Best of both worlds: Identity based blockchain transactions

Pekka Kaipio
Dec 20, 2019 · 9 min read

The most common use for blockchain networks is the transfer of value. Cryptocurrencies and tokens present a standard for the digital assets of the future. The frictionless movement of a programmable digital value seems to be the critical building block for the future digital economy. Individuals get more control over their own money. Customers experience more user-centric and affordable services. Companies transform to operate with real-time balance sheets and automatic financing. The whole financial industry evolves from the unnecessary complexity to more versatile, inclusive, and transparent services.

Transfer of value

If we look more closely at what the transfer of value is, we began to see that the payments are only a small part of it. Transfer of currency and assets is the result of the process of transferring value. For example, a company ordering a product from another company is a typical business process. The buyer begins the process by signing the purchase order. The seller approves the order and sends the bill or receives the payment. Then the seller ships the product to the buyer and signs the receipt of the ownership. Process liabilities expand even further with the product guarantee and support. Bigger orders are also financed and insured by different financial institutions. In the end, the tax administration is also part of the process.

When we want to digitalize the transfer of value, we need to be able to connect the whole business process. The order, payment, financing, and receipt are all parts of the value transfer process. Currently, there are financial institutions and third-party service providers that do small parts of the process here and there. Financial institutions help large clients during the critical parts of the trading process. Service providers focus on scalable point-solutions to certain parts of the process. Even though there are somewhat automated ways to do it now, the value transfer process is disconnected and manual.

Smart contracts for business processes

Several blockchain platforms approached this issue by offering so-called smart contracts. These programmable contracts enable modeling complex business scenarios between several participants. The business rules in the contract automatically enforce transactions to behave in a certain way. This tamper-proof process enables every participant to verify the current state of the contract. The trust is in the business process instead of having to know each participant. The network of contracts enforces the trust.

Currently, these platforms are working on a limited scope. The first approach is to use a public blockchain network with cryptocurrencies and smart contracts. These kinds of networks are usually open to everyone and have broad interoperability. The downside is poor legal enforcement capability. It is difficult to enforce the law in an open, decentralized worldwide network. The second approach is to establish a closed network with known participants. The network governance rules define liability handling during the business process — this way, the users of the network, can use legally binding smart contracts between different organizations.

The lack of digital identities

The blockchain network based economy has not quite lived up to its promise. One of the key reasons is the lack of digital identities. Without identities, the transfer of value operates only on a case-specific silo. Public blockchain networks have limited ability to model real-world business processes without legally binding identities. Closed networks have legally binding user onboarding, but this also restricts the interoperability beyond the network use case — pretty similar scenario what we already have on the traditional platforms. For example, credit card payments operate in a highly restricted way globally, and more flexible and costly financing solutions operate only between financial institutions and specific clients.

Social login has become an increasingly popular single-sign-on method for consumer services.

Digital identity is the missing piece of the puzzle in digital value transfers. We have a bunch of mediocre means to handle identity information nowadays. Users have their data and authentication mechanisms spread around to different service providers. Services use either traditional login based systems or third parties, like social media platforms, to federate account information. It is difficult to follow where the parts of the identity data exist. Even though the federation model is a way forward, users cannot utilize the data between different systems. We have ended up in a situation where the identity-related data is not owned nor controlled by the user. The whole concept of digital identity has fragmented.

It gets even worse when the services are dealing with value transfers. Users need to go through a problematic and privacy-threatening know-your-customer process. On the other hand, organizations are depended on complex systems to manage user information. The lack of real digital identities creates a problem for value transfers. The identity and signatures of business transactions need to be appropriately identified by all participants in the right context.

Private keys control the transactions in blockchain networks.

One of the most significant innovations — introduced by blockchain networks — was the use of modern public key infrastructure. The keys act like identities in the shared ledger transactions. Sharing keys is a great way to ensure the interoperability of the identities. Participants of the transaction only need to have the key generated before being part of the transaction. Cryptography ensures the integrity of the transactions in the network. So there is no need for any centralized party to operate the network identities. The network itself acts as an identity sharing infrastructure. There are still some issues with this approach: The state of the network is controlled by keys, not with your own digital identity. We still have the problem with the interoperability of the identities: how can we verify who has done what.

Self-sovereign identity to the rescue

Self-sovereign identity is an identity model where the user controls his/her own identity and identity-related data. It is considered as the next step of identity management. Instead of having identity information spread around services, users own and control their identity data. The data is shared only through the consent of the user on a need-to-know basis.

