Newbie questions about Sovrin


#1

Hi, I just heard about you on YouTube, and I had a few questions.

  1. Does Sovrin use a blockchain?

  2. Will Sovrin use biometrics to prevent identity theft?

Thanks! BTW, I love the forum. Nice and clean.:clap:


#2

Thanks - we haven’t started a YouTube channel yet, so let us know where you saw it.

Yes, the non-profit Sovrin Foundation governs a blockchain (distributed ledger) that is operated by trusted organizations around the world called “stewards”. See the growing list of stewards. The governance policies are all recorded in the Sovrin Trust Framework.

That’s a complex question, but the short answer is: Yes, Sovrin will enable individuals to use biometrics as one way to prove their identity. But no biometrics are ever stored on the Sovrin blockchain itself. See the iRespond website for an example of how to use safe self-sovereign biometrics.[quote=“grampajack, post:1, topic:423”]
Thanks! BTW, I love the forum. Nice and clean
[/quote]

Thank you very much—it’s a very supportive community.


#3

Thanks for your response. The reason I asked about biometrics is my vision of a decentralized identity is a reliable, open source method of taking a person’s biometrics and converting them into a string of numbers for them to use as a key when registering on third party applications. This would ensure that their identity cannot be stolen or hacked.

Basically the way I see it is we’re all born with our identity, as we have all these biometric attributes that are unique to us, that cannot be replicated or forged. So the challenge in my mind is simply taking all of those biometric markers and distilling them down into a simple key.

The way I see this working is you would download an app to your phone that would guide you through the process of recording your biometrics. It would take all biometric measurements that a smart phone is capable of taking, such as voice, facial features, ears, eyes, fingerprints, gate, etc. It would then squish everything down into a small file that would act as a key, which could of course be expressed as a QR code to make it simpler.

Basically this code would allow third party applications to locate your biometric information in the blockchain, then compare that against biometric information you provide in real time to authenticate yourself. So for example, let’s say you wanted to open an account with itunes. You would simply scan a QR code or upload the key, and then you would select what level of authentication you want to use to access your account. For something like an itunes account, you may select a low level, whereas for more critical things, like banking and insurance, you would want a higher level of authentication. The third party application would also have the option of requiring a minimum level of authentication. For example, they might require simultaneous facial and voice recognition, where you would look into your camera and recite a phrase that was generated by that particular session.

This would also work for devices. So let’s say you by a new computer. Instead of having to input user names and passwords, you would simply input your key and select your level of authentication. This would be particularly useful for devices that use a cloud, like iphones. Whenever you bought a new phone, you would simply scan your key and voila, there’s your home screen with your wallpaper, all your settings, your contacts, your music, etc. Of let’s say you forgot your phone and you want to use a friend’s. You simply give it your key and there’s “your phone” on your fiend’s device. So in this way it would decentralize devices, as well.

One advantage of doing it this way would be ensuring that people could only have one identity. This would be HUGE for communities to protect against malicious use and spam, as administrators could ban an actual identity as opposed to just banning IPs and emails. Facebook, YouTube, web forums, blogs, review sites, etc. would TREASURE having that kind of protection, ensuring immediate widespread adoption.

The best part, though, is that the person would not have to submit any personally identifiable information to the blockchain, or to third parties, unless they explicitly wanted to. The key itself would become their new name. It would be up to them what claims they wanted to associate with that key. So the way claims would work is third parties, such as governments and universities, would associate the person’s claim with their key. So for example, let’s say you wanted to associate your birth name with your key. You would go down to your local governmental entity and they would certify your claim that you, John Doe, were associated with the key. Or let’s say you want to associate it with a degree. You would go to your university and they would certify that this key had earned a bachelors degree. These entities would have their own identities with their own keys, and they would use these keys to authorize claims. So, for example, you could prove to someone that you had a bachelors degree without even having to give them your name. Or prove to an online community that you were a member of MENSA without giving them any more information whatsoever.

Another advantage of doing it this way is that the third parties would be the custodians of the information associated with the claim. So if a person were to get married and change their name, that could be updated by the entity itself.

You could then store these claims as keys in the app on your phone (the same one you used to record your biometrics and register your identity in the blockchain), so that the app would behave much like a bitcoin wallet. But unlike a bitcoin wallet, it wouldn’t matter if you lost it, as you could relocate your identity simply by going through the registration process again. They app would see that your biometrics had already been registered and simply copy the keys onto your device.

I know this sounds scary, but for me personally I would so much rather have my identity start with my biometrics rather my name or phone number or whatever. Namely because names can be forged, allowing identities to be stolen. Also, our biometrics are already more or less public informaiton. If you’ve ever had your photo taken or simply walked into a store with security cameras then your biometrics have already been recorded. For example, if you’ve ever been to Walmart then they have your face, gate, and who knows what else, along with your behavior profile, which in and of itself is proving to be as reliable as fingerprints. So the toothpaste is out of the tube, and I would personally rather take advantage of biometrics to use them to my advantage since companies are already using them without my permission anyways.