Blockchain technology can be used to implement a collection of different tools. Most deal with finance or automations, but what I want to talk about is personal data and self custody of information.
Legacy applications currently run on third party servers hosted by a company. With this comes big risks. Data leaks, corporate hacks, or any other compromise of user information.
Most users are familiar with Know Your Customer (KYC) conditions of financial institutions — be it a bank, a broker, or some application with requirements to identify users for regulatory requirements.
Applications in Web 2.0 meet these conditions by possessing user data in their databases and verifying the user data within their own systems, as each application has its own means of collecting, verifying, and storing user data. This is a security concern, as users are reliant on the security of the different applications to secure their personal Identifiable information (PII). This information could be breached or leaked by any of the applications, leaving users’ private data exposed.
The XDC Network offers the potential to mitigate that risk by hosting private userdata on the blockchain. Data stored privately in a contract cannot be leaked or stolen as in a typical relationship database. I have previously written about storing private data with a token and creating user logins.
We can also store identities and verify them. Without the need for a 3rd party to host the data, leaks and hacks can be mitigated and redundancy of data can be reduced.
In The Delegated_Authority.sol contract example I provide PII data for:
(Public) Legal Name
(Private)Social Security Number
(Private)Driver’s License Number
But any necessary data can be modified to suit the required needs of the delegated authority.
A delegated authority is a dApp who would verify the identity of their users then having a boolean status result presented to third parties who have delegated trust to the delegate contract to give accurate results. The delegate contract is a contract who will deploy a series of smaller contracts that hold the user private data and will be allowed to view and notarize the identities of the contracts. Delegated authority contracts will have authentication tokens associated with them, only the possessor of which can read and notarize the identity of a user. These delegated authorities can be banks, financial institutions, or any establishment that is required to verify PII data on their users.
For example if a bank needs to verify an identity of a user to create an account the bank can launch a delegate authority contract and as users submit information to confirm their identities there will be a new generated contract that will hold their data and issue a token to show that the new generated contract belongs to them. With this other applications like an exchange can delegate the task of authorizing and confirming the identities to the banks delegate contract,which can check to see if the users KYC contract has been notarized and can check to see if the current user is holding the token that represents the Identity of the KYC contract they was generated when the user submitted their KYC info to the delegate authority.
On the XDC Network, a smart contract created by the delegated authority will allow for users to enter some know your customer (KYC) Personal Identification information (PII). This will create a separate KYC contract that contains the PII data of the user, and will generate an ID token for the user.
This ID token can be used as a form of notarization to third party dApps that they are the correct Identity of KYC contract and can view contents of the contract to view the PII data. Only the delegated authority will also have permission to view the contents of the generated KYC contracts as well as store and notarize authenticity and the status of said contracts. When a KYC contract has finally been notarized, either manually or programmatically by the delegated authority, third party dApps can check the validity of any given KYC contract from the delegated authority. If the user in the dApp possesses the ID token produced by the contract, their identity is confirmed.
The delegated authority contracts can even monetize their authority by charging micro fees to check the validity of a contract. Delegated authorities can bear the risk of notarization while being compensated for that risk. While dApps can offset the responsibility and resources to notarize identities for a fee and focus on other tasks.
This will allow for a reduction in redundancy, as a user can notarize his or her data just once before carrying it to multiple dApps. The security of the authentication token mitigates risk by securing access to the data. This is similar to how you would hand a security key to a key management service (KMS) instead of hosting user data in a database.
Blockchain dApps can finally have a means of compliance with KYC standards while offsetting risk and freeing up resources. Delegated authorities can be the gateway between legacy systems and blockchain by notarizing and tokenizing identities for easy use and even monetization by third party dApps who seek top notch security.
This can be the future of identification, passports, and all other sorts of verification. All it takes is trusting a delegated authority to move identification data on the blockchain.
About the Author: R Quincy Jones XDC Foundation developer, who on behalf of the XDC Network is building new standards and applications for the XDC Network. With over four years in cloud development, and a growing following on YouTube: CoinClubCrypto, is well-suited to break down the fundamentals of blockchain-based technologies for general audiences.