A consortium of Asian companies has agreed to create a blockchain-based service that might actually be useful. They want to use the blockchain to turn your phone into a mobile ID system.
Seven companies have signed the initiative: Korean telcos KT, SK Telecom, and LG Uplus, and banks KEB Hana Bank and Woori Bank, along with financial IT company Koscom, and Samsung.
The idea is to create a mobile ID management system that lets individuals control their own data and present it to institutions when they want to access something. Known as self-sovereign identity (SSI), it’s an alternative to having your identity managed by someone else.
Today, many people rely on the likes of Google or Facebook (whose business depends on selling access to information about you) to sign them into websites or apps. Billions more use government-backed ID systems like India’s Aadhaar, which has suffered from some devastating privacy setbacks. Even using your driver’s license or passport to prove your identity carries risks, because showing it to someone tells them more about you than might be necessary. Why show someone your driver’s license just to prove that you’re able to buy a six-pack of beer?
An alternative
This initiative seems to present an alternative to that. In a statement (translated online), the consortium said:
When an individual has stored his or her information from an organization or company in a secure storage area of a smartphone, they can submit their desired data at any time for proof.
The consortium isn’t giving much away about the technology. We know it’s blockchain-based, and that it works by storing personal information on your phone. We also know that identity information is verified by the participating banks and possibly the telcos too, because they reported signing…
…contracts for mobile electronic certification business based on blockchain.
That makes sense. If people are going to hold their own ID information on the phone, someone needs to testify that it’s legitimate. Banks and telcos are an obvious choice, because of their strong know-your-client rules and control of your mobile phone accounts.
The consortium looks set to open up certification access to others. It added:
Participants expect that ICT companies and financial companies will be able to commercialize electronic certification services.
This could mean that people can use various forms of identity from different institutions:
We expect that it will be possible to prove simpler and more transparent identification both online and offline, and at the same time speed up the era of data self-sovereignty. Using mobile electronic certificates can greatly simplify the issuance and submission of various certificates.
Why use blockchain technology for this? Firstly, it encrypts the identity information. Secondly, it can call on one or more third parties to verify that the information is legitimate without transmitting personal information over a network. The bank or the telco could store the personal information – which they have anyway – and then give you an identifier token for your phone that you can use to prove that you’re you.
The blockchain is the glue that links the identifier token to the sensitive personal data stored at the bank and ensures that neither has been tampered with. We’re not sure that’s exactly how this will work, because information on the consortium’s forthcoming implementation is scant. However, this is what has underpinned other projects in the past like Verified.me, which is supported by the big five Canadian banks.
The consortium hopes that participating organisations will use this blockchain-based identity to grant access to everything from company recruitment systems through to digital banking, student certificates, and a myriad of online services.
What if the phone gets pwned?
The information is protected by Samsung’s Knox feature, which uses security enhancements for Android on top of trusted hardware. Knox has been certified for use by UK and US government departments, but researchers have discovered flaws its security. In 2016, researchers at Israeli company Viral Security Group found three bugs in Knox that allowed attackers to gain total control of the system. Google’s Project Zero found high-severity flaws in 2017.
There are potential technical flaws in any system, but given the way companies manage our existing identities online, these blockchain ID concepts carry considerable promise.
Alan
This is such excellent news, first step, of course, but so necessary that we be sovereign of our own identities.
Next step have multiple layers of identity that can be rented / divulged for limited time to limited interested buyers.
Take back control !
Please continue to follow this important story.
rrogers31
Perhaps off subject: Has anybody read Snowcrash by Neal Stephenson? Its inferred political structure sounds (to me) a lot like this; implemented on a global basis. i.e. where is this going?
I used to have a goal of anticipating a framework for the future; a goal that now (since around 2000) seems “quaint”.
“Known as self-sovereign identity (SSI), ” ? Will I now have three phones that have different nationalities, all legal; Swiss, Indonesian, USA? What legal systems apply; set union, set intersection …. up for grabs?
In the Kerr metric, the future accessible event horizon can apparently become detached from the emitter (i.e. float away); now I can understand that (more or less) but the present and intended techno-social environment has apparently taken that idea, disassociated future, and turned into a fractal something.
Paul Ducklin
Mr Lee’s Greater Hong Kong FTW.
Steve
Given the steady stream of stories about SIM-swapping, spoofed Caller-ID and the like, I nearly choked on these words:
“Banks and telcos are an obvious choice, because of their strong know-your-client rules and control of your mobile phone accounts.”
sschilder
Samsung is part of this initiative. Has anyone ever really read the eula on a Samsung TV? You’d be amased on how much info Samsung wants from you. Not accepting (part of) the eula will render your tv from smart into dump…This doesn’t give me much confidence in this initiative
David Sherman
When all these new technologies are brought together, (blockchain, super/quantum computing, 5g, rfid /national ID’s, AI)and placed in the hands the power people (governments, banks, etc.) it sounds like a perfect setup for central control of…….just about everything, including your bank account. Dangerous!!