Blockchain-Based Records and Usability
One of the primary challenges for any new technology is effectively presenting itself to users. It must map to existing mental models while balancing security and ease of use. In the world of blockchains, this challenge is particularly acute because the stakes are high and the patterns are new.
Learning Machine is proud to be an ongoing contributor to the Blockcerts open-source standard. The standard enables digital records to be anchored on the blockchain, owned by recipients, and independently verified by third parties without any dependence on a certificate authority.
The lynchpin of recipient ownership is their control of their own private keys. Without this element, people don’t actually own their records. Unfortunately, many experiments across the world are attempting to do things like issue academic records using keys that are generated for students. While the intent is to remove the friction involved in having recipients send institutions their public keys, this process is a prerequisite for recipient ownership of official records.
Recipients need a secure (and easy) way to generate a private key and send the issuer the corresponding public key, which operates as a surrogate for their identity written into their digital records. This allows recipients to demonstrate ownership of their records at any time.
Until recently, the process of obtaining individual public and private keys has been riddled with obstacles. Generating keys and transmitting them via email or a centralized software platform is insecure, because others can easily access the data. The postal service is more secure, but quite slow, with the ongoing potential for compromise. Developers of the Blockcerts standard saw the opportunity presented by the ubiquity of smartphones to make key generation and transmission easy.
The ubiquity of smart phones has created the preconditions for the individual receipt of cryptographically-sealed records at massive scale.
First, they provide convenience, along with hardware-level security, for the safe generation and storage of private/public keys. Second, software systems, like the one provided by Learning Machine, facilitate the introduction between issuer and recipient. So, transmitting a public key to an issuer can happen easily in the background.
Why is this key exchange necessary? To answer that question, it helps to understand the composition of digital records anchored on the blockchain.
Anatomy of a Tamper-proof Record
Files whose content is “sealed” and notarized on the blockchain can simply be JSON files that include images and text, as well as a recipient’s public key. All of this is hashed, signed by the issuing institution’s private key, and added to the blockchain. Later, a verification process can compare information on the recipient’s record to the transaction data stored on the blockchain. When everything matches (issuer, recipient, content hash, etc.), the record is verified as authentic. The result is a cryptographically-sealed record that is tamper-proof and owned by the recipient in a provable way.
Recovering Lost Records
The mobile app is the cornerstone of convenient recipient control. The core of this app is an HD wallet which creates private/public keys. With this new level of ownership, however, comes a new level of responsibility. True ownership means having the ability to make mistakes. So, what happens if people lose their certificates or lose their phones?
If a recipient ever loses their phone or deletes their app, they can easily regenerate their keys by downloading the app again and entering their passphrase. This will regenerate their public and private keys.
Passphrase > Private Key > Public Key(s)
Once their keys have been regenerated, they can re-import their certificates from their email archive or a file storage backup (such as their computer hard drive or a cloud provider like Dropbox). If they no longer have their certificates, recipients can request copies from the original issuers.
If recipients have also lost their passphrase, however, their records are gone. In this worst case scenario, they can obtain a new public key and engage with past institutions to issue again.
Here is a detailed catalog of recovery scenarios on the Blockcerts Forum.
You may have noticed that this system does not use a comprehensive identity system. Rather, public keys act as tokens for identity. This allows people to make verifiable claims about themselves without over-disclosing non-relevant information. They have everything needed to prove that a particular document or asset belongs to them without revealing anything else about themselves. The ability to selectively disclose important attributes about oneself is a claims-based approach to identity in which individuals can demonstrate who they are by sharing only the information that is relevant in a given situation.
A further privacy protection is the ability to using different public keys for receiving official records from different institutions. This helps prevent network analysis that could reveal all of the transactions related to a single public key.
Becoming an owner for the first time is always an exciting threshold to cross. It entails more freedom, but also more responsibility. Today’s young people comprise the first generation to inherit a technology that allows them to assert ownership over their digital records via their own digital key ring. The benefits of this shift are immense. Beyond the right of ownership, institutions gain a secure way to prevent fraud, while verifiers get an immediate way to attain peace of mind with regard to the authenticity of the credentials they are vetting. Smart phones and well-made apps are creating a promising environment for this new era of digital ownership and verification to flourish.