Self-sovereign identity technology relies on blockchain networks as a shared public key infrastructure. The identity holders control their identity through the ownership of the private key, just like in the transaction networks, but for identity data. The user controls the identity information, and other users can verify the information through the network.

Verifiable credentials can be combined to deliver much-needed trust for highly regulated online services.

The ability to digitally sign and verify data is an essential part of the self-sovereign identity technologies. Self-sovereign blockchain networks enable you to own verifiable credentials linked to your identity. These credentials contain proofs of data that have been cryptographically signed by someone. They can represent documents or pieces of information like:

  • Name and age verified by government
  • Driver’s license verified by traffic administration
  • Diploma verified by the college
  • Festival ticket verified by the seller

Organizations can issue credentials to users in a similar fashion as they issue official paper documents. Users save these digital credentials to their digital wallets and present these as proofs for different services. These services can then verify the credentials through the network without a direct connection to the original issuer. The user controls what kind of credentials he/she wants to provide, no need to provide unnecessary information.

Identity information for accessing services can be different for each service, so there is no need to use the same identifier as nowadays with email or social media accounts. For some services, users don’t even need to provide an actual name; instead, they can provide proof of valid citizenship. Self-sovereign networks also support zero-knowledge proofs. It is a cryptographic way to prove something without revealing the original information and, for example, proving that the user is at a legal age without revealing the date of birth. Sensitive information doesn’t spread around like in traditional services, so its a very convenient way to protect user’s privacy. The beauty of the self-sovereign identity is that users can combine credentials from different sources and provide zero-knowledge proofs. A combination of verified information can go through the most rigid know-your-customer process.

Connecting business processes with identities

Connecting self-sovereign identity with transaction networks opens a whole new world of opportunities. Because the user holds the identity data in the identity wallet, he/she can be the interoperability provider for the services. It is a compelling way to communicate between services and networks without any direct API integrations. We can even think that the customer is an API handling all the customer-related information while protecting data privacy.

The killer feature is to include strong identification and authentication credentials to the user-controlled interoperable identity. Identity can sign a transaction in a decentralized business network where the counterparty of the transaction can verify the legal identity. It changes the way entirely how digital business processes operate today. Legally binding business transactions don’t need to rely on any specific platform or service provider anymore. Better yet, there is no need to know the counterparty of the transaction, only verify the provided credentials. Of course, we need to trust some parties for business and compliance reasons, but the user and service provider decide the needed level of trust. Just like in the paper-based world today.

The user controls identity data anonymously, and only the required set of credentials are verified. The identity linked transactions can automatically execute smart-contract based business processes while the participating parties can be previously unknown. Even further, transactions may use optional credentials from the user. For example, a user can represent a company with a power of attorney credential. So this means that legally binding business processes can be programmed directly between companies. We are not talking about just individual digital identities but digital identities for companies or any other representable entities. There is no need for middleman third parties to provide services for trust and interoperability.

Financial and healthcare sectors have been seen as one of the most complex areas to digitalize due to excessive regulations. Identity is a substantial cost and risk factor because every organization needs to replicate the same processes with a high level of requirements. Interaction between business processes seems to be a liability rather than an opportunity in these kinds of siloed environments. The impact on these sectors is going to be substantial from the new decentralized identity and business networks. Strict privacy requirements, combined with multiparty processes, are suddenly quite easy to implement.

Example use case: Marty has injured his knee, and he goes to see the doctor. The doctor writes an injury diagnosis to Marty, and he needs to go to a hospital for knee surgery. Marty starts the treatment contract process with the selected hospital and his insurance company. First, the hospital and the insurance company need to verify the diagnosis and the doctor’s medical license. The insurance company also verifies that Marty’s healthcare insurance covers the diagnosis and the treatment provided by the selected hospital. After that, all the parties sign the treatment contract. The treatment contract handles the payment directly to the hospital from the insurance company based on the delivered treatment at the hospital.

The networked environment becomes frictionless and efficient because the customer is in the middle of the process. Decentralized networks are going to eat business services as the social media industry has eaten the advertisement industry. Last but not least, these networks are also the perfect fit to replace the current social media platforms.

Pekka Kaipio

Written by

Technology Strategist | Building decentralized identity and financial grade blockchain solutions

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade