Identity Archives – Hyperledger

Apr 29

Hyperledger-Powered Digital Identity Solutions at Work

By Hyperledger Blog, Hyperledger Fabric, Hyperledger Indy, Identity

As the world continues to grapple with COVID-19, there is an upswing in interest in digital identity technologies and their potential to underpin new health passes, travel credentials and other pathways to restarting economies that are effective, secure, accessible and privacy preserving.

For more on these efforts, read up on the work of the Good Health Pass Collaborative.

Stephan Curran’s post on Why Distributed Ledger Technology (DLT) for Identity? also offers a good explanation of sudden and urgent issues driving interest in identity and the role of Hyperledger technologies in delivering solutions.

Advances on these fronts are fostering important new developments. However, digital identity solutions are reshaping other industries as well. Read on for a sampling of Hyperledger-powered solutions that are in production now, bringing innovation to the telecom, supply chain, education and training and financial services markets:

Alastria ID over Red H+

Alastria ID, a project of Alastria, the Spanish association that promotes the development of solutions based on decentralized ledger technologies, is focused on decentralized identity management. It is a self-managed identity model based on the World Wide Web Consortium (W3C) Verifiable Credentials standard designed to facilitate compliance with the General Data Protection Regulation (GDPR) for individuals, companies, organizations and entities. The use of credentials issued on different networks will enable interoperability across multiple applications.

Telefonica and Inetum have partnered to implement Alastria ID in a Hyperledger Fabric production environment in Alastria. Named “red H+” (H+ network), this implementation gives more than 500 members of Alastria access to a production grade infrastructure based on Hyperledger Fabric technology. Red H+ offers a free of charge Hyperledger Fabric environment for Alastria members, designed for the deployment of proofs of concept or production projects without demanding requirements, and a production-ready paying platform for those members interested in having certain levels of service and personalised and guaranteed response times, as well as value added services such as Alastria ID.

(Note: You can learn more about Alastria’s mission to promote the digital economy and how the Hyperledger community is involved in this May 5 webinar.)

MemberPass®

MemberPass is a digital credential solution that enables financial institutions to instantly verify financial credentials seamlessly across all consumer contact points in a highly secure and privacy-preserving manner. It is the flagship product of Bonifii, the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed security technologies. Because MemberPass is built on Hyperledger Indy, credit union members can retain full control of their private personal information. The credential is secure and flexible. It allows the member to reveal only the data necessary for a given transaction. (See more on MemberPass adoption here.)

SnapCert

SnapCert is a blockchain-based Credential Authentication platform for universities, colleges and institutes. Offered as a SaaS platform by Snapper Future Tech, SnapCert equips education customers to issue and verify credentials on a blockchain, ensuring no fraudulent credentials can be issued in their name.

Customers include Kushal, a social organization that trains unskilled labour under Indian government National Skill Development program. With SnapCert, verifiers can get real-time verification of Kushal credentials directly from the primary source of the data simply using the last four digits of the credential holder’s Aadhaar id and the name. The solution solves the problem of misplaced paper credentials and reduces the trust deficit by providing easy access to credible credentials that prove the holder’s construction training. It also helps Kushal manage long term record keeping for the skilled workers, connect stakeholders that need the data and increase transparency and ease of doing business.

SnapCert is built using Oracle Blockchain, which is powered by Hyperledger Fabric.

Trust Your Supplier

Built on Hyperledger Fabric blockchain technology, Trust Your Supplier provides organizations a trusted exchange of information across an encrypted blockchain environment to minimize risk and fraud throughout the onboarding and life cycle of partnerships.

A single, digital identity for suppliers can be shared with multiple buyers and business networks. This two-tiered supplier profile approach allows suppliers to be discovered by new customers without handing over unlimited access to their data. The Trust Your Supplier cross-industry blockchain network provides clear provenance and a single, shared, tamper-evident ledger. This is ideal for supporting auditing capabilities as it provides an immutable relationship history between parties.

Verified.Me

In our current digital landscape, securely accessing online services has never been more important. With Hyperledger Fabric, SecureKey Technologies established Verified.Me, Canada’s leading digital identity network which helps verify consumers’ digital identity so they can access the services and products they want. With Hyperledger’s support, SecureKey has put user consent at the forefront and in control of when, why and with whom their personal information is being shared. This collaboration is critical to progressing the digital identity landscape in Canada and globally.

Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerIdentity this month on social channels. Also, Hyperledger has an Identity Working Group that is open to all.

Cover image by vectambulist from Pixabay.

