CRIF Presentation 16-9 format...database protocol that uses cryptography and a consensus algorithm...
Transcript of CRIF Presentation 16-9 format...database protocol that uses cryptography and a consensus algorithm...
BLOCKCHAIN APPLICATIONS:
Digital identitymanagement use case
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
Agenda
• What is blockchain
• What is not
• Why blockchain
• When blockchain
• Sectors using DLT
• Concrete applications for DLT in digital ID management
2
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
What is Blockchain?
“A Blockchain is a distributeddatabase protocol that uses cryptography and a consensus algorithm to maintain a perpetually growing ledger of transactions.”
World Economic Forum
“A blockchain is a new type of
database that enables multiple parties to share the database and to be able to modify that in a safe and secure way even if they don’t trust each other.”
Gideon GreenspanCoinSciences (Multichain) CEO
…Blockchain is like a spreadsheet in the sky!
3
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
Key components of Blockchain
LEDGERList of transactions bundled together in cryptographically linked ‘blocks’
P2P NETWORKNetwork for peer discovery and data sharing in a peer-to-peer fashion
CONSENSUS MECHANISMAlgorithm that determines the ordering of transactions in an adversarial environment (i.e., assuming not every participant is honest)
CRYPTOGRAPHYUse of a variety of cryptographic techniques including cryptographic one-way hash functions,Merkle trees and public key infrastructure (private-public key pairs)
VALIDITY RULESCommon set of rules of the network(i.e., what transactions are considered valid, how the ledger gets updated, etc.)
4
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
What Blockchain is not
A store for private and sensitive information
• “What happens in Vegas DOES NOT STAY in Vegas”: every piece of information stored in the ledger is public and visible to every participant in the network
• It’s essential to achieve non repudiability of transactions, not always a desired scenario • Personal, financial, medical details usually must be accessible only to its rightful owners
• Simpler scenario could be accomplished storing hashes of the sensitive data
• Private information kept off-chain, its hash used to certify/verify the performed actions • This works only if those information never have to be visible to anyone in the ledger
• Often sensitive data should be made accessible to third-party after legal owner authorization
• Business partners, regulators, governments must be enabled to check those data
• Specific privacy preserving DLT are coming together with new crypto techniques for selective disclosure of information
• Zero Knowledge Proof (ZKP) / Secure Multiparty Computation (SMPC)
5
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
What Blockchain is not
A store for large or rich information
• Distributed ledgers are not suitable for any type or large amount of data
• Typically used to collect commitments/performed actions on data (not data itself)• Each piece of information stored in the ledger has an economic cost associated to pay off the
resources consumption (each node in the network maintains the whole ledger state)
An high-speed, high-volumes computational platform
• Distributed ledgers are not suitable for any type or large amount of data
• Every state change must be validated by each (or at least most of) node in the network• Smart Contracts have very restricted type systems and expression capabilities (similar to
COBOL) • Each calculation performed by the ledger has an economic cost associated to pay off the
CPU consumption (each node in the network runs the performed calculation)
6
Blockchain is best for
Networks or ecosystems where many different actors – playing different roles - are involved
Actors involved in the network are not equally trusted and respectable
Transactions that require:
sound and safe identification
tracking high level of security and trust between actors
Blockchain immutability provides non-repudiable time-stamp, proving the existence of the data file in that specific status at that moment in time
>> Blockchain is not a database to store large amount of data! <<
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
7
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
Why Blockchain?
EfficiencyNot in term of speed but in term of reduce book keeping operations like daily reconciliation of multiple ledgers
TransparencyData inside a Blockchain is visible to everyone
ResilienceThe database is distributed across different nodes and resilience and immutability of data is considered a given
8
Why Blockchain? : A Financial Perspective
Blockchain is providing a faster and more secure avenue for transactions in a restricted laboratory environment
Current Centralized Financial System
Distributed Ledger
• Presence of intermediaries causes higher transaction costand time
• Central server failure could cripple the whole network
• High security costs, since high value data on central servers is lucrative targets for cyber criminals
• No single point of failure. If one institution’s system fails, the network remains unaffected
• The ledger cannot be changed by any single entity. This prevents both internal fraud and external cyber threats
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
9
When BlockchainA distributed ledger where transactions are recorded and verified anonymously; once recorded the transactions cannot be altered
Blockchain vs Centralized Databases
Disintermediation
• Transactions are imprinted with their own proof of validity and authorization removing the need for centralized verification
• Zero transaction cost or lower than traditional systems
Confidentiality
• Private blockchains are under development to enable blockchains to have the same confidentiality levels as centralized systems
Robustness
• By design, a blockchain has no single point of failure. Every node has a record of all transactions, thereby removing the risk of server failure
Performance
• As of today, the consensus-based verification (proof of work) process is both time consuming and resource intensive, but this is expected to improve the scalability
Non-repudiation
• Proof of the integrity and origin of data and authenticationthat can be asserted to be genuine with high assurance provided by the network
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
10
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
Blockchain projects in different sectors
Source:Cambridge Centre for Alternative Finance https://www.jbs.cam.ac.uk/faculty-research/centres/alternative-finance/publications/global-blockchain/#.WwLpK034fIW
11
Key blockchain applications for Financial services
«Consumer credit» management of differentactors involved in consumer credit origination(e.g. car dealers) binding the borrowed amountto the borrower
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
«Notarization» to grant data, files or news immutability, registering and proofing the certain existence of a file in a given moment (proof-of-existence)
12
Who is doing what
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
13
Source: UK Business insider, 20 september 2017
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
14
Key blockchain applications for Insurance
The first product developed by B3i is a platform focusing on handling reinsurance contracts on a state-of-the-art distributed ledger:
Rather than maintain data on separate ledgers of each contracting party, the B3i blockchain application runs a shared process, calculation, settlement and reporting on a distributed ledger.
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
Blockchain in our industries?
15
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
Blockchain for digital onboarding and KYC processes:
Banks and financial Institution need to rely on secure and certified IDs
Blockchain application for ID registrationand attestation make certified IDs tamper-proof
A blockchain system for ID authentication lets the user define at sufficiently granular level how his personal information should be used and for what purposes, being also able to keep track of the way this information is used and to claim for accuracy of data
A concrete application: digital identity management
16
KYCCustomer On
Boarding
SCA - Strong Customer
Authentication
Notarization,Asseveration,Legalization
CriticalOperations
(i.e. data change, dispositive operations)
Other procedures
(i.e. trader ID and Trading data)
Confidentiality P P P P Confidentiality
Performance P P P Availability
RobustnessP P P P P P Integrity
P P P P Unchangeability
Non-reversible(hash value)
P P P PNon-erasable/Read-Only
disposal (archive)
Non-repudiation P P P P P P Uniquely Identification
DisintermediationP P P P P
Infrastructure & BC maint.
(non-Single Point of Failure)
P P P P P Cost optimization
Identity Providers
integrationP P P
Customer Due Diligence
(SDD-EDD)
Notarization P P Legal document
2FA (second-factor authentication)
P PSD2
Blockchain for Digital Identity managementUsing a distributed ledger Financial Institutions could answer to main operational and regulatory requirements
P= required (*)= analysis is work in progress
Operational Process
Digital ID &Blockchain DLTDrivers
Operational & Regulatory Requirements
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
17
Digital ID management: benefits and opportunitiesfor certified data provider and trusted thirdy party
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
18
Data provision
Attribute Aggregation
ID verification – if offered
Credit information and other certified information on the user whenever requested by FIs or third parties
B2C services cross selling opportunities
Banks•Loan application
Real estate
Otherservices
•Utilities application
•…
•Tenant Screening
•…
Insurance •Life insurance ?
Towards a new and compliant Consumer-centric approach
Privacy by Design
Each new service or business process that makes use ofpersonal data must take the protection of such data intoconsideration. Any organization need to have adequatesecurity in place and that compliance is monitored.
Privacy by Default
It means that the strictest privacy settings automaticallyapply once a customer acquires a new product or service.
Control & consent
The regulatory regime that results from the Regulationstands on a series of principles that give back to thecustomer “control” over the use of his/her personal data.
©2018 • Blockchain and Digital Identity management use case • CRIF-CETIF
How do we get from an insecure,
centralized information model to a
decentralized authentication?
combination of IDP, data hashing and Blockchain
19