence of a digital signature”.

What is illegal or not?

It is known that in Bolivia the use of the cryptocurrencies is illegal. However, the same is not the case in the use of the platform blockchain of Hyperledger Fabric to certify documents, clarified Melendrez Alaro and Poppe.”Definitely not. Although the regulations of bolivia do not authorize the use of criptovalores, the use of certified documents, using chains of blocks is permitted through the supreme decree 3525, produced by the Agency of Electronic Government and Information and Communication Technologies (Agetic),” said Poppe.For Melendrez Alaro the digital signature, and open data should facilitate the transition towards an open government. In fact, the implementation of the advanced electronic signature and digital certificates play an essential role in the development of the digital administration. Are the tools for citizens to identify themselves digitally to the public entities and interact with them, with the same validity that it would have a procedure done personally in any window.However, he emphasized that for which the user is already identified to be able to access the full services of the government, it takes knowledge and information to avoid the bureaucracy that means making a procedure, for example. “The goal of open data is to improve the information published, transparentarla, so as to eliminate the barriers of consumption of the end users,” he concluded.

Related:

Introducing Interoperable Blockchain Identity Solutions with Hyperledger Aries

PCIS Support Team Leave a comment

In a recent blog post, the Hyperledger project announced their 13th project called Hyperledger Aries, which provides an interoperable identity management toolkit that enables creating, transmitting and storing verifiable digital certificates. Using this toolkit, organizations can support secure, interoperable peer-to-peer messaging across different distributed ledger technologies (DLT).

Identity management continues to be one of the most important and challenging aspects of building DLT applications. Tykn, a digital identity management organization, classifies the problem as:

Most of the current identity management systems are weak and outdated. Paper-based systems are at risk of loss, destruction or fraud. Digital systems, if centralized, are honeypots of personal data for hackers. Constantly subject to leaks and breaches. Since 2017 alone, more than 600 million personal details – such as addresses or credit card numbers – have been hacked, leaked or breached from organizations. Identities need to be portable and verifiable everywhere, any time, and digitization can enable that. But being digital is not enough. Identities also need to be private and secure.

Hyperledger Aries plans to address some of these identity challenges through the use of verifiable digital credentials. Nathan George, cto Sovrin Foundation and Hyperledger Aries sponsor, explains:

Identity is commonly cited as one of the most promising use-cases for distributed ledger technology. Initiatives and solutions focused on creating, transmitting and storing verifiable digital credentials will benefit from a shared, reusable, interoperable tool kit.

The Hyperledger project has been very clear that Aries is not a blockchain, nor is it an application. The toolkit has roots from both the Hyperledger Indy, from a resolver implementation perspective, and Hyperledger Ursa, which it has leveraged some cryptographic functionality from. However, Hyperledger Aries does provide a blockchain interface layer, known as a resolver that allows for the creation and signing of blockchain transactions. It also includes secure storage that acts as a cryptographic wallet where secrets can be stored and includes an implementation of a Decentralized Key Management System (DKMS) which is currently being incubated in Hyperledger Indy.

Aries includes an encrypted messaging system for off-ledger interactions between clients across different transport protocols and the ability to abstract higher level protocols through API-based secure messaging interactions.

Additional technology from another Hyperledger project, Hyperledger Ursa, is being leveraged within Aries. An implementation of Zero Knowledge Proof (ZKP) capable W3C verifiable credentials using the ZKP primitives is being included. ZKP-capable W3C verifiable credentials can represent the same knowledge that may be found in physical credentials, such as a driver’s license, passport or health insurance card, but includes privacy-preserving and data-minimization features.

Image source: https://www.hyperledger.org/blog/2019/05/14/announcing-hyperledger-aries,-infrastructure-supporting-interoperable-identity-solutions

While the generic Aries resolver interface will support Hyperledger Indy, it is flexible that developers can build a pluggable method using another decentralized identifier (DID) method resolver based upon Hyperledger Fabric or Ethereum.

Moving forward, the project is focused on enhancing identity storage and exchange capabilities. George explains:

The ultimate goal of Hyperledger Aries is to provide a dynamic set of capabilities to store and exchange data related to blockchain-based identity. These capabilities will range from the secured, secret storage of data, such as private keys, up to the capability of globally accessible data that can be viewed and accessed by anyone. An example of such support is the creation of a secure storage solution similar to the wallet available in Hyperledger Indy today.

Developers can learn more about Hyperledger Aries by visiting their wiki or joining the Hyperledger chat channel.

