At SecureKey, we collaborate with government, corporate and consumer-focused groups to continuously improve Verified.Me, a mutually beneficial network that supports users with their digital identity needs like accessing their financial or health information online. The role we have as one of Canada’s leading digital identity and authentication providers means we take our responsibility to help advance the Canadian and global identity landscapes seriously.
We are thrilled that the academic journal Frontiers in Blockchain accepted our community case study, “Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada.” This peer-reviewed article focuses on the benefits of self-sovereign identity (SSI) with blockchain and Verified.Me as an example of these concepts being effectively implemented to create a cohesive, secure service and digital identity network. SSI is a digital identity philosophical perspective focused on providing users with ownership and control of their verifiable credentials. This shifts decision authority from organizations to users through blockchain technology, which helps solve issues with the current status quo of digital identity systems.
What does the case study say about Canadian digital identity?
As the advancement of technology continues to outpace security, changes are needed in how public and private sectors approach and implement cybersecurity strategies and practices.
Digital identity frameworks currently focus on centralized digital identity systems, where discrete identities are made within individual online properties, such as social media accounts, government identity issuance and corporate management systems. This is seen daily with logins that require the user to leverage a username and password. The system creates a fragmented identity experience requiring different sets of verifiable credentials for different platforms and uses with sensitive personal data stored by each platform. If one service is breached and the sign in information is accessed, then hackers could access other services with password resets and credential-stuffing attacks.
This model can also lead users to overshare personal information, as any documents that are provided to verify your identity may display other personal data that is not required. If you use a bank statement as your verifiable credential to confirm your name and address, for example, this will also display your account information and other data such as shopping and spending habits.
How does SSI affect Verified.Me?
Verified.Me uses a different model. Our service uses SSI principles within a federated and decentralized identity management system instead of a centralized system with the goal of helping security and privacy for users and organizations.
Christopher Allen, a pioneer in internet cryptography, defined 10 principles for SSI. These attempt to better conceptualize standards for SSI as a preliminary benchmark to assess existing solutions from concepts such as users having control over their own identities, how identities should be as widely usable as possible and the high priority networks have in protecting the rights of users. Most digital identity projects will not meet all these criteria.
This emphasis on control, privacy, data minimization and user consent as dictated by SSI principles are incorporated into Verified.Me and advocated for by SecureKey as the network owner. Consistently keeping these principles in mind as we improve our services means that Verified.Me can secure:
- A user’s right to privacy of activity
- A user’s right to decide when and what information about themselves is shared between organizations
- Cryptographic protection of digital assets for confidentiality and integrity
- That all digital asset exchanges and transactions are cryptographically auditable
- No central point of failure or trust: a distributed network of trusted organizations runs a cryptographically protected consensus protocol that collectively determines the state of the networks, the participants, the digital assets, and the users
- Permissions, authentications and auditability of network participant activities
How does the user benefit from SSI?
As an example of the benefits of our decentralized system, let us say someone is trying to apply for an apartment rental and needs to provide their personal information as part of the application process. They will access Verified.Me and authenticate themselves with their financial institution. They will then review and consent to what personal information they want to have securely shared with the renting company. Their information is then verified, and the rental application is complete.
This is a simple process for the user that leverages one set of verifiable credentials, in this case the ones from their financial institution, and eliminates oversharing by providing only the pertinent information. Compared to conventional centralized digital identity models, these credentials allow for access to more than one system as opposed to being limited to one organization per credential.
Why are SSI and blockchain technology important for Verified.Me?
In the backend, Verified.Me ensures that only authorized attributes are shared with explicit user consent. The service bridges together multiple participants within a common ecosystem to verify the identities of users securely and privately across the participating organizations with others within the group. This decentralized model requires a high level of commitment and collaboration between the public and private sectors to work. Verified.Me connects institutions and data providers that have a users’ verifiable credentials to the service providers who ask for the information. These can include financial institutions, insurance companies, telecommunications providers, online merchants, healthcare solutions, credit bureaus, legal professionals, sharing economy, online gaming, governments and educational institutions.
One recent example of this is Employment and Social Development Canada’s (ESDC) adoption of Verified.Me. ESDC, a public sector entity, is now able to receive verifiable credentials from users through Verified.Me so they can register for a My Service Canada Account (MSCA). Verified.Me securely streamlines the process by allowing users to use their private sector credentials for this registration and verification.
In addition, SSI is a double-blind sharing scheme where the source does not know where the data is sent, but the receiver knows where it came from. Verified.Me uses a triple-blind sharing scheme that blinds the source and destination to each other while also blinding the network to the contents of the transaction. This ensures that no one knows from where or to where you are signing in, increasing security and privacy.
Blockchain helps throughout the process to increase security and usability with proper cybersecurity measures while having the ease of use to access services. Specifically, blockchain fulfills three key requirements we have:
- A method to provide triple-blind data sharing under user control and consent while maintaining high business integrity (making it trustworthy to the relying party)
- A method to compute and record integrity proofs about the data shared
- A method to mitigate distributed denial of service attacks owing to the larger number of service endpoints that can provide stand-in processing
About Andre Boysen
Andre is responsible for positioning SecureKey’s growth strategy, cultivating opportunities in new and existing markets, and promoting demand for the company’s solutions globally. He serves as SecureKey’s digital identity evangelist. He was recognized as a global leader in digital identity by One World Identity (2017) and Innovate Identity (2016). Andre serves on the boards of the identity standards organizations of DIACC and the Kantara initiative.
Prior to joining SecureKey, Andre co-founded and served as chief technology officer of 724 Solutions Inc. Previously, he served as chief technology officer for Footprint Software and as chief executive officer for the company’s Asia Pacific business. In 1999, he was named one of Canada’s Top 40 Under 40 in recognition of his vision and accomplishments. From 1990 to 1994, he served as chief executive officer of Open Systems Limited. Andre has also served on the boards of 724 Solutions Inc., Dexit Inc., Footprint Software Pty. Ltd., and 305 Management Services.
He earned a Bachelor of Science in Computer Engineering from the University of Ottawa, an MBA from the Richard Ivey School of Business, and a Bachelor of Science in Mathematics Education from the University of Maine at Presque Isle. He currently lectures at Wilfred Laurier’s Schlegel Entrepreneurship Centre.
ttee and co-chair of the Decentralized Identity Foundation Sidetree Working Group.