Apr 29

Love1

MemberPass® is Gaining Adoption in Credit Unions

By Julie Esser, Bonifii Blog, Finance, Hyperledger Indy, Identity

Financial fraud isn’t anything new, and the extent of the crime can vary significantly. Forty-seven percent (47%) of US consumers experienced financial identity theft fraud in the past two years—in fact, every 15 seconds a financial fraud incident occurs. COVID-19 has only accelerated the growth of financial fraud. Losses due to identity theft increased by 42% from 2019 to 2020 primarily due to the COVID-19 pandemic, according to a recent study published by the Aite Group.

Today, there are multiple authentication steps in place in financial institutions thanks to the steady increase in cybercrimes. These high-tech frauds take assets from financial institutions and deliver a bit of reputation risk to their public image. Research demonstrates that consumers expect their financial institution to take active steps to mitigate financial risks. Consumers want protection, but they also want a fast and efficient user experience. Too often, each delivery channel is a silo with its own authentication method:

For example,

The call center uses knowledge-based questions
The lobby and drive-up require a driver’s license or other physical forms of identification
Online banking access calls for a username and password plus, often a two-factor authentication.

And consumers want more control over their personal data. In late September 2020, we commissioned a nationally representative survey to over 1,000 adults about their perceptions of MemberPass, Bonifii’s digital credential solution that enables financial institutions to instantly verify financial credentials seamlessly across all consumer contact points in a highly secure and privacy-preserving manner.

There were lots of noteworthy findings:

62% of credit union members said they would sign up for MemberPass if it were available.
56% of respondents who are satisfied with their financial institution would use MemberPass.
67% of consumers would feel more positive toward their financial institution if MemberPass was offered.
50% of consumers would sign up for MemberPass today if a security breach had impacted their account or if they had been identity theft victims.

There is a better way for financial institutions and consumers!

Since its launch in early 2020, MemberPass has been gaining momentum among credit unions and with the members they serve. MemberPass is the financial industry’s first digital credential solution that enables credit unions to instantly verify financial credentials seamlessly across all consumer member contact points. Because MemberPass is built on Hyperledger Indy, credit union members can retain full control of their private personal information. The credential is secure and flexible. It allows the member to reveal only the data necessary for a given transaction. Best of all, it’s impossible to hack or steal.

So far this year, we have seven active MemberPass implementations with another ten more credit unions planning their deployments in the next six months. Our active programs have gotten MemberPass credentials into the hands of about 20,000 members to date.

After we make a program sale, we continue to work closely with our credit union clients. We present each of them with a personalized copy of the MemberPass “Jump Start” playbook. This is a comprehensive toolkit to help the credit union increase the level of member adoption of MemberPass.

The playbook contains product benefits, consumer need identification tools, call center and drive-through workflow models, marketing strategies, incentive programs, and more. Our adoption goal is to get between 5-10% member adoption within six months of the “go live” date.

The demand for decentralized identity among financial institutions is only getting stronger—and, best of all, no one but the consumer owns his or her personal data!

Cover image: Hloom via Flickr / CC BY-SA, 401(K) 2013

Apr 21

Love0

Why Distributed Ledger Technology (DLT) for Identity?

By Stephen Curran, Hyperledger Aries Maintainer, Cloud Compass Computing Inc. Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa, Identity

As we continue our pandemic journey that is 2021, more and more people are getting vaccinated against COVID-19. Once vaccinated, people are (finally!) able to do more “in the real world.” However, in some cases such as international travel, there is a need to prove that you have been vaccinated before you can participate. In the past, that proof has been accomplished in the form of the paper World Health Organization Carte Jaune/Yellow Card. But in our 21st century pandemic, a handwritten paper document is not particularly trusted. It’s just too easy to buy or make your own. The sudden, urgent need to be able to prove health information in a safe, privacy-preserving and secure way has brought the spotlight on the concept of verifiable credentials and, for Hyperledger, on the three identity-focused projects in the community, Indy (a distributed ledger for identity), Aries (data exchange protocols and implementations of agents for people, organizations and things), and Ursa (a cryptographic library underlying Indy and Aries).

While people understand that paper credentials are insufficient and that a trusted digital solution is needed, they don’t understand why verifiable credentials, or more generally, identity, works extremely well with distributed ledger technology (DLT)—a distributed database spread across multiple nodes, of which blockchain is an example. To be clear from the start, it is not to put the credentials on a public ledger so everyone can see them! We’ll reiterate that a lot in this post. No private data ever goes on the blockchain!!!

To understand why DLT is useful for identity, we need to go back to the basics—paper credentials, how that model has worked for 1000s of years, and how the use of DLTs with verifiable credentials allows us to transition the great parts—security and privacy—of that model to the digital age.

