Identity Verification Using Blockchain (区块链身份认证)

Charlie Zhang
March 4, 2018

Model based on Dave Birch's article: http://www.chyp.com/putting-identity-on-the-blockchain-part-2-create-an-identity-model/

ID Wallet

Identity issues for individuals

  • Too many login identities to remember and manage
  • Identities are fragmented and duplicated
  • Identities are not portable or easy to access
  • Identities are vulnerable to being stolen, faked, lost or altered
  • Existing methods reveal more privacy than needed
  • Valid identities are not interoperable

Identity issues for institutions

  • Manually and repeatedly user identity checking
  • Victim of identity fraud and phishing
  • Cost for user password security protection
  • Regulatory compliance for identity checking
  • Clients are known in different ways in different systems or business lines within the  same organisation
  • No portable ID based on naming conventions that organisations may share with one another

Possible Solution - Identity on Blockchain or DLT

User's verifiable attributes of the identity, such as name, age or address are hashed, then digitally signed by a trusted body. Hash with the signature then stored on the Blockchain or DLT and users store their verified ID information encrypted on their phone and carry it with them. During the verification process, user provides the relevant original information with the signed data (retrievable address on the Blockchain or DLT) to a 3rd party, and if the 3rd party can reproduce the hash from the provided information, match it with the one stored on the Blockchain and trust the signature, then the identity of the user can be treated as verified.

ID Attestation

Benefits of using this approach:

  • Protected self control identities stored in user's mobile phone
  • Fast identity access for user and identity verification for institution
  • Clear on which information is requested and consented to share
  • Blockchain or DLT guarantee immutable, tamperproof and timestamped
  • Zero Knowledge Proof enables sharing of ID verfications without exposing unnecessary info

个体面对的身份问题

  • 要记住和管理太多的登录身份
  • 身份碎片化和太多重复信息
  • 身份数据不便携或易于访问
  • 身份很容易被盗,伪造,丢失或改变
  • 身份验证揭示不必要的隐私
  • 有效验证过身份很难重复使用

机构面对的身份问题

  • 手动和重复的用户身份检查
  • 身份欺诈和网络钓鱼的受害者
  • 用户密码安全保护的成本
  • 身份检查的监管合规性
  • 在同一组织内的不同系统或业务线中,客户以不同的方式知晓
  • 没有基于组织可以相互分享的命名约定的便携式身份

可能的解决方案 - 身份验证信息存放在区块链或DLT上

用户可验证的身份属性(如姓名,年龄或地址)经过哈希处理,然后由受信任的机构进行数字签名。将签名及哈希数据存储在区块链或DLT中,用户将其验证的身份信息存储在手机中加密并随身携带。在验证过程中,用户向第三方提供相关的原始信息和签名数据(例如区块链或DLT上的可检索地址),如果第三方可以从提供的身份信息经哈希处理后,能将其与存储在区块链上的信息匹配并信任签名机构,那么用户的身份可以视为已验证。

使用这种方法的好处:

  • 可自我控制的身份存储在用户受保护的手机中
  • 可以为用户和机构提供快速身份验证
  • 用户清楚知道哪些信息用于验证并同意共享
  • 区块链或DLT可保证验证数据的不可变性,防篡改及时间戳
  • 零知识证明能够共享身份验证而不会暴露不必要的信息