Knox W3C DID Method Acceptance Marks Digital Identity Milestone for Interoperability and Privacy

W3C approved and merged Knox’s Decentralized Identifier (DID) method did:knox, and Knox is now part of the official W3C DID Method Specification Registry. Read more about DIDs here.

This is a significant milestone in Knox’s mission to promote standards based interoperability and privacy for next generation financial products, and will help support our mission of providing secure, privacy-preserving Self-Sovereign Identity (SSI) solutions to our customers and partners. We believe that SSI is crucial for providing users a safe and secure way of authenticating, authorizing, signing, verifying identity required for today’s digital interactions without unnecessarily exposing underlying user data to various centralized services. Under SSI, sensitive data will stay with the user device wallet enclave and only leave the device as allowed by the user for compliance purposes.

This milestone will help Knox in building out further interoperability bridges with different technologies, platforms, and user data sources while still helping to maintain user privacy, including offline and unbanked user transactions. Our decentralized identity product will help users with convenience (QR scan, tap, etc. instead of manual entry) and privacy while enabling simplified compliance for regulated crypto, bank KYC, 360° user insight, and personalized workflows for businesses. Our solution:

• Works with existing identity/user data sources to simplify KYC, AML/CFT, GDPR
• User friendly, privacy preserving wallet service to avoid manual data entry and inconvenient verification/transactions
• Save time & costs on system integration with standards based interoperability — W3C Decentralized Identifier (DID) and Verifiable Credentials (VC). Provide 360° internal view of the user & data insights.

As banks and government institutions already provide identity services for its customers, the Identity Bridge can easily integrate into the existing identity systems over standards such as OpenID Connect (OIDC)/Security Assertion Markup Language (SAML), or any other integration methods in various siloed user data sources in order to set up the customers’ wallets. After this one-time setup process, users can verify themselves as required via VCs such as compliance requiring financial transactions — all the while still leveraging the bank or government institution’s existing KYC process for AML/Sanctions checks against financial regulations.

Knox thanks the W3C for their work in championing the DID standard, and looks forward to further advancements in the digital identity space.

More About Knox’s Identity Bridge

Knox Networks provides a secure white-labeled identity solution that integrates with financial and government institutions’ existing identity solutions to work with FBDAs. The pseudonymity of this system preserves privacy of the users, while still making sender and recipient information available when required for financial regulatory compliance.

Identity is often proven today via either physical ownership of credentials (e.g., a driver’s license or passport) or online via a list of usernames and passwords on centralized services over the internet. These solutions lack privacy, with both methods exposing more data than is necessary to parties in a transaction.

For example, verification in the modern world might require the showing of a driver’s license, which includes additional personal information like date of birth, address, and name. In reality, the only thing that must be proven is a verifiable way of knowing the answer to the binary question “does this user have some form of valid ID?” While showing whole credentials may be acceptable to a person who may not remember, this exposure is not a best practice over the internet. With traditional identity systems, users store usernames and passwords on external centralized servers that are easy to forget and get reused in dozens of systems such that a single security breach exposes access to the rest of the victim’s associated systems.

The Identity Bridge ensures sensitive data stays in the user’s secure storage, authenticating and interacting with cryptographic proofs of identity data, instead of usernames and passwords, via a system called Verifiable Credentials (VCs). Decentralized Identifiers (DIDs) work in tandem with VCs to help ensure that cryptographic operations can occur without needing to expose sensitive user data. The Identity Bridge integrates into existing identity systems, providing SDKs and modules for backend services, websites, and mobile apps in various programming languages.

How Decentralized Identifiers and Verifiable Credentials work in Tandem in the Knox Identity System

As banks and government institutions already provide identity services for its customers, the Identity Bridge can easily integrate into the existing identity systems over standards such as OpenID Connect (OIDC)/Security Assertion Markup Language (SAML), or any other integration methods in order to set up the customers’ wallets.

The Identity Bridge creates a powerful yet empowering solution to the ever present problem of identity management within the financial system.

Sample Identity Bridge Interaction Between Users and Banks

The Digital Identity Bridge can become even more flexible and robust when combined with the tokenization. Read more in our white paper.