The KLM Royal Airlines has given a problem to solve at the Odyssey 2019 Hackathon. KLM wants to enable passenger travel seamlessly without any hassle to seek for ticket and/or passport at each checkpoint (security gates, duty-free, business lounge, boarding gate, etc.). They ran through a successful pilot with face biometrics. However, the problem they still have is a secure data exchange and data ownership. As a very sensitive data has to be shared between third parties, the goal is to return ownership of it to the users. Thus enable peer to peer data exchange.

Challenge #1. How to store face biometrics data securely?

We came up with a solution for an encrypted search. Basically, the system could have a database of encrypted face biometrics and make a search on it with data encrypted with the same algorithm. The computation would take longer, however, it would allow having a zero-knowledge search.

Challenge #2. How to store data securely?

It can be done by implementing verifiable claims. The verifiable claim is a piece of data signed by the third party. The way it works is that data (e.g. passport) is sent to a third party (e.g. KLM), verification is made and signed data pieces are sent back. For example, signed and encrypted face biometrics, destination airport, flight time, age, fact that the person is above 18 years old, etc. These claims (facts) are stored directly on a user’s device.

Challenge #3. How to verify the data received?

Once the user has all the claims, he wants to share it. For that purpose, data sharing is happening peer to peer by directly sending data to the third party (e.g. duty-free). Not all the data, but only certain claims are sent to the third party (e.g. destination airport and “is above 18” fact is requested by duty-free). However, now the third party needs to verify the data. As they can see that this data has been signed by KLM (which they trust), they just need to look at the blockchain for KLM’s public key and check if the signature of the data is valid making sure the user has not modified it. Once the verification is done, the confirmation is made.

Challenge #4. How to control data ownership and revoke data?

Main issue with data sharing is that most of the users do not even know where and which data they shared during the last few years. There is no such registry. As a result, a user is unable to revoke it as he does not even know who to ask. We came up with a solution to store fact of data sharing with it’s revocation date in a ledger, that would be accessed by the user and third parties. As a result, the user would have always access to the latest list of third parties owning his data. On the other side, the third party would see from whom data it has received and when to delete. The fact of deletion should be also logged on a ledger. This would simplify implementation of GDPR requirements.

Tech stack and overall solution

We utilized uPort SDK for verifiable claims, Factom for DID registry and data sharing fact storage. With such stack we were able to achieve and build PoC fast and viable. And as a result, our united team idShapers from Lithuania was selected as a winners of International Travel track by KLM Royal Airlines at Odyssey Hackathon 2019. Happy to represent Cryptodus as a part of the team and contribute our know-how from the blockchain solution development perspective.

Want to learn more about the Blockchain? Let’s connect on Linkedin: https://www.linkedin.com/in/lkairys/

Interested in the solution? Feel free to engage (lukas@cryptodus.com).