A new protocol called “BitID” promises to streamline identity verification for online services while protecting privacy – with tokens on the Bitcoin blockchain.
Replacing User-Unfriendly ID Systems
BitID is now concluding a successful testing period, and should be ready for other services to use in the near future.
Although credit cards and e-commerce have opened up international markets and made spending money almost too easy, there’s a serious side effect – identity theft is rife, thanks to multiple companies storing highly sensitive personal ID data on systems prone to theft and data-mining.
Bitcoin wallet and business directory Airbitz has teamed up with BitPOS, an Australian payment processor, to trial BitID – which they hope will replace these user-unfriendly systems with a simple blockchain-based token.
Speaking to Bitcoin.com, BitPOS CEO Jason Williams said:
Identity is a concept central to our lives and our interaction with others, being able to prove who we are creates trust, integrity in our actions and, uncharacteristically on the internet, provides responsibility for our actions.
The two companies have been working on the protocol for most of the past year, after their founders met at the Inside Bitcoins conference in Las Vegas in 2013. Discussions about higher-purposes uses for wallet software and user security eventually morphed into BitID, despite them living on opposite sides of the world.
How BitID Works
BitID takes an already-verified identity that has been created by one online service, like a bank or bitcoin exchange, and creates an ‘identity token’.
That token consists of two things: an actual Bitcoin address derived from the domain where the identity was created, and eight bytes of code to signify what ID documents were used to verify it. The token is then recorded on the blockchain.
This identity token can then be used by any other service using the BitID protocol. Anyone who wants to verify that identity – another service or an individual – can simply scan a QR code to check that the identity token exists.
When verifying an identity, users also receive a link to the authority that created it, and can then look up the definition of any of the initial vendor’s verification documents.
ID Verified, But Data Still Private
The benefit is that no verifier needs to see, or store records of, data on the initial identity documents (such as passports, drivers’ licenses, contact details, utility bills etc). This adds a valuable protection against hacking attacks and data theft.
Unlike other similar services that have been proposed, Williams said, no detailed or identifying information is stored on the blockchain. BitID does not require any permission to use, is completely decentralized, and protects users’ privacy from data mining and theft.
As much as spokespeople like Andreas Antonopoulos point out that bitcoin itself does not require ID, there will always be other online services that do. That’s not likely to change for a long time.
“The benefit to the consumer is (at least in my mind) clear,” Williams said. “When you carry around a cryptographically provable identity things become easier. You can onboard with business easier, purchase products easier and generally prove who you are easier and with more certainty.”
Even though the current system is a proof-of-concept demonstration and not yet available for the public to use, he said Airbitz’s testing has shown it to work well so far.
Chaining Information to an Identity
A secure public blockchain is the best way to roll out such an identity system, Williams said, since there is no possibility of collusion and the identity record is verified by consensus, and agreed to be real.
As an information provider relying on more experienced verifiers, BitID does not tackle the issue of identity fraud itself. It simply records a definition of what a particular verified identity provides, and whatever documentation supports it.
One of BitID’s chief features, Williams said, is the ability to create an ID profile by “chaining information to an identity” – allowing future verifiers to add more supporting documents to the profile at later dates, depending on the strength of verification required.
Ultimately, this establishes a profile that enables others to trust what is presented to them. BitID merely provides the token and, once created, it is available for anyone to make use of – without the need for extra permissions.
If blockchain-recorded identity is found to be fraudulent, then that information is added to the information chain, rendering the token invalid. Anyone attempting to verify an ID via that token would see the latest information.
If BitID succeeds, and becomes the protocol of choice for public and private online services, verifying your identity would become even simpler than providing a public key.
The blockchain would already know who you are, and be able to vouch for you – without even knowing who you are.
Would a system like BitID make you feel more secure than having your documents stored on company servers?
Images courtesy of Pixabay