One identity to rule them all—managing digital identities using blockchain

(Written by @ElliotHill of the Cardano Foundation)

Almost every application and website we use today requires our personal credentials in order to create an account and use a service. This process is so widespread, that most of us have hundreds of accounts across multiple services, and sharing our credentials is the norm.

Some time ago, developers realized it would be easier to create linked profiles through the likes of Google or Microsoft 365, or social media platforms such as Facebook and Twitter, to log in to a range of services. Now, the majority of us are used to signing up to new services in seconds through one account.

However, for financial applications and accounts, simple details about an individual are not enough to prevent bad actors from entering the space, such as identity thieves and fraudsters. According to PwC, identity theft and fraud cost companies an eye-watering US$42bn in the last 24-months alone, and this problem is growing year-on-year.

Instead, when it comes to onboarding customers to a new service such as a bank or exchange, users are required to upload identity documents to comply with know your customer (KYC) and anti-money laundering (AML) requirements.

These requirements are important to prevent crime, but they require a great deal of sensitive information from customers. Not only do customers need to provide in-depth personal information, but they also represent a significant hurdle in the new customer onboarding journey, and demand a significant investment in time and resources from operators.

Google or Facebook accounts simply cannot securely hold the identity information required to safely onboard new customers to financial apps. But perhaps distributed ledger technology can.

Here, we are going to explore how blockchain technology and digital identities can be used to speed up the KYC and AML process, make onboarding faster and easier for customers, and most importantly, we will discover how blockchain can make the storage of a user’s identity credentials safer.

We will also be discovering Cardano’s first blockchain-based identity solution from IOHK—Atala PRISM—and what role this will play within the wider Cardano ecosystem.

Existing identity management solutions

There are already a couple of options available for those looking for a more integrated identity management solution. Password managers, for example, are ubiquitous applications which store all of a user’s login credentials in a single encrypted location.

Password managers usually provide a browser-based plugin, such as a Chrome extension, which automatically fills username and password fields without the user having to manually enter their details. They may also contain more detailed information like login credentials for desktop applications, your payment details, and the ability to sync across multiple devices.

Similarly, auto-fill capabilities, which are standard in most modern browsers, can easily take care of simple user data like names, addresses, telephone numbers, and even bank cards. However, what password managers and auto-fill data generally cannot do is sign a user up for new services—especially those where identity data must be checked and verified against international-level databases.

Instead, dedicated KYC procedures must be implemented to onboard customers to financial services. So, what does the standard KYC process look like?

The current KYC journey

If you are a crypto native, you will likely know the onerous KYC journey all too well. Let’s look at a familiar example. To sign up for a new initial coin offering, you must provide your identity credentials, such as a government-issued driving license or passport, and often a recent utility bill as proof of address.

Next, if you want to trade your newly acquired token on a new exchange, you must repeat the process anew. Finally, when you want to cash out some cryptocurrency for fiat using an exchange that supports fiat off-ramps, like Coinbase—you will be required to submit your details yet again.

In this common scenario, not only would you have invested a significant amount of time submitting KYC information, but you would have also entrusted your personal data to three separate unknown entities.

To make the process easier, there are a multitude of third-party KYC facilitators, who use automated AI-enhanced identity checks, cross-referencing international databases, performing due diligence requirements, and carrying out financial blacklist checking.

This can reduce the time it takes for the service provider to check their customer’s identity, but it does little to reduce the time the customer spends on uploading and waiting for their identity to be verified—one of the biggest friction points of onboarding new customers.

Current issues with the KYC process include:

• Poor user journey - For service providers who are required to collect KYC details, the entire process represents a huge onboarding pain-point. Many users quit at some point along this journey, and many more have to wait unacceptably long times for their identity to be verified.

• High reliance on trust - One of the biggest risks for customers is trusting their credentials with a third-party, whether it is an official KYC-processor or the end-service, such as an exchange or an app. This is risky for customers, as they must be comfortable sharing highly-sensitive information with a virtual stranger.

Our reliance on digital financial services is higher than ever, but many processes are still stuck in the past. In Europe for example, the European Commission still requires that extra steps are taken by financial institutions when onboarding a purely digital customer—by far the most common way of signing up for a new financial service today.

This is already a major challenge for legacy financial providers, but the issue is magnified tenfold in the blockchain space, where close regulatory scrutiny puts even more pressure on decentralized finance providers to comply absolutely with KYC requirements.

The difficulty of onboarding to new services has its roots in an archaic system, and it is one of the most difficult hurdles for new customers. So, what is the solution?

Easier onboarding and KYC with blockchain-based identities

The vision of a blockchain-based identity is simple in theory. A user would upload their credentials, such as their full name, address, proof of address, and identity documents onto a user-friendly front-end interface or application. This app could be used on a mobile device, desktop computer, or deployed company-wide for multiple users.

While the front-end would be a unified and simple interface for users, the back-end of the identity application would be linked to the blockchain. Here, a user’s information could be secured safely and immutably using cryptographic methods, accessed in a similar way to blockchain-based assets—for example using a private key or potentially, biometric information.

