Identity systems using blockchain are not a new concept, many have proposed the disruptive potential in comparison to existing technology. Incorporating a truly next-generation, decentralized and modular blockchain into the centralized identity sector can help solve many of the challenges that continue to plague these industries. In this article we will peek into the importance of identity, problems with traditional technologies, evolving centralization confrontations, and how Nexus mitigates these deficiencies.
Sovereign identity is a fundamental human right established by most developed countries around the world. The United Nations, Convention on the Rights of the Child, Article 8, defines the right for a child to preserve their identity. As an adult without a valid form of identity, one will find it difficult if not impossible to vote, own property, gain employment, receive benefits, open a banking account (illustration below) or many other engagements many of us take for granted.
‘Global identity for all by 2030’ is number 16.9 of the United Nations’ Sustainable Development Goals (SDGs). However, as we have seen from authoritative regimes in the past and present, governments will gladly infringe on this ‘fundamental human right’ to leverage as a pervasive control mechanism. With the unfolding of recent events, some are already considering collecting data through compulsory citizen and employeeinfection testing, contact tracing, vaccinations, and as a requirement for entry, or travel to particular places. Today’s technology has the capabilities of recording not only your identification, but an array of information pertaining to all of your actions. Thus, it appears regulatory bodies are using health implications as a catalyst for adoption of digital identity systems.
Centralized Credential Systems
In 2009, the Indian government began enrolling over one billion people in the largest biometric identification database ever made. They collected biometrics (iris scans and fingerprints) from the entire population, and issued a digital identity that could be used to receive welfare payments and social services. “While supposedly voluntary, critics said that the scheme had imposed itself increasingly onto citizens’ private lives”, reported Time.
This begs the question, where does the right for identity intersect with informed consent? End User License Agreements (EULA) are commonly accepted on websites and software without being fully understood. 23andMe, Ancestry and similar companies are collecting genealogy identity, taking ownership, and selling to the highest bidders with other conceivably detrimental loopholes. Additionally, one could overlook employment applications, insurance policies, loan contracts and other fine print due to necessity, lack of time or not understanding terminology. These serve as examples of how potentially harming agreements can be entered unknowingly (YouTube’s Dangerous Precedent). Moreover, how do we delineate informed from manufactured consent when submitting our identity? Well, that is typically based on individual trust and source credibility in order to form conscious decisions.
The current pandemic is perhaps the best recent example to dissect in relation to digital identity, informed consent, and the risks of cognitive dissonance. Regardless of one’s beliefs, the guidance from the World Health Organization (WHO) and respective medical leaders has been arbitrary and capricious to say the least. The subject is further convoluted with the controversial topics of propagation models, therapeutics, uncharted RNA based vaccinations, contact tracing and “the new normal”. Ironically, the individual at the heart of many of these movements is the owner of the software company responsible for proliferating digital viruses around the globe, Bill Gates.
In a recent “Ask Me Anything” thread on reddit, when Gates was asked “What changes are we going to have to make to how businesses operate to maintain our economy while providing social distancing?” Gates answered: “Eventually we will have some digital certificates to show who has recovered or been tested recently or when we have a vaccine who has received it.”
As expected, many governments are moving towards a centralized identity system using biometric verification. Similar to the high number of pharmaceutical companies chasing the new vaccination, there are just as many vying for the identity solution. Last month, Onfido announced that it had raised $50 million in a round of investments led by Microsoft. There is also the Quantum Dot Tattoo, infant necklace, and the more widely known RFID implant. The public-private ID2020 Alliance is also spearheading a global biometric digital identity standard with Microsoft, Accenture, IDEO, Gavi and The Rockefeller Foundation as founding members. While there are many benefits to achieving a global identity standard, major risks lie within the management of this massive stockpile of sensitive and valuable information.
Quantum Dot Tattoo
With the importance of identity clearly defined by the “powers that were”, one might consider safeguarding this data a top priority. Unfortunately, these entities embrace technology and governance foundationally based on centralization which is inherently non-scaleable and flawed with more cost than benefits. An extraordinary example is the United States Office of Personnel Management (OPM) attack, a database containing sensitive background information of government employees. The utter negligence, ignorance and lack of victim notification to the situation ultimately resulted in litigation.
As the evolution of centralized Identity Management (IdM) or Identity & Access Management (IAM) moves beyond on-premise settings into Cloud Service Provider (CSP) solutions, vulnerabilities increase exponentially. Credential repositories, considered the keys to the kingdom, historically isolated in strict localized compartments are now being trusted to 3rd party, globally accessible, multi-tenant virtualized environments. Not only are the risks of intrusions amplified, the probability of accidental exposure is significantly increased. Moreover, CSP’s are now offering Identity as a Service (IDaaS) capabilities while advertising appealing a la carte models that can actually be financially exorbitant long term. The below illustration exemplifies the complexities involved with these solutions.
From a personal perspective, reliance on cloud based email, social media and similar services requires an identity to interact. Single Sign-On (SSO) provides enhanced ease of use making these platforms more appealing to the masses. However, behind the scenes they utilize this identity to track every action across the internet based on the individual company EULA. Additionally, these 3rd parties are selling your identity, internet history and related data to the highest bidders, often inconspicuously with Google tracking capabilities and the Cambridge Analytica controversy.
In 2017 a Google report found that 3.3 billion credentials were exfiltrated during third party breaches while only 12 million of these could be attributed to phishing attacks. “Between January and September 2019 there were over 7.9 billion data records exposed — a 33% increase from the same time in 2018”, per an article from IdentityForce. An early 2020 report from Verizon states “Credential theft, social attacks (i.e., phishing and business email compromise) and errors cause the majority of breaches (67% or more)”. Needless to say, the centralized systems are broken.
The centralization challenges of blockchain solutions is a growing trend. These developing confrontations are antithetical to the fundamental trustless principle, circumventing the essence of this innovative technology. While the term cryptocurrency has earned a negative connotation from mainstream character assassinations, some rightfully so, it is meant to be the personification of decentralization; eliminating the middlemen. Centralization is power, ‘power corrupts, and absolute power corrupts absolutely.’
With identification systems now a reality on Nexus, the implications are revolutionary considering our commitment to delivering truly decentralized technology. This is crucial considering how centralization continues to be a burden to every facet of the blockchain industry. Blockstream’s influenceover Bitcoin is perhaps the best example of how centralization can destroy the integrity of the system. Ultimately, this resulted in the division of Bitcoin and Bitcoin Cash, due to a violation of the “Segwit2x” agreement. Blockstream agreed to increase the block size to 2MB in return for community support in activating Segregated Witness (a prerequisite to the Lightning Network). Not surprisingly, once Segwit was activated Blockstream dropped their side of the agreement, and refused to increase the block size to 2 MB.
Ethereum is another exceptional example. A Proof of Work (PoW) coin exclusively, however, they accomplished a pre-mine, Initial Coin Offering (ICO) and suffered major controversy by reversing transactions related to a Decentralized Autonomous Organization (DAO) attack. This situation also resulted in a divisive conclusion with a fork that led to the creation of Ethereum Classic without the blockchain reversal. Additionally, they have numerous influential financial backers with the Ethereum Alliance Board Members and several third party solutions seeking to capitalize on the scalability crux and potentially governance decisions. Despite all of the decentralization detractors and unreasonable costs, they have managed to enable one of the first blockchain deployments of citizen identity for Zug, Switzerland. Considering their previous actions, there is a high probability of tampering with the data-set to freeze, revoke or even sell your identity data based on health policy infraction, or other violation deemed necessary by the influencers.
Many blockchains like to capitalize on the concepts of decentralization, however ICOs, Security Token Offerings (STO), venture capitalist backing, corporate partnerships, authoritative consensus implementations and other key indicators leave the door open for consequential influences. Unlike the majority of blockchains on the market today, Nexus was mined into existence like Bitcoin with no ICO or premine, developed completely open source with a focus on community governance.
PoW blockchain solutions where individuals or groups of entities collude to control over 51% of the hashing power introduce transaction manipulation vulnerabilities betraying the essence of the technology. Proof of Stake (PoS) blockchains with holders of more than 33% present a similar challenge. Therefore, the numerous companies, consortiums and similar organizations within the ecosystem that deploy these isolated consensus models exclusively is a major cause for concern.
As all information on Nexus is validated by three channels (Prime, Hash and Holdings) of decentralized consensus, resident DApps can replace the requirement for trusted third parties. Leveraging both PoW and PoS embodies this original blockchain principle avoiding centralized and consolidated credential data risks by significantly minimizing the attack surface. Once the Tritium, Amine and Obsidian (TAO) Framework is fully implemented enabling the Three Dimensional Chain (3DC), enhanced scalability, security and decentralization will be achieved as reflected below.
The above illustration is a high level depiction of the 3DC designed by sound geometric principles, mathematics, game theory and associated philosophies.
Sovereign Identity is clearly larger than any single company, organization or government. The emancipatory potential for humanity is unprecedented, however the opportunities of abuse present a double edged sword. Nexus is explicitly building self-sovereignty into the social constructs and foundation to counter these negative impacts.
According to the World Wide Web Consortium (W3C), “A DID, or Decentralized Identifier, is a URI composed of three parts: the scheme “did:”, a method identifier, and a unique, method-specific identifier generated by the DID method. DIDs are resolvable to DID documents. A DID URL extends the syntax of a basic DID to incorporate other standard URI components (path, query, fragment) in order to locate a particular resource — for example, a public key inside a DID document, or a resource available external to the DID document. “
With Nexus, W3C standards are augmented as all accounts are pseudo-anonymous. Nobody can reference a corresponding name, date, or social security number to reveal personally identifying information. Individuals and organizations are in control of the data, meaning if one chooses to present a drivers or business license, this is possible. Each entity owns their data, and can control who they share what with, such as medical documents.
If we compare this to the physical identification systems available today, a common ID such as a driver’s license is privileged information and thus the owner retains control over who they reveal it to. With the advent and movement of digital identification systems currently coming to light, if left unchecked, this sovereign system can be side-stepped into a digital trap that will consume the last bits of integrity still left in the system. This is clearly not the most desirable conclusion possible. It underlines the importance of protecting this sovereignty with mathematical law: humans will attempt to corrupt one another, but they can never corrupt the fabrics of reality bonded and expressed through mathematics.
When managing accounts, information can only be attributed if one were to authorize the recipient using cryptographic proofs, guaranteeing at the very least that the account holder is indeed the one that authorized the data transmission. This removes the enormous potential for corruption inherent in centralized identification systems, and produces additional characteristics that scale with global demand far more effectively than their centralized counterparts.
Nexus uses Signature Chains (Sigchains), which architecturally are comparable to having a ‘personal blockchain’. This enables DApps to be created with a high degree of security and flexibility, also supplying username and password functionality strengthened by a Personal Identification Number (PIN). This technology combined with asset management, provides the foundation for decentralized identification systems. See the below illustration for further clarification.
Internet Protocol (IP) Identification
Nexus’ use of the Location Identifier Separation Protocol (LISP) provides enhanced identity capabilities on the network internet IP layer. The End Point Identifier (EID) decoupling from the IP address enables a device to freely roam between networks as only the locator changes (your IP address), not the identifier. This is a critical security feature, as an EID is bound to a Sigchain, creating a network level identifier that is cryptographically associated with the given identity. A large reduction in fraud, IP spoofing, and identity theft are the anticipated outcomes of LISP and Sigchain use in blockchain applications.
Identity Use Cases
A legitimately decentralized digital identity with superlative security and integrity opens the door for numerous opportunities. Providing authentication and Know Your Customer (KYC) to existing DApps and legacy infrastructure interfacing with blockchain solutions is perhaps the most prominent. Website account generation and authentication functionality is currently available and being developed for integration with new DApps. Basic file integrity (checksums) and encryption functions are possible although will require some logical development at this stage.
The Nexus seven layer software stack and simplified RESTful API enables third parties to integrate customer controlled credentials, identity data, assets and more; taking us another step closer to greater adoption of decentralized technology. This concept has the potential to provide broad self-sovereign identity services applicably. Developers can utilize our API to simplify the creation of DApps that control many types of digital records, some examples include:
- Personal, Professional and Governmental Identification
- Residential, Professional and Governmental Licenses
- Educational, Professional, Governmental Certificates
- Personal and Professional References and Endorsements
- Decentralized Finance (DeFi) and Internet of Things (IoT)
- Medical Records, Verification and Waivers
- Digital Signatures and Reputation scores
- Assets (Titles, Company Registrations, TNS Domains, etc.)
Situational microcosms related to the eventual ease of use are reflected below:
Nexus provides a technologically adept foundation for the next generation of identity, assets and related blockchain innovations. This effectively enables greater control of information for individuals and organizations that value safety, security and sovereignty; meeting and exceeding compliance requirements and obligations well into the future. Verification with Nexus, coupling multi-signature quantum-resistant cryptography and modular MFA (Multi-Factor Authentication) options including biometrics (fingerprints, retinal and facial recognition), is lifting the curtain for this emergent technology to take the global stage.