The U.S. government is finally dipping its toes into blockchain projects. having written previously on the topic-and having done similar projects around the supply chain-we want to offer you some ideas on how it can be done right. If implemented properly, share and protect their personal data in ways they could never before.
(For the full technical paper we wrote, take a look on Github).
The Department of Homeland Security, in their request for proposal (RFP) document, is offering $ 800,000 for anyone to develop a new way to improve on existing secure documents for things like travel documents, certificates, licenses, etc. ID cards need to be harder to destroy or forge, yet easy to invalidate when necessary. DHS would also like to be used as an ID.
In addition to stated requirements, we recommend these additional features:
- Room for anonymity. Current forms of ID like driver's licenses
- Document is invalid until received by the destination party. There are many schemes where documents are intercepted during or immediately after delivery, to perpetrate identity fraud crimes.
- Document can be invalidated without possession of the document itself. Most forms of disabling IDs are physical, like punching a hole through a passport. This implies having a document in hand. Once a document is stolen, invalidating it physically is unlikely. However, that need not be the case with a digital ID.
- Unauthenticated access to personal data should yield no data. Each authentication must be authorized and the person who owns the data should determine how much data to give away without access.
- Authenticated data access should yield a trace. To avoid misuse of privilege – anytime someone reads data – there should be a written trace. All highly secured assets have that.
- Historical date should not be deleted, only augmented. Most data attacks include wiping logs after the data has been stolen. It is very much harder to do malignantly.
We have recently completed a project that secures to supply chain with Near-Field Communication chips (NFC). This technology looks like a great fit here. NFC is a trusted technology available in almost every smartphone and tablet these days. Apple Pay, Google Pay, Visa, MasterCard, and others. While the NFC chip alone provides authenticity and prevents counterfeiting, combining NFC with blockchain technologies assures decentralized data safekeeping.
As recently as September 2018, NXP Semiconductors N.V. unveiled a more secure and less expensive (NFC 424 DNA) chip that generates a unique / unbreakable code at every scan by phone, tablet or other inexpensive readers connected to a desktop PC.
Combining two of the newest technologies-NFC DNA CHIP for authentication and blockchain for data safekeeping-will likely solve each scenario in the RFP document.
One can place a tiny tag-via an NFC chip-inside to document that will preclude it from being copied. NFC uses commonly respected encryption algorithms built into the chip itself. U.S. passports use a similar technology, but is unfortunately from an early generation which can be hacked.
Here, we would use newly developed chips that would allow one to secure documents with the utmost certainty in their authenticity. Tamper-proof, meaning that if someone tries to remove it, the chip would detect it and notify a verification service.
Chips can be read by any recent smartphone. A mobile app could be used to authenticate the chip.
Standard solution techniques paired with any blockchain mechanism to ensure data is never erased and always appended.
What personal information does not need to display any personal identification. This allows for anonymous personal IDs. People can be provided with certain default access to certain groups of users while denying others information at all.
No longer, you need to be on your driver's license, yet it's now possible to have 20 high resolution digital pictures available. Implementing this solution will not only solve the problem, but will also open up the door to the endless functionality that could include secure communications / messaging, tracking, payments in any currency, eSignatures, and much more, on a scale never before seen in the United States.
Properly architected, it can also enable a secure offline mode for agencies like the TSA. Yet it precludes TSA – or any other agency – from opening up to the date on everyone without their presence or consent and abusing their privilege.
Blockchain technology is here to help, as our aging reliance on Social Security Numbers (SSN) is crumbling. Today we find ourselves facing crisis scenario with SSN numbers not unlike Y2K. The king of IDs is dead, long live the king!