Related:

Hyperledger Announces Aries, a Toolkit for Blockchain-Based Identity Management

PCIS Support Team Leave a comment

Everyone has a form of sovereign identity, said Evermym’s Drummond Reed during CoinDesk LIVE on Tuesday.

Reed and Brian Behlendorf, executive director of Hyperledger, were there to launch their new identity management system.

During his talk, Reed tapped his physical wallet full of cards and cash. That, he said, was the equivalent of state-of-the-art when it came to digital identity.

In an effort to bring identity into the 21st century, the pair have just launched a new, open source framework for identity management, Aries.

The framework, the team wrotes, is “not a blockchain and it’s not an application.” Instead, it is a method to build interoperable and verifiable credentials for secure communication.

The surveillance economy

Reed believes we are “mainlining the surveillance economy” when we login with Twitter, Facebook, and even email.

“With DID and Aries based logins there’s no one in the middle. It’s just you and your private keys,” he said.

Reed said the Hyperledger‘s tools are already being used to build government identity projects. One project, called the Verifiable Organizations Network, is the first public permissioned production ledger for self-sovereign identity.

“They’ve issued over 10 million business credentials already,” Behlendorf said. “The business owner is the pivot point in how they engage with government agencies. If you’re a restaurant owner in Vancouver you want to get licensed to serve food that’s a local government thing, you want a license to serve alcohol and that’s a Canada thing, you want a pay taxes,” said Behlendorf. “All these involve exchanging permits and credentials. If you had to wait for all those governments to integrate all those systems you’d be waiting forever.”

With self-sovereign identity tools like Aires you reduce the time it takes to spin up identity systems. That, he said, is a good thing.

The product includes:

  • A blockchain interface layer (known as a resolver) for creating and signing blockchain transactions.
  • A cryptographic wallet for secure storage (the secure storage tech, not a UI) of cryptographic secrets and other information used to build blockchain clients.
  • An encrypted messaging system for off-ledger interactions between clients using multiple transport protocols.
  • An implementation of ZKP-capable W3C verifiable credentials using the ZKP primitives found in Ursa.
  • An implementation of the Decentralized Key Management System (DKMS) specification currently being incubated in Hyperledger Indy.
  • A mechanism to build higher-level protocols and API-like use cases based on the secure messaging functionality described earlier.

The project is an offshoot of two other Hyperledger efforts: Indy for identity management and Ursa for security.

The code will be available on GitHub once the project gets rolling. And with luck, according to Reed, the initiative will help do away with paper IDs entirely over the next two years.

Ram image by Hazel Clifton on Unsplash. Other images courtesty of startup.

Related:

Blockchain-based ID verification system ‘Verified.Me’ goes live with five Canadian banks

PCIS Support Team Leave a comment

A blockchain-based digital identity and attribute sharing network has gone live with five Canadian financial institutions – CIBC, Desjardins, RBC, Scotiabank and TD.

Developed by SecureKey, Verified.Me will make it easy to share personal information, thereby helping with identity verification in a secure manner. Consumers will be able to quickly and securely share information with participating service providers, while enabling businesses will be able to achieve more streamlined, effective and cost-efficient client services and onboarding.

Canadian customers and members of these five banks can now use Verified.Me to verify their identities online with the services they need in a privacy-enhanced and secure way. They can verify their identity quickly and securely from any iOS or Android smartphone, using personal information that they consent to share from their connections, such as their financial institution.

Customers will always stay in control by choosing when to share their information and with whom.

“This announcement marks the first time that consumers are officially able to access the Verified.Me application and gain greater control over their digital identities,” said Greg Wolfond, Founder and CEO, SecureKey Technologies.

Verified.Me is built on top of the IBM Blockchain Platform which is based on Linux Foundation’s open source Hyperledger Fabric v1.2, and will be interoperable with Hyperledger Indy projects.

According to the press release, in addition to the Canadian financial institutions, a number of digital identity network participants and innovation partners have helped to bring Verified.Me to market, including the Digital ID and Authentication Council of Canada (DIACC), the U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T), Global Privacy and Security by Design, EnStream, Equifax, IBM and Prodigy Labs.

BMO Bank of Montreal and National Bank of Canada are also going to launch the service soon for their customers. Sun Life Financial has signed on as an early adopter and the first North American insurer on the service.

