In my previous article about Identity Wallet I globally addressed how an Identity Wallet works and what kind of information you could put into it. It did not describe how it’s actually implemented.
By Jan Rochat Co-Founder & Innovation Lead AET Europe
One of the questions that has not been answered when implementing an Identity Wallet is where documents like your diploma’s can be stored.
Several solutions are at hand. In this article I explain the use of BlockChain technology to store information. And to close this article I will tell you which information is stored in the BlockChain and how your privacy is protected.
The essence of BlockChain
If we use the definition the website Investopedia uses we will find the following explanation on BlockChain:
“The goal of blockchain is to allow digital information to be recorded and distributed, but not edited. In this way, a blockchain is the foundation for immutable ledgers, or records of transactions that cannot be altered, deleted, or destroyed. This is why blockchains are also known as a distributed ledger technology (DLT).”
It is the immutable property of the BlockChain that concerns several readers of my previous article about Identity Wallet. One of the questions a reader asked: “What happens with my privacy when I store let’s say a diploma in the BlockChain? Once in my Identity Wallet, it’s there forever and for everybody accessible right? You cannot delete the information when it is not needed anymore. That is what immutable means right?
Given that the blockchain is immutable and that the information in it is there to be seen by everybody, you probably came to the conclusion that it is not the actual diploma that is stored in the BlockChain. But if the diploma is not stored, then where is it stored? And if the diploma is not stored in the BlockChain then what kind of information is stored? How exactly does it work together in correlation with the implementation of an Identity Wallet that respects your privacy? Let me try to answer these questions by using an example, which I shall name ‘the benefit program’.
The benefit program
To explain how it all fits together let’s look at the following use case:
Imagine that we are in the 1980’s and we all live in the same town. The shop-owners of our town want to encourage us to buy more in their stores so they come up with a benefit program for specific visitors of the shops.
For whatever reason not everybody is allowed to participate in the benefit program. The shop- owners come up with the following rules.
You are allowed to participate in the benefit program if:
1. you took classes at the local high school (and graduated);
2. or your family already lives in the town for three generations;
3. or your average income is lower than a certain amount.
The shop owners are concerned about your privacy and although they would like your additional business, they do not want unnecessary details about your past, income, or education.
Since we are still in the eighties with no blockchain technology, the shop-owners came up with the following solution. As all people in the town trust the mayor the mayor is asked to verify the claim if somebody is entitled to participate in the benefit program or not.
So, to be enrolled into the program this person takes the evidence that he/she meets the requirements mentioned above to the mayor. The mayor verifies the presented evidence, puts the outcome of the verification on an official piece of paper signs it and hands it back to the person (he also tells the person that the document is personal and that misuse will be punished).
Now the next time the enrolled person goes shopping he/she can use the written/signed statement as proof that he/she is entitled to participate in the benefit program. When the piece of paper is presented to the shop-owner only the outcome of the verification process (signed by the mayor) is disclosed. No details are presented about the information necessary to meet the requirements to join the program.
Back to the BlockChain
Luckily, we do not live in the eighties anymore and now the problem mentioned above can be solved much more efficiently and faster by using cryptographic features. In essence the chosen solution has not changed. Privacy is respected by sharing as little privacy information as possible, preferable none. If we would use an identity wallet (that uses the BlockChain) to implement the benefit program from our example the diploma of your high school would be stored on your mobile. It will only be presented once, to the mayor, to validate your claim that you are entitled to participate in the benefit program. The outcome of the verification process will be stored in the BlockChain and presented to shop-owners in such a way that it only reveals the necessary information.
What about not using a BlockChain
In the story above we used the technology of BlockChain to store evidence of our claim, i.e. that we are entitled to join the benefit program. As mentioned in the introduction there are different ways to store this kind of information. In the next article I will share the story of an existing project that we implemented in which tokens with a different technology were used instead of BlockChain.
Fonte: AET EUROPE
AET Europe – The Trust Company
AET Europe é líder global na área de soluções de segurança digital.
Fundada em 1998, é especializa na criação de soluções seguras em identificação, autenticação, assinatura digital, consentimento e gerenciamento de credenciais
Fornecemos soluções de segurança para identificação de usuários, autenticação e assinaturas digitais. Outras informações https://aeteurope.com
Leia outros excelentes artigos da AET Europe aqui!
Blockchain põe em risco sua identidade – um medo bem fundamentado? Por Jan Rochat, AET Europe
AET Europe lança a versão 7.0 do BlueX eID Management
A Carteira de Identidade Europeia na visão de Jan Rochat, cofuntador da AET Europe
INTERNATIONAL NEWS
Crypto ID publishes international articles about information security, digital transformation, cyber security, encryption and related topics.
Please check here!