Hypersign is Creating a World of Frictionless User-Authentication Without the Caveats
How Can We Minimize Privacy Issues While Maximizing Convenience?
What if we could live in a world without the need for passwords, without clunky user-authorization mechanisms, and without the seemingly unavoidable occurrence of our personal data being harvested and sold by insatiable tech giants like Facebook and Google?
Imagine a reality where we can quickly and efficiently log in to any app or website using a simple QR code (or similarly convenient options) while we remain the sole owners of our blockchain-verified personal credentials. There’d be no more wasted time resetting login info, no need for annoying 2-Factor codes clogging up our phone messages, and true peace of mind knowing that the next major data breach won’t eventually lead to some dude on the dark web having access to our mother’s maiden names.
Hypersign is currently actualizing this data-protection dream with its cross-chain identity protocol and whitelisting solution. This up-and-coming project is bringing to life the promises of privacy and efficiency that we’ve all been gearing up for since the early days of blockchain. By focusing on the tangible benefits of all actors involved within a typical transaction of personal data, the Hypersign Identity Network is positioning itself as the obvious solution to the current user-authentication and identity access management (IAM) conundrum.
Re-envisioning the Power and Ownership of Our User Data
Data privacy has once again become a hot topic issue in the mainstream media this year following the highly publicized battle between Facebook and Apple. “The Social Network” has never been on the “righteous” side of the user-privacy debate, which was laid bare during the all-too-revealing Cambridge Analytica scandal. Now, Apple’s latest iOS14 update has added new fuel to the fiery question of whether or not FB has the right to store and share our data with potential advertisers and political manipulators. Facebook thinks it should be able to track us both on and off of its apps and fortunately Apple is introducing a paradigm shift that puts more data control in the hands of the individual user.
Of course, platforms like Facebook (and Apple) will likely always be able to track our in-app or onsite activity and essentially sell that data to advertisers. Zuckerberg’s consistent stance is that Facebook is free and therefore users shouldn’t have a problem with voluntarily relinquishing their data privacy when they use it. However, blockchain projects like Hypersign are proving that your use of a platform does not necessarily need to be tied back to your actual real-world identity. It also shouldn’t be combined with your activity that occurs outside of the platform itself. Hypersign is proposing a structure where you would be able to authorize your identity and access things like Facebook while ostensibly remaining anonymous during your interactions within the app and with external websites, apps, or other digital platforms.
Paying for Convenience with Single Sign-On Mechanisms
Let’s face it, we all absolutely hate the idea of having to create an entirely new set of login credentials whenever we register for a site or app. Even if we use the same password for every platform, the traditional registration and authentication process is time-consuming and unfriendly to most users. Data-hungry tech giants like Google and Facebook realized this issue early on and created an Identity Access Management alternative that most of us thought was an elegant and streamlined solution. Since convenience often wins out over privacy and ethics, the implementation of Single Sign-On mechanisms (aka social logins) was widely adopted and immediately increased user-registrations on nearly all platforms and apps that use it.
Considering the growing public knowledge of user-privacy issues, we can assume that social logins are used primarily out of convenience and little thought is given to the amount of additional data you’re providing to the holder of your login credentials. We’re so ready to do away with the issues of traditional user registration and authentication that we’re willing to give away even more of our personal data just to have a quicker signup and login process. Hypersign’s goal is to both further the convenience that social logins offer while simultaneously placing the control over our data back into our own hands.
A Quick Overview of User-Authentication
The Three Actors: User, Identity Provider, and Service Provider
Let’s take a quick look at how user-authentication mechanisms typically work. First, we have a user who is attempting to access a platform. Then we have an Identity Provider (IDP) who verifies a user’s credentials and sends those to the platform. The platform, or Service Provider (SP), then issues an access token to the user’s device so they can enter their app, site, or other digital services. For example, when we log in to Spotify using our Facebook credentials, then the User is us, the Identity Provider is Facebook, and the Service Provider is Spotify.
Without social logins, each Service Provider often acts as the Identity Provider too and has to request and store extremely personal and valuable data from the user. Each user has to create a unique password and username to give the Service Provider, along with providing other personal data like email addresses, phone numbers, and security questions. Social logins solved this issue for convenience by allowing us to have one set of credentials and one Identity Provider for almost every one of our accounts.
Problems That Each Actor Faces
In a traditional user-authentication scenario (one without social logins), there are uncountable problems with convenience and data privacy for all parties. The user experiences the extreme inconvenience of having to perform multi-step authorization processes including 2-Factor Authentication and security questions. The user is also made to create unique login credentials for the platform in question, which are frequently lost or forgotten.
Sure, some business-minded people might look at this and think, “oh well, it’s just a few minutes of wasted time for the individual here and there.” Well, according to Agios, those few minutes add up to 30% of the total time wasted for each employee throughout the course of the year. That means both employees and business enterprises are expending valuable resources simply because gaining access to certain platforms is a pain in the neck.
