Decentralized Protocol for Self-Sovereign Identities with Embedded Compliance A self-sovereign identity portal for regulated industries and the Internet of Everything guy.davies@blockpass.org www.blockpass.org @blockpassorg 1
Blockchain-Based Self-Sovereign Identity Giving you control over your digital identity hans.lombardo@blockpass.org www.blockpass.org @blockpassorg 2
The Internet of Everything is a perilous universe... The rise of devices / botnet attacks (e.g. Mirai) The coming of AI Many large personal data hacks 3 Equifax in 2017 (150 million users), Uber in 2016 (57 million), Ebay in 2014 (145 million) Yahoo in 2013 (3 billion)
How d we get here? Humans, companies, objects, and devices are all entities in the IoE, yet the human has ultimate ownership. 4
How d we get here? Identity of humans, companies, objects, and devices is key because the underlying principle is that: humans and machines that know each other, work together 5
Establishing Self-Sovereign Identity (SSI) 6 Moving from Web 2.0 to Web 3.0 from a centralized web to a decentralized web The need to progress from non-user controlled identity to self-sovereign identity (user-centric, user controlled identity)
Four phases of SSI Phase 1 Centralized identity : 1. 2. 3. 7 Most online identities are currently centralized Results in identity data being siloed and fragmented across disparate online services, websites, and applications. Users do not own their digital identities and have little control over them or how their personal data is shared.
Four phases of SSI Phase 2 Federated identity: 1. 2. 3. 4. 8 Allows a person to use the same credentials to log in to multiple services (e.g. Google and Facebook). Does not resolve the underlying issue that a person s digital identity is still controlled by, and can be revoked by, the service provider that created that person s account This can result in user losing access to other services that rely on the federated identity maintained by that service provider. This becomes more problematic for users as more and more services rely fully on federated identity services.
Four phases of SSI Phase 3 User-centric identity : 1. 2. 9 Fully portable, user-controlled, secure digital identity has been in development for some time in various projects, such as OpenID (2005), OpenID 2.0 (2006), OpenID Connect (2014), OAuth (2010), and FIDO (2013). Falls short of independence and freedom - users are not under the control of a service, application, or website provider, but their digital identities are still maintained and controlled by providers of the digital identity services.
Four phases of SSI Phase 4 Self-sovereign identity : moving from non-user controlled and centralized model to a fully user-controlled and decentralized model of digital identity. SSI fulfill s three basic requirements: 1. 2. 3. 10 Control: users must have control over their identities, including control over who has access to what aspects of their identities. Security and Integrity: users digital identities must be protected from unauthorized access, use, disclosure, or modification, and they must be able to trust that the integrity of their data is maintained throughout its lifecycle. Portability and Sovereignty: users must be able to use their digital identities to identify themselves without seeking permission from, or being tied to, a service provider and must be able to transfer their digital identities freely.. Additionally, their digital identities become fully sovereign ; in other words, their digital identities cannot be taken away from them.
Decentralization and Web 3.0 Role of SSI 1. 2. 3. 4. 11 The pathway to truly decentralized Web - or Web 3.0 - is through self-sovereign identity Today internet-based industry is centralized; goods and services obtained through third parties (e.g., Amazon, Uber, Airbnb) Through a more decentralized identity system, users can access more decentralized applications (DApps - most of which will be blockchain-based) To achieve this vision, public blockchains and their ecosystems require compliance tools to be compatible with mainstream regulated industries.
