Signicat wins “2017 Innovation Award” at Smart Security Week!

2017 Innovation Award

We are very proud to get this recognition. The announcement took place in Marseille yesterday evening during the World eID and cybersecurity and Identity World conference 2017. The award was handed over by Detlef Houdeau from Infineon (left in the picture) to John Erik Setsaas, Identity Architect from Signicat (right in the picture).

Link to the webpage with the announcement here

State of the art electronic signatures

As a part of our Digital Identity Service Provider platform (DISP) we find more and more customers realizing the benefits and using electronic signatures to replace paper processes. We have offered electronic signature services for almost 10 years and support signing with eIDs in a vast number of countries. To succeed with electronic signing we think there is three key elements that needs to be in place:

1) A great user experience on any device

People are used to great mobile user experience from their daily interactions with applications and they expect nothing less from your electronic signing processes. You should make it easy to sign documents electronically from your smartphone in a user friendly way and give users the ability to quickly sign documents wherever they are. At Signicat this is a top priority and we continuously try to make our products work better on all devices.

2) Becoming paperless – and staying compliant
The goal with signing documents electronically is to decrease the amount of manual paper process, both for the end user and for your company. The evidence of the signed document is important and you need to be sure that you can prove that the contract was signed in a legally binding way and ensure that the electronic signature is correctly embedded into the document. With over 10 years of evolution, Signicat’s signature solutions gathers and integrates all the needed legally binding data into the document, making it the preferred choice of financial institutions, insurance companies and government institutions.

3)  Integrate once and scale up your digital processes
Whether you are targeting one or multiple countries, you should focus creating digital processes replacing paper processes instead and spend less time integrating and understanding electronic signature technology. By integrating with Signicat, you will get a single point of integration to multiple signing methods, with a vast amount of features ensuring that you are covering your needs for today, and tomorrow. A trend for businesses integrating with Signicat for electronic signing is that they start in one market and gradually expand to multiple markets – seeing the ability to scale their digital business cross border.

Read the latest press release related to this topic; Nordic FinTech giants SDC and Signicat drive dramatic rise in digital-only mortgage applications

Signicat is 10 years this year

Signicat was started in 2007, which means we are 10 years old this year.

During the 10 years Signicat has existed, there has been a rapid development in the use of electronic identity. A combination of forces have driven this development. On the one hand, the desire for digitization of services that previously required physical attendance and manual steps. On the other hand, stricter requirements for security and privacy. As the leading provider of identity services to regulated industries in the Nordics, Signicat has played an important part in this development.

When we started in 2007, the eID market in the Nordic region was just about to take off. All four Nordic countries had their solutions for electronic identity, and after a long introductory phase, the markets were reaching a critical mass both with regard to issued IDs and service providers where the eIDs could be used. In Norway, BankID was the leading solution for electronic identity and the first banks began issuing eID to their customers already in 2003. But it was only when service providers with support for eID began to appear that the usage of eID started to grow rapidly.

Signicat was an early facilitator of the use of eID for banking and financial services. Fully digitized consumer loan processing with eID and eSignature was developed for the online store Komplett.no already in 2005, while Signicat was still a department in the consulting company we were spun out of. Since then, we have helped many other banks and finance institutions with replacing tedious manual procedures with electronic identity and electronic signature.

After more than 10 years of rollout of electronic identity in the Nordic region, there is little evidence that the growth is slowing. New and easy-to-use solutions like BankID on mobile continue to drive growth. In Sweden alone there were more than 2.5 billion logins with BankID in 2016. The potential for digitization is far from exhausted.

But what about Europe outside the Nordic region?

Signicat has had presence in the Netherlands since the autumn of 2015, and since December 2016 also in London. Currently we work with customers in the Netherlands, UK, Germany, Spain and several other European countries. There is no doubt that the use of eID in these countries is not as far developed as in the Nordic countries. Perhaps the level of maturity is about the same as in the Nordic region 10 years ago. The question is whether it will take another 10 years before Europe is on par with the Nordic countries.

