Serg Nvns - Fotolia
Internet identity is mostly centralised or federated and not controlled by the user, which is risky, says Hans Lombardo, CMO of blockchain-based identity verification firm Blockpass IDN.
“Using your Facebook or Google login to sign up for services is an example of federated identity, but his is really risky, because ultimately Facebook, Google and other companies like them control users’ identity data,” he said.
“And not only do they control your identity data, if these companies fall over, you lose access to all those services,” he told Computer Weekly.
In attempt to provide an alternative based on the principle of self-sovereign identity, which is about giving control over identity and identity data back to the user, Blockpass developed an identity app using blockchain technologies to provide know your customer (KYC) services to the financial services and online retail industries.
“In the KYC process, it removes key pain points for users by enabling them to scan their passport, take a selfie and provide proof of address by scanning a utility bill, which are typical requirements by financial services firms and other online services providers,” said Lombardo.
“The crypto exchanges and other financial services want to share infrastructure to avoid the huge costs of having their own, but more traditional financial institutions like banks may have to move to shared infrastructure to remain competitive,” he said.
In the model used by Blockpass, data remains on the user’s smartphone within the secure app, enabling them to sign up to any service that uses the app once they are pre-verified. “This means they can access any bank, merchant or exchange that joins the app with a single click without having to go through the KYC every time,” said Lombardo.
This approach, he said, not only simplifies the process for users, but it also reduces cost for the organisations joining the app because the infrastructure is shared.
An important thing to note, said Lombardo, is that neither Blockpass nor any of the service providers that are linked to the platform retain any user data once the initial verification process is completed.
“The user keeps the data and is able to send the data only to the service providers they choose to do business with,” said Lombardo.
With the EU’s General Data Protection Regulation (GDPR) requiring strict standards of security around personal data, Lombardo said keeping data on users is going to be risky and costly for organisations.
The self-sovereign identity approach reduces that risk by ensuring all data is stored on user devices and not on third party systems.
Blockpass plans to add technologies to the app to enable a wider range of application such as the ability to verify different kinds of identification documents and to integrate video verification for organisations requiring proof that the owners of certain identities are still alive.
Extending identity services
The company is also planning to extend its identity services to businesses wanting to sign up for financial services as well as objects and devices so that users can transfer ownership of these things using the platform.
“Object identity is important, particularly in industries where there is a lot of regulation or there is the need to track the provenance of goods such as pharmaceuticals, dangerous goods and high-value goods,” said Lombardo.
Self-sovereign identity, for people, objects and devices, he believes is essential of the next evolution of the web where identity data is distributed and decentralised.
“This ideal of web 3.0 is not attainable without user-centric, user-controlled identity because web 3.0 is about having a distributed internet, but right now, the internet is still fairly centralised, with a few very large companies controlling all the data.”
As part of its efforts to enable distributed, decentralised, user-controlled identity, Blockpass has partnered with Edinburgh Napier University to set up an identity lab.
“We ultimately want it to be open source and we want there to be more identity networks that are compatible with ours and to create a standard of identity and protection for all users,” said Lombardo.