Digital Identity Has Arrived To Canada
Updated: Jan 5, 2020
Last Saturday I stopped by local liquor store to buy a bottle of favourite Australian Shiraz for upcoming Sunday's Mother's Day family lunch. I was surprised to find store full of young adults, most of them between 21 and 25. Cashier had asked every one of them to prove their age before allowing them to pay for their stockpile of drinks. They all had to pull out and proudly show their driver's licences to prove they are old enough to enjoy all that booze. I immediately felt just a bit jealous, as nobody ever asked me for my proof of age in similar situations, and I have to secretly confess that I still feel deep inside like a 'millennial' (and I don't mean 1000 years old :-)
I then asked couple of those paying right in front of me (including the cashier as well), if they knew that Canada's main banks have recently launched the advanced Digital ID network, which could potentially soon be used in use cases like these, for efficient, frictionless and secure sharing of required personal information, completely digitally, which would eliminate need to reach out for your physical identity card. As expected, none of them knew that Verified.Me mobile app is already available for download.
Why Is Verified.Me A Big Deal?
Verified.Me is a newly launched Canadian digital identity and consensual attribute sharing network, built on top of blockchain technology. The goal of the service is to simplify sharing of personal information and help with identity verification in a safe way, allowing consumers to quickly and securely share required personal information with participating service providers, liquor store in previous example being a perfect case in point - whether purchasing alcohol in-store or even better online.
It also enables all businesses that are participating in the ecosystem, to achieve more streamlined, effective and cost-efficient client services and client on-boarding, by eliminating unnecessary and laboriously intense paperwork, while obtaining required personal information from consumers. For example, lots of data entry errors, during manual re-keying of paper data is eliminated and accuracy increased significantly. Improving accuracy, efficiency, security and eliminating friction for the consumers at the same time? Not many digital services can claim that. Most are either solving one of two of those, rarely all of them together.
The service has been developed and launched through partnership and cooperation of SecureKey FinTech and most major banks, including TD, RBC, CIBC, Scotiabank and Desjardins, with BMO and National Bank to follow and join shortly. Through Verified.Me Canadian FIs have proven once again that they can very effectively work together and launch standardized banking grade secure and frictionless platform with lots of ubiquity potential. Ubiquity alone is extremely important in launching any mediating network. In fact, banks are best positioned to claim the role of trusted custodians of digital identity information for their customers, since they have been already successful for many decades as custodians of those customers' digital financial assets.
Equifax and SunLife Financial Inc. are early adopters and the very first businesses accepting digital sharing of personal identity for the services they offer. Big three Canadian telcos (Rogers, Telus and Bell) are fully on board and soon Canadian consumers should be in a position to get their services, by easily and securely providing subsets of their personal information, like credit scores, proof of income and name & address info.
How Verified.Me Actually Works?
I have been asked this very same question multiple times recently. In this section I will quickly try to capture and describe, at the optimal level (not too low and not too high level) the main roles, components and how they collaborate during typical digital identity sharing transaction.
The main roles that participants in SecureKey Digital Identity ecosystem play are:
Relying Party (RP) - represents a requestor for someone's digital identity information. This typically would be an insurance company, a bank, telecommunication provider, cable provider, liquor store, etc
Digital Lock Box Provider (DLBP) - trusted party or custodian in charge of safe storing customer's digital identity attributes - either full set or subset of those. This role would typically play an organization with which customer has long term trusted relationship, like their existing bank. Remember that customers can have relationships with single or multiple banks, therefore they can potentially have more than one DLBP
End User / Consumer - an individual whose digital identity attributes are safely secured and managed by DLBP(s) and requested by RP(s). Consumer downloads and installs Verified.Me mobile app and is fully in control (by providing explicit consent) with respect to sharing their digital identity attributes (full set or just a subset, depending on any individual use case) with RP(s).
The main system components of the solution are:
Digital Asset Client (DAC) Adapter - this component connects each RP to their peer node on Digital ID blockchain network
Digital Lock Box Provider (DLBP) Adapter - this component connects each DLBP to their peer node on Digital ID blockchain network
Digital ID Blockchain Network - each DLBP and RP have a 'peer' node (server) that participates in this permission-ed blockchain network (based on Hyperledger Fabric) consensus and transaction validation protocols.
Verified.Me mobile app - consumers download and install it on their mobile phones and then use it to manage digital identity sharing transactions.
High level transaction flow is shown on the picture
1. Relying Party (an Insurance Co.) needs some data from the end user and creates Digital ID license request, and registers it with Verified.Me blockchain network via DAC Adapter. DAC Adapter encrypts it using the symmetric key and returns to Relying Party the reference URL, encoding the Digital ID licence request reference and decryption key. Relying Party encodes the reference URL into the QR code and presents it to the End User
2. End User starts Verified.Me mobile app, which automatically starts Identity Provider's (a Bank) mobile app on the same phone and asks user to login.
3. After successful login using Identity Provider's app, the End User is returned to Verified.Me mobile app to scan the QR code
4. Verified.Me mobile app requests Digital ID license request from the blockchain network via DLBP Adapter and decrypts it. End user is presented with consent UI, showing all of the data fields, requested by the Relying Party.
5. End user (via Verified.Me mobile app) provides consent to DLBP Adapter for sharing the data with Relying Party and the consent is registered in the Verified.Me blockchain network. Verified.me mobile app then receives back from DLBP Adapter the User License object, containing the unique decryption key
6. Upon receiving End User's consent DLBP Adapter continues with preparing the requested data from Identity Provider, encrypts it and records it on the blockchain network
7. Verified.Me mobile app makes a call-back to the the DAC Adapter's response URL (which was recorded as part of the original Digital ID license request) and provides the details of the User License for collecting the requested digital data from the blockchain
8. DAC Adapter uses User Licence object to retrieve encrypted data block from the blockchain network and uses unique decryption key to decrypt it.
9. Data is finally delivered to Relying Party
SecureKey and initial Digital ID Network Participants accomplished the key milestone in bringing Digital Identity plumbing and infrastructure to Canadian market. With such solid foundation the next steps are building the next layer of innovative value added services and achieving the ultimate adoption with consumers and relying parties.
Future can definitely be little brighter and much safer for Canadians which embrace it, since Canadian banks definitely got their back.