I think the answer to this question is “no”. The reason is that drivers that were strong in 2007 have become even stronger over the past 10 years. Electronic identity is in many cases the last missing piece to get full-digitized processes. We have smart phones that can be used for two-factor authentication replacing inconvenient and expensive technologies that required purpose built hardware. On top of this, European initiatives such as PSD2, OpenBanking and GDPR are pushing for better and more widespread solutions for electronic identity.

Signicat’s value proposition to customers in Europe is the same as in the Nordic countries: A single point of connection for easiest access to a wide range of electronic identity services. This is especially important when technology and infrastructure are in rapid development. Our services for the initial proofing of electronic identity are also important in markets where there is no established third party electronic identity infrastructure, as we have in the Nordic countries. The fact that our online services meet or will meet requirements in regulations and directives such as eIDAS, GDPR and PSD2 are also helping users to get started with electronic identity.

For Signicat, the first 10 years have been an exciting journey where we have contributed to making electronic identity a critical community infrastructure in the Nordic region. In the next few years, we hope to be able to repeat this journey, and bring the experience of the first 10 years to the larger European market, making electronic identity just as widespread here as well.

Get in touch!
If you have comments or questions, feel free to contact me either by e-mail or phone:

E-mail: gunnar.nordseth@signicat.com
Telephone:+47 930 60 408

Sommerjobb i Trondheim 2019

UTVIKLERSPIRER ØNSKES TIL UTFORDRENDE SOMMERJOBB

Signicat leverer markedsledende skybaserte løsninger for elektronisk identifisering og signatur. Vi støtter et stort utvalg av nasjonale og selvutstedte ID-typer som gjør det mulig for våre kunder å tilby tjenester på tvers av landegrenser.

Signicat er i kraftig vekst og er kontinuerlig på jakt etter utviklere og testutviklere til hovedkontoret i hjertet av Trondheim.

Vår utviklingsavdeling har nå blitt så stor at vi ønsker å ta inn to studenter fra 4.-klasse på Master eller 2.-klasse Bachelor sommeren 2019. Signicats id- og signaturtjenester er hovedsaklig skrevet i Java, men vi har naturligvis også bruk for noe database- og JavaScript for å få det hele til å snurre. Det siste året har vi også jobbet mye med både testautomatisering og løsninger for å automatisere utrulling av programvare på en enda mer smidig måte. Vi releaser og installerer i produksjon flere ganger i uka, og må samtidig sørge for at kvalitet, sikkerhet, oppetid og ytelse oppfyller strenge krav – både fra myndigheter og fra kunder.

Vi er ikke helt sikre på hvilket konkret prosjekt dere vil jobbe med men vi kan love store utfordringer og mulighet til å lære mye. Dere vil bli plassert i et team som både har variert utviklerkompetanse og tilgang til en UX-designer for å få et best mulig resultat. Det er helt klart en fordel om du har litt programmeringserfaring fra før – enten fra hobbyprosjekter eller fra tidligere sommerjobber.

PS: Hvis du har en god idé til en oppgave som også passer inn i vårt interesseområde, tilpasser vi gjerne sommerjobben til deg. Vi har luktet litt på bruk av maskinlæring/AI for log-analyse, Docker for mer automatisert testing/deployment, og NoSQL-alternativer til MySQL. Vi har med andre ord også bruk for deg som skyr JavaScript som pesten og er mer glad i APIer og databaser.

Søk her innen 31. oktober 2018 og ta kontakt med leder for utviklingsavdelingen, Lars Klemetsaune, på e-post lars.klemetsaune@signicat.com for spørsmål.