Related:

Sovrin Foundation Announces Major Network Updates to Support Mass-Scale Adoption of Digital …

PCIS Support Team Leave a comment

With a 176 percent increase in average weekly developer commits year-over-year, the network is poised to drive adoption of digital identity on the blockchain

/EIN News/ — PROVO, UT, Dec. 12, 2018 (GLOBE NEWSWIRE) — The Sovrin Foundation, a nonprofit organization dedicated to enabling self-sovereign digital identity for all, today announced a major feature update to the Sovrin Network. The Sovrin Network is the foundation for a future where secure digital identity allows individuals and businesses to conduct interactions online in a safe, private, and convenient way. The latest technology upgrades come a year after the Network went live and experienced enormous growth. With these new features, the Sovrin Network is in a position to enable mass adoption of digital identity.

“From daily data breaches to a global refugee crisis, the need for a universal, self-sovereign ID has never been more relevant,” said Heather Dahl, executive director, Sovrin Foundation. “But the technologies to support a more secure digital world are here, and with this update to the Sovrin Network, 2019 will be a landmark year for the global advancement of digital identity.

The new features in Sovrin Network 1.6 focus on enhanced performance, stability, security, and compatibility and together support widespread public deployment. The Network now supports backward compatibility and enables easier monitoring and administering of nodes on the ledger. Sovrin Stewards, trusted organizations chosen to run validator nodes and provide consensus for the public ledger, can see the status of any node on the ledger, simplifying diagnosis and improving overall ledger performance and stability.

“The future is one in which secure, accessible digital identity for all is a reality,” said Chair of the Sovrin Foundation Board of Trustees and recognized identity pioneer Dr. Phil Windley. “The advances made this year by the Sovrin and open blockchain communities are unprecedented and give developers the tools they need to bring digital ID to the masses. Sovrin’s live 1.6 upgrade embodies that reality.”

The Sovrin Network is designed to bring the trust, personal control, and ease-of-use of analog IDs – like driver’s licenses and employee ID cards – to the internet. The Sovrin Network uses open-source distributed-ledger technology, allowing developers to create interoperable applications that run on the Network. Businesses and institutions could potentially use these applications to issue and verify digital credentials while adhering to GDPR and other data privacy regulations. Identity holders can also use third-party applications, called agents, to privately collect, share, and independently manage their own digital credentials.

Additional detail on the newest features: 

0_medium_04.jpg
Sovrin is an open source project creating a decentralized global public network enabling self-sovereign identity on the internet.

2_medium_Sovrin_Logo_withTagline_color_1500px.png

  • New command line interface, including a new validator-info command for Stewards, which enhances performance by allowing Sovrin Stewards to query the status of any node in the pool while diagnosing pool performance. 
  • Security enhancements that support separate IP addresses and will allow stewards to further separate different traffic on the network, maintaining node consensus even in the event of a Denial of Service (DoS) attack.
  • A new ledger format that allows for future backward compatibility, which eliminates downtime by allowing the ledger to remain online and functional while nodes of the ledger are gradually updated to newer versions.

The Sovrin Network launched in 2017 and uses a diverse group of trusted organizations, called Stewards, to run the validator nodes that provide consensus for the public ledger. Currently, there are more than 50 Stewards, from 13 countries and six continents.

The Sovrin Foundation is a member of Hyperledger, a Linux Foundation Project. Sovrin uses Hyperledger Indy, one of the projects under the Hyperledger umbrella. The initial code for Hyperledger Indy was contributed by the Sovrin Foundation. 

ABOUT THE SOVRIN FOUNDATION

The Sovrin Foundation is a nonprofit organization established to administer the Governance Framework governing the Sovrin Network, a decentralized global public network enabling self-sovereign identity on the internet. The Sovrin Network is and open source project, operated by independent Stewards and uses the power of a distributed ledger to give every person, organization, and thing the ability to own and control their own permanent digital identity.

Attachment

Helen Garneau Sovrin Foundation +1 801 701-1848 helen@sovrin.org

Related:

How Sovrin will prevent identity leakages like Equifax

PCIS Support Team Leave a comment

The Sovrin Network is the distributed ledger technology (DLT) platform that enables users to keep control over their data. If the self-sovereign identity (SSI) project fulfills its promise when it comes to protecting personal data, it really could change the world. The code that drives Sovrin is open sourced as Hyperledger Indy, which is part of the Linux Foundation.

The hack of consumer credit reporting agency Equifax more than five years ago compromised the personal information of 148 million people. In 10 to 15 years, that sort of breach is unlikely because the honeypot databases held by credit rating agencies should no longer exist. Unless credit rating agencies adapt, SSI is a serious threat to their business. While the hack had no lasting effect on Equifax’s stock price, it’s a matter of time before investors realize the impact of SSI and why it offers consumers better protection going forward.

