Self Sovereign Identity (SSI) & Zero Knowledge Proof (ZKP) explained:
SSI is an improvement on current ID systems in that it offers:
1. It is more secure and prevent common attacks to personal data, such as breaches.
2. Data is more private.
3. Users have a higher control over their own data.
4. The process is more efficient.
5. Users do not have to rely on other identity providers who may sell and monetize your data.
Using SSI to manage your key personal data allows you to compartmentalise all the separate parts of your identity and keep them safe and secure in an encrypted digital wallet, a ‘black box’ if you will, giving you the functionality of only letting certain people see the information about you that you want them to see.
This could include everything from your name, age, address, height, weight and Covid19 test status, to bank account balances, place of work and your role there including your salary…….in short absolutely everything about you.
The essence of the technology is to give clear access and validation but with total privacy. For example,a young girl of 18 shouldn’t have to give up her driving license which shows full name, age and full address to prove she is 18. A simple, age credential is all that is required. Nothing more and this is how SSI works.
For example, if you need to give your bank credentials to the local letting agency to prove you can afford to rent a flat, you can use SSI to verify who you are and that you have a job. It does this by using the ZKP framework that takes all the relevant information about you regarding the request and gives them enough information to tick the boxes they need to grant you the keys for the rental. Information such as, they are currently employed, they earn more than £XYZ and they can therefore afford the rent without telling them where you are employed, exactly how much you earn and what you can afford each month.
In the context of this project, our system handles personal data and test data. As a visitor to a care home, using our Vein ID biometric function, it will verify that you are definitely you, the system will let the care home staff know what your latest test status is, negative/positive. No other information is shown or stored on the system, it just verifies the finger with a ‘data Issuer’ then confirms the situation via txt to a registered phone. With regard to GDPR the individual can delete their own data at any time in accordance with current EU data laws.
So, what does this mean?
This means we have the technology now to test and trace individuals without disclosing any information other than the test results are associated with the correct individual.
Using the same technology but slightly differently we could also track peoples movements without disclosing where they have been so that if they become infected we can alert everyone they came in to contact with, during a given period of time without disclosing any other piece of information – it can also then be deleted at the individual’s request, thus not contravening any privacy laws.
This means we can identify and isolate outbreaks far quicker and easily then ever before and still not be violating personal rights.
Both these aspects would allow the public to enter public venues with more confidence and give the authorities the ability to see where the ‘enemy’ is at the same time. Keeping the economy safe and the public safer.