Digital security company Gemalto is piloting a Self Sovereign ID solution called the Trust ID Network. The purpose is to enable users to prove their identity to various organizations but still keep control over their data.
Today identity verification is inconvenient and risky. Identity documents are vulnerable in transit either by email or by post. And centralized databases are exposed to hacking risks such as the Equifax case.
When users enroll with services from digital banking to government applications, they’re often asked to prove their identity. Trust ID is designed for these situations.
Gemalto envisages the solution being used by banks for Know Your Customer (KYC) and anti-money laundering (AML), by public services, mobile operators, and airlines.
“Trust ID Network solves the profound weaknesses of traditional, ‘siloed’ identity frameworks: the clumsy user experience, rising costs and difficulties in complying with stricter regulations. It’s the perfect illustration of Gemalto’s ability to combine proven Digital Identity solutions and new technologies such as the blockchain,” said Bertrand Knopf, EVP Banking & Payment for Gemalto.
“Financial institutions are best-placed to lead this self-sovereign identity revolution, but it will prove similarly attractive to a wide array of other service providers.”
How it works
The application uses an ID Wallet on a mobile phone. Users add their data, get it certified and consent to share it.
Some organizations make “attestations” or certify that some part of your claim is genuine. These are encrypted and stored on the blockchain but are not associated with your name. Instead, they’re associated with your id. And it requires the user’s authorization for any organization to access the attestations.
The solution uses Zero Knowledge Proofs (ZKP), which enables a question to be answered without sharing specific data. For example, an organization could ask: is the person over 18? With ZKPs the authorized requester will merely get a yes/no response without knowing the individual’s age. The same sort of solution works for asking if someone is an EU citizen, without disclosing which country. Or if their income falls in a particular range without revealing the income.
The blockchain uses R3’s Corda technology. R3 and its clients have been involved in several identity-related projects. Back in June R3 ran a KYC pilot with 39 organizations which were mostly banks. Last week Tieto announced a Corda solution that integrates with the Hyperledger Indy self-sovereign identity protocol.
Gemalto specializes in security ranging from software to biometrics and encryption. The company’s revenue exceeds $3 billion, and it has 15,000+ employees. Their customers are in banking, government, automotive, and other enterprises.
Last December French aerospace and defense company Thales agreed to acquire Gemalto for $4.8 billion. However, the European Commission is reviewing the deal on competition grounds.