A credit reference, the SSI way

Currently, Equifax collects data from companies with whom you have a financial relationship. In future, your bank or mortgage company will retain that information only if they have to.

Imagine you’re applying for a car loan, and the loan company wants to know that you pay your mortgage regularly. The three parties involved are the loan company that wants to see the information, the mortgage company that has the information about your payment history and you.

The mortgage company packages the data with Zero-Knowledge encryption which allows only parts of the information to be revealed to selected parties. And you electronically sign it.

The raw data is not handed over to the loan company. Instead, they get a “proof” of the information they want to know. In this case, it might be proof that you’ve not missed a mortgage payment by more than seven days in the last five years. The loan company gets a yes / no answer to that question. They don’t know how much your mortgage is (unless you permitted that), or what the payments were.

Plus, the loan company could connect to the Sovrin network to verify that the data came from the mortgage company. It verifies the mortgage company’s public decentralized identifier (DID). All three parties will have DIDs. The company ones will be public so people can verify them. Your identity will be private. And instead of having just one identity you will have a separate one for each relationship — one for the mortgage company, one for the car loan company, one for your bank, your passport and so on.

If you had just one identity, it might be possible for different companies that hold information to collude and share information about you. So you’ll have a wallet that looks somewhat like a contacts list.

Nathan George, CTO of the Sovrin Foundation, explained to Ledger Insights that the Sovrin Network deals with personal DIDs differently to other SSI solutions. Even though you have separate DIDs for each relationship, if you expose those DIDs to other parties – like the loan company seeing your DID – that’s a problem. “Instead of just having a trust relationship they can now collude and talk about all the information. And that collapses the value of the decentralization of the system,” George explained.

So the question is if you don’t disclose your DID, how can the loan company be sure that it’s you and not someone else’s mortgage that you’re using to prove your credit rating? Much like how the loan company only received proof that you pay your mortgage regularly, the loan company will get proof that it’s you, without access to the DID itself.

All these proofs are cryptographic Zero-Knowledge Proofs.

George is quite passionate about using Zero-Knowledge Proofs for storing data both in databases and on blockchains because if the information is stolen, it isn’t that useful for a hacker. “We have a lot of data that’s cryptographically signed but doesn’t have Zero-Knowledge capability. It basically means that those databases or those blockchains become big honeypots of information that when stolen retains all of its cryptographic verification.”

A look at the network

The Sovrin network went live in September 2017.

So far, the only data stored on the network are the organization DIDs, formats for different kinds of data like a passport or a credit reference, and a link between the organizations and the formats they support. There are also revocation registries which might be used, for example, if you lost your passport and needed a replacement.

That’s not a massive amount of information given that personal identities aren’t on the blockchain. This means scalability, one of the significant public blockchain challenges, is less likely to be an issue.

Sovrin is a public permissioned blockchain, which means the network is publicly available but the hosting of nodes is permissioned. Trusted parties or “stewards” run validator nodes that allow parties to write data to the network. There are numerous big-name stewards including IBM and CISCO; several credit unions including CULedger; two U.S. law firms Perkins Coie and BakerHostetler; telecoms Swisscom and T-Labs, part of Deutsche Telekom; and airline industry IT provider SITA.

Many Sovrin projects are in the works. CULedger, the blockchain consortium for U.S. credit unions went live nine months ago with its digital identity verification system. Evernym is the company which donated the original source code for the Sovrin Network to the Sovrin Foundation. They’re working with Sovrin, IBM, Workday and ATB Financial on Job-Creds, a research project exploring using SSI for employee credentials. Canada’s British Columbia Government is working on the Verifiable Organizations Network (VON) to issue and store data about organizations, which can then be used for registrations, permits and licenses.

Does winner take all?

With all that activity, is an ICO on the cards? The Sovrin Foundation, the non-profit organization tasked with administering the network, has considered issuing a token, but there has been no official announcement. The Sovrin Network positions itself as a “global public utility”.

Who or what might challenge the Sovrin Network? One competitor is the Consensys uPort project on Ethereum.

But a bigger question is will there be one or two networks for everything? For example, Spring Labs is in the early stage of development on a similar credit-referencing project. One could also envision a network for health, passports, KYC, and qualifications. Or these could all exist on Sovrin.

Because the Sovrin Network’s underlying code is part of Hyperledger Indy, it makes it easier for sector-specific identity platforms to use the open source code and create specialist networks. Whether or not that’s desirable is debatable. One network may be more efficient. But regarding getting traction, in business, the advice is usually to focus on one sector. Only time will tell if Sovrin will be THE identity network.