An identity fairytale from fantasyland

An identity fairytale from fantasyland

Once upon a time, in a country up North, John had finally decided to buy a new camera, and needed to pay for this. He logged into his bank, and he used BankID to authenticate himself. Within a few seconds the bank recognized John. Of course, John realized that he does not have sufficient funds for this camera (the Sony A9 is not cheap), and needs to borrow the money. He runs through the wizard, enters the amount and the payback time, and then gets a loan contract to sign. The loan contract is signed digitally, using BankID. And immediately he has the money on his account and he can pay for the camera. Again, this payment is authorized using BankID.

Later the same day, John realized that he was running out of his blood pressure medication, and had to get some more. But he couldn’t remember if the last prescription was still valid. So he logged into the government health portal, again using his BankID, and found that indeed, the prescription was still valid, so no need to bother the doctor to have it renewed. John walked down to the pharmacy on the corner, and identified himself with his driver’s license, and got another dose of the medication. As the pharmacy is electronically connected to the central prescription database, the good old paper prescriptions, with the doctor’s unintelligible handwriting are long since history.

Later that night, John had to do his taxes (good thing he got more blood pressure medication), and went to the government portal. Of course again, he used his BankID to log in, and he could then update the tax report, before submitting it.

Verify identity by using BankID

A few days later, John’s camera arrived in the post, and he realized that he should take out insurance. So he logs into his insurance company. Guess what, he uses BankID to identify himself, and adds the camera to his insurance. He also decides that he wants to sell his old camera, and goes to the C2C platform finn.no. He creates an account, and is asked if he wants to be a verified seller. Of course he wants to, and guess what. Again, BankID is used to verify his identity.

(And if John wants to open a new bank account, with another bank, he can use BankID, and his identity is verified. No need to visit a branch. No need to provide additional information. Easy and simple).

Quite a fairytale, right? Well, actually no. The fantasyland I’m describing is Norway, but Sweden, Denmark and Finland, and let’s not forget Estonia, are all on the same page. In these countries, the same digital identity can be used for more and more purposes. It all started with banks. But these days it is used for government, health, insurance and others.

At Signicat we had our first customer on our BankID cloud-service back in 2007. With 10 years of experience in the Digital Identity space we find it our call to spread the fairytale message to rest of the world.

Blogpost by: John Erik Setsaas, Identity Architect
Twitter: @jsetsaas

Download your free copy of Signicats report, “The Rise of Digital Identities” based on exclusive Innopay research.

Please fill in the form below to get your free copy.

As the leading provider of identity services to regulated industries in the Nordics, Signicat has played an important part in this development.

  • European eID schemes provide 69% of ID information needed to digitally apply for financial services
  • 3 European eID schemes provide all the necessary information
  • Digital Identity Service Providers (DISP) are the key to bridging the gap

Oslo, Norway, 22th June 2017 – New research launched today by Signicat, the world’s first and largest identity assurance provider, shows that through electronic identity (eID) schemes in Europe, consumers are closer to being able to apply for financial services 100% digitally, although gaps still exist. The report, “The Rise of Digital Identities”, is based on exclusive Innopay research and looks at how eIDs are currently used to onboard consumers to financial services across seven European countries.

On average, European eID schemes provide 69% of the information that financial institutions need in order to onboard a customer wholly digitally, and three schemes provide all the necessary information. These existing schemes could provide the vital staging point to develop digital identities that enable a truly digital financial services landscape.

Banks are under pressure to reduce costs, increase profits and to comply with ever more stringent regulations. Their customers have, at the same time, moved to embrace digital channels, meaning banks can reduce the number of branches and better target these customers to reduce costs and increase profits. However financial institutions are missing a vital link in the digital chain – onboarding. 40% of consumers have abandoned a bank sign up process because of the time and effort needed. This, combined with the upcoming eIDAS regulation means that financial institutions need to be able to onboard customers 100% digitally.

The paper was developed with research from Innopay, the payments, digital identity and e-business consultant. Innopay surveyed the onboarding landscape across Austria, Belgium, Germany, Luxembourg, The Netherlands, Switzerland and the UK to look at KYC/AML requirements and how available eID schemes map to these requirements. While current schemes do cover the majority of information needed by financial institutions to confirm a prospective customer’s identity, gaps exist.

It found that in Belgium, for example, the eID covers all the necessary attributes but the scheme is only relevant in a consumer-to-government context. In The Netherlands, the bank-operated scheme offers the right coverage but, on its own, won’t satisfy Know Your Customer (KYC) requirements.

To fully verify a customer’s identity, financial institutions must supplement eID information from a variety of sources including national ID schemes, various digital assets and traditional ID documents such as passports. The challenge is that information is not always available, there are inconsistencies across regions and difference stages of onboarding require different levels of assurance, including examination of the physical document. To succeed, institutions must plug the gaps and ensure they have access to the right information in the right geographies.

Gunner Nordseth, CEO at Signicat, said: “As the market becomes more competitive, financial institutions are under increasing pressure to attract and retain more customers but at lower costs. It’s a huge challenge and the old analog process for onboarding has proved cumbersome and outdated. There is enormous scope for digital identities to reduce inefficiencies as well as ease compliance with KYC. But building those identities is a complex task and financial institutions need to create interoperability between regions in a fragmented European landscape.”

Gunnar added: “The real strength lies in combining the various identity information sources to create a complete and validated digital identity. That’s where a digital identity service provider, or DISP, can help. It facilitates connections to the relevant schemes and other forms of verification to build a trusted picture of the customer. Financial institutions can not only comply but also gain a lead in the race to a truly digital future for onboarding.”

– Ends –

About Signicat

Based in Trondheim, Norway, and founded in 2007, Signicat is the first and largest Identity Assurance Provider in the world, providing regulated markets with the technology to create mutual trust between organizations and their potential customers.

With Signicat, service providers can build and leverage existing customer credentials to connect users, devices and even ‘things’ across channels, services and markets transforming identity into an asset rather than an obstacle. By ditching manual, paper based processes and replacing them with digital identity assurance, customer on-boarding is accelerated and access to services is made simple and secure. Service providers can rapidly grow market share, easily acquire new customers, and ensure compliance with financial, privacy and data protection regulations including AML and KYC.

Signicat has the technology to connect the market, the expertise to scale the systems, and the experience to build the trust.

For more information, visit: www.signicat.com

Media Contacts
CCgroup for Signicat
signicat@ccgrouppr.com
+44 203 824 9200

Download your free copy of Signicats report, “The Rise of Digital Identities” based on exclusive Innopay research.

Please fill in the form below to get your free copy.

 

Signicat report maps out Strong Customer Authentication (SCA) requirement for PSD2

Report from Signicat and Consult Hyperion provides industry guidance to comply with requirement central to PSD2

Oslo, Norway, 13th June 2017Signicat, the world’s first and largest identity assurance provider, has released a white paper with Consult Hyperion to prepare financial institutions for the Strong Customer Authentication (SCA) requirement of the second Payment Services Directive (PSD2). The report, “Strong Customer Authentication in Practice – limitations and possibilities with PSD2”, demonstrates the importance of SCA and highlights the implications for identity and authentication to the payments and commerce industries. It also seeks to provide guidance on how to incorporate SCA into existing services.

SCA is being introduced to ensure consumer identities are secure when paying electronically and to guard against fraud. The requirement will come into effect in Q4 2018, six months after the deadline for all EU member countries to implement PSD2 as national law on 13th January 2018. PSD2 mandates SCA for transactions above €30, meaning Two Factor Authentication will be required to verify the transaction. SCA mandates that authentication is based on at least two of the three elements of Knowledge, Possession and Inherence.

Signicat released the report following concern in the industry that SCA could damage business by creating more friction for the consumer at the checkout. Once SCA is triggered, providers will be forced to look for ways to simplify the transaction process either through exemptions or low-friction SCA. The report seeks to guide the industry on how the requirement will work in practice, who will be expected to perform SCA, and puts forward suggestions to minimize the burden of the authentication process for consumers.

“If not done right, SCA will impose a huge burden on consumers forced to endure a painful authentication process when confirming transactions with a retailer,” said Tim Richards, Principal Consultant, Consult Hyperion. “Providers and banks responsible for implementing SCA must look at ways to simplify the check-out process to ensure a smooth transition to SCA in a post-PSD2 world. The aim of this white paper is to set out the intentions of SCA and to identify how the challenges faced can be addressed.”

“All parties in the PSD2 ecosystem face the challenge of creating a frictionless payment experience for consumers,” said Gunnar Nordseth, CEO, Signicat. “With SCA coming into force in 2018, failing to respond is simply not an option. It’s important that banks and third party providers understand their responsibilities and create systems to both comply with PSD2’s SCA requirements and ease the pain of the process for consumers.”

The report, “Strong Customer Authentication in Practice – limitations and possibilities with PSD2”, is available for free download.

-ENDS-

About Signicat

Based in Trondheim, Norway, and founded in 2007, Signicat is the first and largest Identity Assurance Provider in the world, providing regulated markets with the technology to create mutual trust between organizations and their potential customers.

With Signicat, service providers can build and leverage existing customer credentials to connect users, devices and even ‘things’ across channels, services and markets transforming identity into an asset rather than an obstacle. By ditching manual, paper based processes and replacing them with digital identity assurance, customer on-boarding is accelerated and access to services is made simple and secure. Service providers can rapidly grow market share, easily acquire new customers, and ensure compliance with financial, privacy and data protection regulations including AML and KYC.

Signicat has the technology to connect the market, the expertise to scale the systems, and the experience to build the trust.

For more information, visit: www.signicat.com

Media Contacts
CCgroup for Signicat
signicat@ccgrouppr.com
+44 203 824 9200

Download your free copy of Signicats PSD2 White Paper
If you want to read the PSD2 White Paper, please fill in the form below to get your free copy.

The PSD2 White Paper has been produced on behalf of Signicat by Norfico (www.norfico.net) and Consult Hyperion (www.chyp.com)

Press Release: Signicat launches MobileID authentication to meet PSD2 requirements

ID assurance provider now offers multiple authentication methods – including biometric

Oslo, Norway, 30 May 2017Signicat, the first and largest identity assurance provider in the world, has launched MobileID, its mobile authentication product. In addition to offering financial service providers speedy onboarding and identity assurance using a number of digital identity schemes, Signicat now also offers Strong Customer Authentication (SCA) using the end-user’s smart device.

Upcoming PSD2 legislation will demand that many transactions over €30 must be authorized with at least two-factor authentication. MobileID will put financial services providers ahead of this legislation, not only by offering multi-factor authentication, but offering it in a way that is convenient to consumers and will not result in abandonment.

MobileID works by turning a consumer smart device into a security credential. The device becomes the ‘something you have’ factor for authentication, while a PIN code becomes the ‘something you know’ and biometric data such as fingerprints can be used as a third ‘something you are’ factor.

MobileID allows banks and other financial service providers to offer multi-factor authentication without the need to provision additional hardware or demand that customers copy and paste a one-time password from an SMS or a separate application. Instead MobileID harnesses smart device capabilities, including the latest biometrics, to deliver simple but secure access to digital channels.

“A speedy onboarding and application experience is a must for financial services providers who don’t want to lose 40% of their potential customers at this stage,” said Gunnar Nordseth, CEO, Signicat. “Keeping these customers means giving them the best experience possible when accessing services and authorizing transactions – MobileID gives customers that simple experience while meeting PSD2 requirements way ahead of these regulations being adopted.”

MobileID’s features include:

  • Device agnostic, with support for both the latest iOS and Android devices
  • The ability to add existing and future device-based authentication technologies
  • Device and user intelligence, including geolocation, for risk-based authentication
  • An offline mode so the smart device can be used to authenticate without a data connection
  • Defenses against jailbroken devices and debugging attempts

-ENDS-

About Signicat

Based in Trondheim, Norway, and founded in 2007, Signicat is the first and largest Identity Assurance Provider in the world, providing regulated markets with the technology to create mutual trust between organizations and their potential customers.

With Signicat, service providers can build and leverage existing customer credentials to connect users, devices and even ‘things’ across channels, services and markets transforming identity into an asset rather than an obstacle. By ditching manual, paper based processes and replacing them with digital identity assurance, customer on-boarding is accelerated and access to services is made simple and secure. Service providers can rapidly grow market share, easily acquire new customers, and ensure compliance with financial, privacy and data protection regulations including AML and KYC.

Signicat has the technology to connect the market, the expertise to scale the systems, and the experience to build the trust.

For more information, visit: www.signicat.com

Media Contacts
CCgroup for Signicat
signicat@ccgrouppr.com
+44 203 824 9200

 

For more information about MobileID, visit: MobileID

signicat rabobank

Press Release: Rabobank and Signicat launch Digital Identity Service Provider (DISP)

Rabobank and Signicat are entering the Dutch identity market together by providing digital services to businesses, supporting them in servicing their clients.

This joint Digital Identity Service Provider (DISP) offers a range of online login, identity, signature and archiving solutions under the banner of Rabo eBusiness. It provides optimal convenience for a range of businesses, including insurance, energy and leasing companies as well as other financial services providers. It simplifies and improves the digital transformation they are under pressure to achieve.

Rabo eBusiness helps businesses to shape their online services in an easier, more reliable and efficient way to achieve higher online conversion. Consumers can log onto the merchant’s website using one of the identity services provided by Rabo eBusiness and can then, for example, sign a contract online. The platform is easy to integrate into the existing business processes using API technology.

Rabobank will initially focus on five customer groups: energy, telecom and insurance companies, healthcare institutions and financial services providers. Rabo eBusiness services will make it easy for them to enable functions such as onboarding new customers, signing contracts digitally and offering a dashboard for invoices or expense claims.
The market for DISPs opened on 1st April 2017 within the framework of iDIN.

Alexander Zwart, responsible for Online Channels & Access at Rabobank, explains that Rabobank already has a good starting position, having: ‘Advisory skills, a large market share in the business market, operational services and a mature salesforce. In order to be able to offer technology and a high-quality and safe range of products, we have opted not to develop it ourselves, but instead to collaborate with a well-established strategic player. Signicat has a proven Digital Identity Service platform that is considered leading in the Nordics, a mature digital identity market.’

Signicat in turn wants to expand its presence in the Dutch market. Gunnar Nordseth, Chief Executive Officer of Signicat: ‘We have been operating for some time as an identity service provider in the Nordics and are currently expanding into other parts of Europe. The Netherlands is a strategically important market for us and a European hub that has great potential for digital identity, signature and archiving services. Collaborating with an innovative bank such as Rabobank gives us the opportunity to fulfil our ambition.’

The platform has been designed to grow in tandem with market demands and can consequently be expanded to include additional services. This lays the foundation for achieving Rabobank’s strategic ambition to help its customers with the digitisation of their services.

-ENDS-


About Signicat:
Based in Trondheim, Norway, and founded in 2007, Signicat operates the largest Digital Identity Hub in the world, offering the only complete identity platform in the market and trusted to reduce the burden of compliance in highly regulated markets. With Signicat, service providers can build and leverage existing customer credentials to connect users, devices and even ‘things’ across channels, services and markets transforming identity into an asset rather than a burden. By ditching manual, paper based processes and replacing them with digital identity assurance, customer onboarding is accelerated and access to services is made simple and secure. Signicat’s Identity Hub is a complete solution to that offers compliance and a route to better customer engagement.
www.signicat.com

About Rabobank:
Rabobank is an international financial services provider operating on the basis of cooperative principles. It offers retail banking, wholesale banking, private banking, leasing and real estate services. As a cooperative bank, Rabobank puts customers’ interests first in its services. Rabobank is committed to being a leading customerfocused cooperative bank in the Netherlands and a leading food and agri bank worldwide. Rabobank employs approximately internal and external 50,000 people. Rabobank Group is active in 40 countries.
www.rabobank.com

For more information, please contact:

Rabobank
Margo van Wijgerden, Press Officer
+3130 2160967, margo.van.wijgerden@rabobank.nl

Signicat
Imran Majid, PR Manager
+44 203 824 9205, Imran.Majid@ccgrouppr.com


For more information about DISP, visit:
DISP

Can blockchain technology be useful to digital identity?