What are the advantages of a blockchain-based solution versus existing solutions?

Sovereign control of your data

The most significant aspect of a blockchain-based identity solution is its trustless nature. As identity credentials are encrypted on the blockchain, the owner of the data is the only one who can grant access. Those granted access would essentially be ‘read-only’, they would not own a physical copy of the user’s identity documents, and it could not be stolen by attackers.

Therefore, users no longer need to trust that a third-party will protect their data, because they never fully hand it over—which companies have proven time and time again, that they cannot be trusted to do so.

For example, in the first half of 2019 alone, over 4bn user records were breached by companies who should have been protecting their user’s data—up over 50% on the previous year, and this was only counting some 3,800 breaches which were publicly admitted.

Instead, through a blockchain-based identity app, third parties who require KYC verification can easily confirm an individual’s identity and whitelist customers without manually collecting their details—in other words, a user’s private data always remains securely stored on the blockchain and in their sovereign control.

Quick and easy onboarding

The ultimate vision of a blockchain-based digital identity is to make signing up for new accounts, including financial services, as easy as signing in to Google or Twitter.

Instead of preparing personal documents, taking selfies next to passports and driving licences, and digging out old utility bills, all of your identity documents would be stored pre-prepared on your blockchain-based application.

Because of the immutable and secure nature of blockchains, if you sign the transaction or make a transaction from your identity wallet, it is proof that you are who you say you are—bypassing many of the lengthy processes and moving straight onto fraud checks and onboarding.

A blockchain-based solution adopted across multiple service providers would drastically reduce the time required to sign-up to new service for customers, and also save providers a significant amount of time and money when processing new users. Likewise, it would also ensure they remained compliant with all necessary regulations.

Atala PRISM—the first identity management solution on Cardano

1600×758 281 KB

Developed by IOHK and powered by Cardano, Atala PRISM was first unveiled at the Shelley Virtual Summit 2020 and is an all-in-one identity solution for businesses, individuals, and governments.

Atala PRISM enables people to own their personal data and interact with organizations seamlessly, privately, and securely.

When sovereign identities and access to identities are at stake, any identity management system needs to be based on high-assurance code. Atala PRISM will be one of the first fit for purpose identity management systems for both individuals and enterprise based on blockchain technology.

While we have only covered the most common identity management scenarios here, Atala PRISM could also be used to store other information such as a user’s qualifications, their civic records, health records, career references, museum passes, gym memberships and much more, all in one interface.

One of the first pilots of Atala PRISM allows the government of Georgia, a country in the Caucasus, to issue national identity cards digitally and securely, as well as allowing universities to issue educational credentials. This makes it easier for employers to verify a candidate’s education history and identity, leading to a simpler hiring process for new graduates.

Although Atala PRISM will eventually be blockchain agnostic, it is going to be built and deployed first and foremost on Cardano. With Cardano’s unique approach to scalability, Atala PRISM will be able to serve millions of users worldwide, with a view to becoming the de facto identity management solution for businesses, governments, and most importantly, individuals.

Through Atala PRISM, individuals can take sovereignty of their identity using blockchain technology—onboarding seamlessly with a multitude of financial services, applications, and web 3.0 infrastructure.

If you would finally like the power to control your personal data using Cardano, check out the Atala PRISM interactive demo, or visit IOHK’s enterprise portal to find out more.

If Cardano can crack the problem of vendor (and chain) agnostic identity provision with Atala PRISM it has the potential to be massive. This is another area that it still completely open and to play for. Part of the reason this is such an exciting project at the moment.

Great visuals and write up.

I really feel this is the most promising use case for blockchain mass adoption.

Storing credentials securely, much like for crypto, is going to be the biggest hurdle. Once streamlined UX is delivered (ideally multisig for DIDs providing KYC details) it will benefit crypto adoption too as the same private key management can secure peoples wallets.

While KYC and institutional usage has huge potential, I’d love to be able to create my own DIDs for signing into online services e.g. twitter, google etc. I’d hope online service will begin to support this standard soon.

For mass adoption of PRISM I’d also be focusing on that lower hanging fruit. Open up your platform to people around the world so they can create online identities. Users are more likely to start with services that require less PII until they build trust in your brand and platform and understand how it works.

Yeah, I think that is one of the missing parts for full adaption, and I think Atala Prism is not built, ready and matured to accomplish that, but we wil see and I would like to be really wrong on this, really.

I was wondering what the status of this issue is. It is some time now since the app is updated or information about it.

How can DID be interoperable across blockchains?

I am not sure, as we were told that decentralised itdentity will be a first class citizen in Cardano (I highly hope), and they (IOG) said that they work on it, but I did not see any registered did method from them.

Probably they are using an existing one (e.g. the blockhain agnostic did:peer or similar) or some private which has not been released nor registered yet.

I saw Atala:Prism but, it was just a hardly functional PoC/demo app. Hopefully they will come out with some updates, with some details, as unfortunately I cannot be sold by some sugar-candies they used for Prism, but the detailed design (did spec etc.) and implementation.