Blockchain-based Registry or Whitelist Smart contract role 1. 2. 3. 4. 12 Blockpass is positioned as a pathway to Web 3.0 vision. Users join identity management app Blockpass, upload personal data, and control who it is distributed to No identity data kept by platform Ultimate goal - anonymous hash based Zero-knowledge proof whitelist model
USE CASE: What large-scale problem are we solving? Problems - Compliance A Blockchain will change the world but the process is early and uncertain. Needs Identity Protocol to allow for compliant interactions on public/ permissionless blockchain protocols. Compliance creates costs for blockchain businesses. Identity verification take several days to complete, therefore causing significant barriers to entry and slowing down user onboarding. www.blockpass.org info@blockpass.org @blockpassorg 13
What problems regarding public blockchains we are solving? Problems - Compliance B Bitcoin and other blockchain-based digital currencies can allow for easy money laundering (ML) and terrorist funding (FT) because there is no identity protocol embedded in public blockchains. Virtual currency transactions, given their anonymous nature, are particularly vulnerable to ML/TF risks. -MAS Singapore, 13 March 2014 The cost of compliance for blockchain businesses is extremely high. They can represent ⅕ of their total operating costs. At Coinbase, about 20% of our staff works on compliance in some form. -Coinbase www.blockpass.org info@blockpass.org @blockpassorg 14
Problems - ICOs What problems regarding ICOs are we solving? Initial Coin Offerings (ICOs) raise significant funds, but do so without any Know Your Customer (KYC) verification efforts. ICOs prohibit US investors but are anonymous so have no way of verifying if US persons are involved. Examples: Tezos and EOS, have raised over USD200 million completely anonymously. SEC stated that The DAO fundraising violated securities laws last year. In Singapore: ICOs are vulnerable to money laundering and terrorist financing (ML/TF) risks due to the anonymous nature of the transactions, and the ease with which large sums of monies may be raised in a short period of time. www.blockpass.org info@blockpass.org @blockpassorg 15
Compliance Realities... No one likes compliance or KYC. It takes time It interferes with on-boarding customers It interferes with switching between merchants It increases costs www.blockpass.org info@blockpass.org @blockpassorg 16
No solutions to these problems presently exist, therefore... Blockpass will offer a way to: Help blockchain businesses reduce their compliance costs. Protect the identity and personal data of the user of the system. Systematically address blockchain's need for regtech and identify verification. Provide privacy in the form of an identity verification system that is compliant with next generation data protection regulations. www.blockpass.org info@blockpass.org @blockpassorg 17
Blockpass IDN Immediate Product Features Developers will be able to design standard tokens that plug into Blockpass Protocol meaning that the transaction can be performed and achieve full compliance in minutes. Using the protocol, blockchain startups will be able to launch a fully compliant token into the market that permits the onboarding of existing KYC members from Blockpass. Digital Currency exchanges and other digital currency merchants will be able to sign up to the Blockpass IDN with a single sign-on for Blockpass users. This means that exchanges and other blockchain merchants will reduce their on-boarding cost substantially. www.blockpass.org info@blockpass.org @blockpassorg 18
Immediate Outcomes Blockpass IDN is going to: Reduce the cost of compliance significantly for blockchain merchants Make compliance attractive for users through incentive mining schemes Make public blockchain use safe and compliant Protect the personal data of users Create a platform for the development of compliant, decentralised applications Build a seamless protocol for interoperability between on-chain identities Create a seamless and secure environment for human to device interactions Welcome to the new era of public blockchain development! www.blockpass.org info@blockpass.org @blockpassorg 19
Current progress Based in Hong Kong We are funded Blockpass app in development for 6 months End of March release date Blockchain agnostic We are initially targeting 20 Exchanges ICOs Blockchain startups Fintech Regtech Insuretech Traditional industries Government
Future Development Path Once the IDNs are able to promote on-chain compliance for humans, then the same can be extended to object or machine to human to machine interaction, thus achieving the greater purpose of the Blockpass Protocol: seamless, secure and compliant interaction between humans, corporations, and machines. www.blockpass.org info@blockpass.org @blockpassorg 21
Problems - The IoE What problems regarding the IoE are we solving? The Internet of Everything (IoE) suffers from potential systemic failures as it scales with disastrous consequences. Without a standard for trusted IoE interaction, fundamental security risks will become exponentially worse as 50-200 billion cheap connected devices come online by 2020. The establishment of Blockpass as a secure conduit between humans, companies and devices, will not only allow for greater security and interoperability, but will enable the development of many highly efficient next generation applications. With machine-to-machine communication, how does one validate identities and secure data at such massive scale. In the first wave, identities related to people, in the second wave it now includes sensors and devices. -Manufacturing Tomorrow, 2016 www.blockpass.org info@blockpass.org @blockpassorg 22
Blockchain and Smart Contracts Decentralized Autonomous Utilities Shipping & Logistics 23
Blockchain and Smart Contracts Decentralized Autonomous Utilities Solar energy 24
Leveraging ZKP Tech Zero Knowledge Proof for more perfect systems 1. 2. 3. 4. 5. 25 Building ZKP Tech with Edinburgh Napier University Setting Up a Blockchain Identity Lab Work towards Blockchain and Knowledge-less data verification True trustless interaction Complete self-sovereign identity
Thank you Identity for a Connected World A self-sovereign identity portal for regulated industries and the Internet of Everything hans.lombardo@blockpass.org www.blockpass.org @blockpassorg 26