Since as far back as 450BC, people have used paper credentials to enable trusted identity. Legend has it that King Artixerxes of the Persian Empire signed and gave Nehemiah a paper “safe transit” authorization that he used in travels across the empire. People have been using such documents ever since. In technical terms, a credential is an attestation of qualification, competence, or authority issued to an entity (e.g., an individual or organization) by a third party with a relevant or de facto authority or assumed competence to do so. Examples of credentials issued to people include a driver’s license, a passport, an academic degree, proof-of-vaccination and so on. Credentials are also issued to companies, such as business registrations, building permits, and even health inspection certifications.

Examples of Paper Credentials
*By Peter Stokyo,* *peter.stoyko@elanica.com, Licensed under* *CC By 4.0*

The Paper Credential Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Verification in the paper credential model (ideally) proves:

Who issued the credential.
That the credential was issued to the entity presenting it.
That the claims have not been altered.

The caveat “ideally” is included because of the real possibility of forgery in the use of paper credentials. Back to our “proof-of-vaccination” problem.

Let’s see how the good parts of the paper credential model are retained in the verifiable credentials model. With verifiable credentials:

An authority decides you are eligible to receive a credential and issues you one.
You hold your credential in your (digital) wallet—it does not go on the distributed ledger!
At some point, a verifier asks you to prove the claims from one or more credentials.
If you decide to share your data with the verifier, you provide a verifiable presentation to the verifier, proving the same three things as with the paper credentials.
Plus: You may be able to prove one more thing—that the issued credentials have not been revoked.

As we’ll see, verifiable credentials and presentations are not simple documents that anyone can create. They are cryptographically constructed so that a presentation of the claims within a credential proves four attributes:

Who issued the credential–their identifier is part of the credential and they signed the credential.

Who holds the credential–there is a cryptographic binding to the prover.
The claims have not been altered–they were signed at the time of issuance.
The credential has not been revoked.

Unlike a paper credential, those four attributes are evaluated not based on the judgment and expertise of the person looking at the credential, but rather by machine using cryptographic algorithms that are extremely difficult to forge. Like the paper credential, the verifier does not go back to the issuer to ask about the credential being presented. Only the prover and verifier, the participants in the interaction, need to know about the presentation. So where do the prover and verifier get the information they need for their transaction? We’re just getting to that…

The Verifiable Credentials Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Compared to the paper credentials model, verifiable credentials are far more secure. When the cryptographic verification succeeds, the verifier can be certain of the validity of the data—those four attributes stemming from verifying the presentation. They are left only with the same question that paper credentials have—do I trust the issuer enough

So where does the DLT fit in?

Three of the four things that the verifier has to prove (listed above) involves published data from the issuer that has to be available in some trusted, public distributed place, a place that is not controlled by a central authority (hmm…sounds like a DLT!). In Indy and Aries, data published to a DLT is used to verify the credential without having to check with the issuer. In particular:

The verifier has to know who issued the credential based on an identifier and cryptographic signature. From the presentation, it gets an identifier for the issuer, looks it up on a DLT to get a public key associated with the issuer to verify the signature in the presentation. Thus, the identity of the issuer is known.
The verifier has to verify that the claims data has not been altered by verifying a cryptographic signature across the data. Based on an identifier for the type of credential, the verifier gets from a DLT a set of public keys and verifies the signatures. Thus, the verifier knows no one has tampered with the claims data.
The issuer periodically updates a revocation registry on a DLT indicating the credentials that have been revoked. If the holder’s credential is revoked, they are unable to create a proof of non-revocation (yes, that’s a double negative…). If the holder can generate that proof, the verifier can check it. Thus, the verifier knows the credential has not been revoked.

The fourth attribute (the binding of the credential to the holder) in Indy is done using some privacy-preserving cryptographic magic (called a Zero Knowledge Proof) that prevents having a unique identifier for the holder or credential being given to the verifier. Thus, no PII is needed for sharing trusted data.

So why DLT? First, we can get the good parts of paper credentials—private transactions between holders and verifiers and no callback to the issuer. Second, the issuer gets a trusted, open and transparent way to publish the cryptographic material needed for those private holder-verifier transactions. Third, there is no need to have a “Trusted Third Party” participating in the interactions.

And did I mention, no private data goes on the DLT!!!

Hyperledger Indy, Aries and Ursa are enabling this approach to “self-sovereign identity” in a big way, bringing about a new layer of trust on the Internet that will let us preserve our privacy and give us control over our identity and data—where it belongs. There is a lot to learn. If you’re curious, a great place to start is this Linux Foundation edX course.

Cover image by Nick Youngson CC BY-SA 3.0 Alpha Stock Images