Why Solving For Convenience Alone Isn’t the Answer
Let’s say there’s a perfect scenario in which the individual user never faces convenience difficulties within the standard user-authentication mechanisms. They still face enormous problems surrounding data privacy. Social logins provide a good example of how solving simply for convenience can provide even more thoroughly complex issues.
With a social login scenario, we relinquish our user data to a single Identity Provider (i.e. Facebook) so that we can more easily access other sites and apps. This immediately puts the onus of safely and responsibly storing your data onto said Identity Provider. And as we’ve seen in the past, social login Identity Providers, like Facebook, often misuse your data without your consent (i.e. Cambridge Analytica).
So basically, we have a current Identity Access Management ecosystem in which the user pays for convenience by relinquishing more data or has to deal with traditional access conundrums. The Identity Provider is often exploiting the user info as a payment for the cost of storing data and supplying convenience. And the Service Provider is either beholden to the third-party IDP in order to avoid user-based issues or is forced to store and secure user data on their own servers, which is both costly, potentially dangerous, and creates new-user acquisition losses.
The Mutually-Beneficial Hypersign Solution
The Hypersign Identity Network aims to alleviate all of these issues for each actor in the Identity Access Management ecosystem. Within Hypersign’s design, the only detriment would be to those succubus-type middlemen Identity Providers (i.e. Facebook) who would no longer be able to force themselves into every part of our digital lives. With Hypersign, the user is both verified and also private, the Identity Provider never stores the user information, and the Service Provider has easy onboarding experiences and only receives the user verification without dealing with third-party storage or having to store and manage the data on their own servers.
Here’s a simplified rundown of how Hypersign’s ecosystem works.
First, all parties (including the user, Identity Provider (IDP), and Service Provider (SP)) register on the Hypersign Identity Network by uploading a public encryption key. Other public data can also be provided to create a more robust blockchain verified identity. For example, if a bank wanted to use Hypersign, they could upload a public encryption key as well as their address, website URL, and other publicly identifying assets of their business. Once all parties have verified accounts, they’ll be able to access the Hypersign solution.
Let’s say we have someone named John who wants to use Hypersign to do away with the current issues of user authentication. He uploads his public key to the Hypersign network and that key holds his encrypted private credentials which can verify his identity. He’d then receive a Decentralized Identification (DID) which would basically act as his username within the Hypersign Network. The Identity Provider and the Service Provider would also have DIDs through the same onboarding process, so each entity can be uniquely verified through the system.
Then let’s say John is hoping to create a new digital account with Wells Fargo (another Hypersign user). In this scenario, John likely needs to provide more personal information that isn’t already verifiable via his DID. So, John uploads his encrypted data to the Hypersign network, and then the Identity Provider uses his initial public key and DID to verify his new information.
The Identity Provider then sends John a Verifiable Credential (VC) which essentially acts as a distinct code for accessing Service Providers within the Hypersign Identity Network. John is the ONLY person that ever stores his data and remains the sole owner of his personal info, even though it is officially blockchain verified. Now, when John tries to login into Wells Fargo or any other Service Provider that requires the same credentials, he can simply scan a QR code that he stores in the Hypersign Identity Wallet, or anywhere he pleases, and he never has to worry about passwords or data privacy issues again.
How Hypersign is Building an Incentivized Ecosystem for ALL Parties
Hypersign’s platform was first built with financial adoption incentives for the Identity Providers and the Service Providers. Currently, high-quality Identity Authentication Mechanism gateways are often costly, difficult to implement, and obviously outdated considering everything detailed above. So, Hypersign is introducing its HID utility token as a way to incentivize low-cost and efficient Identity Providers to verify credentials while Service Providers of all sizes can enjoy the network at a fraction of the cost of traditional IAM implementations.
Recently, Hypersign has expanded its incentivization focus onto the Users themselves by providing a way to own and monetize your data using an NFT data marketplace. Basically, this would look like any other NFT marketplace but the primary buyers and sellers would be individuals and enterprises interested in monetizing or acquiring personal data. After a Hypersign user obtains a Verifiable Credential via an Identity Provider on their network, they’ll be able to mint that Verifiable Credential as an NFT and sell it on the Hypersign Data marketplace. While this might seem like an incredibly sideways proposition to most privacy-focused individuals, it at least puts the power and value of user data back into the hands of the actual user. Why let Facebook profit from our activity when we cant profit ourselves?
Using Blockchain to Decentralize the Power
The consistent theme throughout most blockchain and DeFi projects is a decentralization of power and an advocation for the triumph of the individual. Most of the time, that power is entirely based on some form of financial transaction. In our current era, our time and our attention (aka our online data) are often equally valuable to greedy data giants as our actual financial transactions. Hypersign understands this reality and is actively working to give the power back to individual users. They’re striving for a digital space where the user, the identity provider, and the service provider can all experience convenience, incentivization, and security without relinquishing anything at the same time. This is the future we’ve been waiting for… one where convenience and privacy can coexist.
Where you can Find and Follow Hypersign: Website, Twitter, Telegram, Medium.
