The Aversafe Solution

Following on from Tu’s blog post on the problems that Aversafe is addressing we have established the significant issues facing digital identities and credential fraud. In this post, we follow up with the Aversafe approach to solving these problems.

Reclaiming your digital identity

Your identity is your most valuable asset, but how do you control it in an increasingly digital world?

In exploring the technical options available to Aversafe to address the credential fraud problem we realised that we are on the precipice of change with both blockchain and biometric authentication opening up significant new technical opportunities to innovate and build decentralized, trusted and secure identity solutions.

Self-sovereign identity

The challenge facing any identity provider in this current climate is securing user data in a mechanism that doesn’t make them an attractive target for hackers. Existing identity providers centralise records in such a way that breaches are almost inevitable as evidenced recently by Equifax, the SEC and Yahoo.

The recent proliferation in biometric authentication such as fingerprint scanners on smartphones opens an avenue to a different approach. Self-sovereign identity management.

By this, we mean that the individual’s identity, as well as associated attributes, are stored locally on the device, established by that individual and managed and controlled by that individual. OpenID was the first step in this direction; however, the technical knowledge for individuals to implement and maintain their OpenID services meant that it would never gain worldwide adoption except through intermediaries such as Google or Yahoo, who continue to centralise those data stores.

Aversafe is different; we approach identity as something the individual should own and ultimately be responsible for. You establish the identity locally on your device and hold your private keys for the data storage. Data storage itself is also directly on the phone. This is important because it allows us to be a global company from day one, we remove the attraction of a single data store and allow users control over their identity.

Credential attestation

Of course, the next challenge would be that if a user controls their information how do you provide any level of trust around the information presented to others? Solving this problem is where the blockchain shines.

Leveraging a permissioned blockchain, we allow trusted actors within the network to audit and participate in the storage of attestation data separate from the actual data stored on users phones.

This use of the blockchain provides cross-border trust between otherwise untrusted parties while giving them the transparency to understand bad-actors are not influencing the attestation data presented. This is incredibly important in a global solution where the world is trending towards less trust, rather than more. We need to bridge that gap for a genuinely universal identity and credential management solution to thrive.

Ecosystem integrations

In the case of Aversafe, our success lies in the success of the ecosystem. Just providing an identity platform isn’t enough, you need to be able to use your identity and receive a benefit from doing so.

Our integrations solidify our ecosystem making the identity valuable to individuals and ecosystem partners alike. We will deliver into the market job board integrations, applicant tracking integrations, integrations with third-party software used by certificate issuers and APIs allowing developers to integrate identity and trust into their applications.

The first place you will see this functionality will be with job boards, allowing individuals to immediately share trusted information with a company for a specific job opening.

Technical execution

How do we do this? Stay tuned for an upcoming blog post that explains how we leverage a permissioned blockchain and cryptography to keep your data in your control, safe on your device, and still provide the trust necessary for the ecosystem to thrive.