Sovrin Foundation’s CTO Nathan George will give a talk entitled “Public, Permissioned and Still Decentralized” at the Hyperledger Global Forum which takes place in Basel, Switzerland on 12-15 December. Ledger Insights is a media partner, and this code will provide a 20% discount: HGF18LEDGER

Related:

Today in FinTech: nanopay, RentMoola, SecureKey

PCIS Support Team Leave a comment

Over the past few weeks, several FinTechs have made announcements launching new features and partnerships. Here’s the latest on these company updates.

Nicko van Someren joins nanopay as chief security officer

Toronto-based nanopay, a payments platform helping banks facilitate real-time global payments, has added Nicko van Someren as its chief security officer (CSO).

Van Someren has been a member of nanopay’s advisory board for the past five years. Most recently, Van Someron served as the CTO and executive director of the Linux Foundation’s Core Infrastructure Initiative, a program that aims to improve the security of open source projects. Before that, Van Someren was the founder and CTO of the hardware security model company nCipher Plc, which was acquired by Thales eSecurity; the CTO of Good Technology, which was acquired by Blackberry; the chief security architect of Juniper Network; and the founder and CTO of Ant Plc.

“Nicko’s been advising us since the beginning of nanopay. His proven track record and strategic vision on security are a perfect fit for the company and align well with the direction of nanopay,” said Laurence Cooke, founder and CEO of nanopay. “With the addition of Nicko to our team, our products will set a new standard for secure, frictionless payments.”

As nanopay’s CSO, Van Someren will ensure that nanopay’s products and services are secure in their design, implementation, and operation. He will also work with the company’s product and marketing teams to carry the message of nanopay’s security to customers, users, partners, investors, and regulators.

“I am excited to be joining nanopay and to help it transform the way that payments are processed,” said Van Someren. “Cryptographic security has always been at the core of what nanopay does, and as CSO, I shall be working to ensure that key principles of security and trust lie at the heart of everything we do going forward.”

nanopay raised a $10 million Series A in October 2016.

RentMoola launches pre-authorized payments solution

Vancouver-based RentMoola, which allows property owners to collect rent through an online platform, has announced the launch of a pre-authorized debit payments (PAD) tool for the property management industry.

RentMoola said it has partnered with BMO Financial Group to launch PAD, which digitizes pre-authorized debit enrolment for monthly rent payments. RentMoola’s goal through this solution is to reduce the need for forms and void cheques, and allow tenants to pay with any payment methods from anywhere. The company said tenants can also access RentMoola’s MoolaPerks rewards program.

“We are excited to bring RM PAD+ to the Canadian multi-family rental and apartment market. There has been no innovation in pre-authorized payments for decades until now,” said Patrick Postrehovsky, co-founder and CEO of RentMoola. “As a FinTech leader, RentMoola is delivering on its mission of providing a rewarding and paperless payments solution while helping realize significant time and expense reductions to owners and operators. RM PAD+ allows the tenant to also easily make one-time payments which until now has been another pain point.”

SecureKey exploring interoperability in its digital identity network

Toronto-based SecureKey, which develops authentication and identity solutions for online consumer service companies, announced it is joining the Decentralized Identity Foundation (DIF) to continue establishing standards for decentralized digital identity networks.

SecureKey said as a member of the DIF, it will explore the interoperability between Verified.Me — its blockchain-based digital identity network built upon Hyperledger Fabric — and Hyperledger Indy-based identity projects. According to its website, Hyperledger Indy “provides tools, libraries, and reusable components for creating and using independent digital identities rooted on blockchains… so that they are interoperable across administrative domains, applications, and any other ‘silo.’”

Specifically, SecureKey will explore integration points and projects between digital identity-focused platforms. Verified.Me allows users to consent to sharing their digital identity attributes and gain access to various online services.

“Today’s digital identity systems are broken, and we at SecureKey firmly believe that companies building digital identity solutions have a responsibility to work collaboratively in developing holistic products and standards that benefit all users,” said Greg Wolfond, founder and CEO at SecureKey. “This represents an important step in leveraging the best of the mature offering we have built with Verified.Me on Hyperledger Fabric 1.1+ and extending our expertise to both the Hyperledger Indy Project and the DIF to establish firm digital identity network standards for the next generation.”

SecureKey raised $27 million in funding in October 2016.

Photo via Unsplash.

Related: