Our current relationship with verifying our personal information has become outdated, calling for a new identification system that doesn't compromise more information than requested.
Challenge: As the world becomes more digitally connected between customers, enterprises and devices, a customer’s digital identity is the core of our digital interactions. We envision companies and governments can issue a digital identity that is interoperable and accepted by any type of requesting party’s technology through a new enterprise platform product. Moreover, customer profile attributes are shared with consideration of privacy by design as an attestation (i.e. binary yes/no response for over 21) without sharing the data itself. Objectives: Build a smart translator middleware layer to enable interoperability of a customer’s digital identity so that it can be accepted by any requesting company’s technology. Enable the smart translation layer to share customer’s data securely, safely and in a permissioned way
What it does
Universal Identity is a digital identity platform that is interoperable and accepted by different requesting parties. Data, API's and other information related to a unique identity are accessible through a secure and permission interface.
How we built it
We wrote a node.js web application that uses MongoDB to store data. We also made a web interface to create an account and log in, as well as verify one's age with an NFC wristband and reader.
The U-ID platform is composed of 4 primary entities.
- User - The end user of the platform.
- Client - Some organization that is requesting information or actions to be taken from a user.
- Data Provider - A 3rd party data source or API that the user already has an existing relationship with. This provider may hold confidential information and take actions on behalf of the user, such as preforming a credit transaction.
- Universal Identity Platform - The middleware system that provides a process and secure APIs to pass information through the U-ID platform to Data providers.
This process allows a client to request data from a user. To streamline the process and keep convienience as similar to existing experiences, it was designed to require a minimum of one interaction between the User and Client. It is required that:
- The user have a hardware computer device with an internet connection and custom application such as a smart phone
- The client have a hardware computer device with an internet connection and custom application with some hardware device that can interface with the user's device, such as a pay kiosk with NFC emulator.
- The client first creates a session, which is a single request to an unknown user.
- The client then provides the session id to a user. This can be through some physical or digital process, such as NFC, local network, QR code, or other process.
- The user may then optionally verify the contents of the clients request with U-ID. This allows the user to ensure that the client is not recieving any unintended access or information.
- The user then approves or rejects the session.
- If the session is approved, U-ID will then preform the necessary requests with dataproviders, and send back the results to the client.
This process allow the user to pre-provision some hardware device with a temporary key that can grant access to a selected set U-ID dataprovider access (such as if a user is over the age of 21, but not their exact age).
- A user create a temporary key. The user will select what access this key can grant. The key could be a physical key, such as an rfid wrist band, or a software key, such as a mobile phone app where the user might select check boxes and NFC scan. See below figure.
- Then the key exchange will operate like existing credit card purchases. The user gives a client the temporary key, and the client requests data from U-ID.
Future device key provisioning workflow. This would generate an auth token that a kiosk deicve could use to authenticate to U-ID.