ValidIDy Data Capsules — KNOW Identity 2019 Demo Stage
There’s no shortage of truth
At the dawn of e-commerce, the Internet industry became obsessed with identity, as if that’s the only means we have to establish the veracity of what’s happening online. The trope of the anonymous Internet Dog – which KNOW Identity MC Dave Birch has long associated with “lazy consultants” – is in desperate need of an overhaul. Most businesses have developed a terrible habit of over-identifying.
The typical response to every new identification or authentication mishap is to pile on more identity data, creating a spiral of ever larger honeypots and ID theft.
ValidIDy is a data protection solution born out of a careful re-think of Digital Identity and attributes management. The ValidIDy approach begins by recognizing that the real world abounds with sources of truth. We have institutions, businesses, brokers and processes providing a great many personal and professional credentials which have come to be widely relied upon.
However facts and figures about people lose fidelity when converted casually into digital form. The solution is to digitize real world truths with greater care, and thus preserve their provenance.
Analog to Digital Provenance
The ValidIDy technique leverages sources of truth, public key cryptography and the universality of mobile devices to fix the provenance of personal data. We bring these three elements together in a Public Key Certificate (depicted as a capsule) forming an inviolable logical triangle, as follows:
- An Attribute Authority (AA) attests to some particular about an individual, e.g. the qualifications of a medical practitioner
- the individual is in control of a mobile device with a standard cryptographic processor, and
- the mobile device holds the private key corresponding to the certificate’s public key.
If a Relying Party receives a digitally signed transaction and verifies the signature against the certificate (capsule) then they can be sure the attribute is true of the sender, the sender was in control of a device approved by the AA, and the sender was directly involved in creating the transaction. Under such circumstances, the name of the individual might be of no concern and can be dropped from the transaction without any loss of reliability.