The word blockchain brings out many associations. I guess for most of you, Bitcoin comes first. And maybe other cryptocurrencies like Ripple and Ethereum. From there, you probably think about illegal buying and dark web, and anonymity. Yes, true. As with any type of fiat currency, you can also use cryptocurrencies to buy illegal stuff, and to be anonymous. But remember that blockchain is technology, and technology is only bad if it is used in a bad way.

Why can blockchain be useful for identities?
Anyway, this post is not about money but about identities. What are the reasons to consider blockchain to hold digital identities? And what are the properties of blockchain, which can be useful for identities.

For one, a blockchain is distributed, so there is no central authority which manages your identity. And it is immutable, which means that as soon as an identity is stored on the blockchain, it can never be removed. These properties means that your digital identity can not be purged. This would prevent any government from taking away the identity from people based on religion, ethnicity or other attributes, and you would be in control of your own identity. This is often referred to as sovereign identity.

Proof of concept with the sovereign identity idea
Signicat has been doing a proof of concept with the sovereign identity idea. Below are the components of this PoC:

Attribute storage
Each attribute is encrypted and stored separately. This means that if the encryption is cracked on one attribute, only data for this attribute is exposed. For example that somebody is born on January 1st 1972, that somebody is over 18, or that is somebody has a given Nationality. But not who. And even if two records are broken, there is nothing indicating that these belong to the same individual. To know this connection, you  must have the private key.

Attribute verification
To ensure a validity of an attribute, an eIDP (electronic identity provider) or eAP (electronic attribute provider) is involved. This could be public eID providers (such as BankID in Norway and Sweden or NemId in Denmark), consumer identity providers (such as Facebook or Google), it could be a bank, a government, or even a group of friends. Before storing the attribute record on the blockchain, it is validated by one or more of these. This means that the recipient of the attribute can verify the validity of the attribute.

Exposing an attribute
If you want to provide an attribute to somebody, for example that you are over 18, you send the record ID and the encryption key for this record to the recipient. This will prove that the record is yours, and that it is valid (by checking the attribute provider validation). The encryption key can only be used to decrypt the given record, so the owner is in control of, what is being shared. Additional measures are used to prevent replay of the attribute, for example that the recipient uses this to another party.

Private key storage
A user needs a private key to identify his or her records on the blockchain. A challenge is that users lose their private key, and thereby lose access to their blockchain information. By using a key splitting algorithm, the private key is split into as many parts as there are nodes in the blockchain and each node is given one part. In addition, the algorithm defines how many parts are needed to construct the key. If there for example are 20 nodes, you could require 10 parts to reconstruct the key. Any 10 arbitrary parts will suffice. By setting up rules for releasing the private key parts, requiring one or more eIDPs or aIDPs to prove your identity, a node can release one part, thereby allowing the key owner to reconstruct the private key.

Attribute and identity providers
The eAPs and eIDPs will be approved by the blockchain. Only the approved nodes are trusted, which is especially important for the release of private key parts. If a provider is no longer trusted, it will be removed from the trustlist.

Finally a word of warning: Before going all-in on an identity solution (or any solution using sensitive data) on the blockchain, privacy must be considered carefully. When data is on the chain, there is no way to change it, so there is no room for error in the initial setup.

Blogpost by: John Erik Setsaas, Identity Architect
Twitter: @jsetsaas

Contact us