-
Technical Solution
-
Architectural Map
The technical solution is to encrypt and decrypt Personally Identifiable Digital Identity to and form the Blockchain Digital Identity Management System. The prototype was built to test for technical feasability and to trial it among participants to send official transcripts in various real-world situations, such as to a graduate school or to an employer. A number of key technical challenges to bringing the BDIMS to market that are to be addressed during phase 1 are: (1) developing the mechanism that can encrypt PIDI data onto blocks, (2) developing the mechanism that can decrypt PIDI from encrypted blocks, (3) developing the mechanism to make amendments on newly created reference blocks, and (4) filling the official PIDI data into an official digitally signed PDF document template to view and download. The potential barriers to implementation and/or adoption include: complexity in user interface, understanding what Blockchain is, understanding how Blockchain differs from current digital identity management technology, and the alignment of users’ digital identity management beliefs with that of DLB technology. In other words, “Does Blockchain manage digital identity with how the user believes their digital identity should be managed? PIDI data is sensitive and must be encrypted onto each block recorded on the distributed ledger so that it is non-transparent. In other words, all transactions are recorded on each participating Node and continually updated, without exposing PIDI data due to Block encryption. The PIDI data is encrypted onto the Blockchain with it’s corresponding generated hash, private and public keys, and decryption key. PIDI data can then be called upon for authorized release to the intended receiver through the BDIMS proprietary official document validation process. This process is composed of four steps in the transfer process of an official government issued digital identity document (as shown below). 1. The initial step begins with the validation of the sender’s ledger through a set number of confirmations. Once the sender’s ledger is validated, a one-way encryption request is sent from the sender to the receiver where the receiver’s ledger is validated through a set number of confirmations. 2. The receiver’s ledger receives the request to validate and is approved if keys and hash are valid. Validation is recorded on a new block and confirmation is sent to the sender. 3. The sender receives the validation confirmation. A new one-time use encrypted block will then be created containing the PIDI data and the Decryption Package sent to the receiver. 4. The receiver receives the Decryption Package and the PIDI data on the one-time use block, previously created, is pulled from that block. The decryption package will contain the hash of the block containing the PIDI data (to locate the block), a randomly generated decryption key (to decrypt), and the sender’s private key and public key (signature verification) to be sent as a decryption package through one-way encryption. These three key components of the decryption package, utilized simultaneously, will decrypt the target block containing the PIDI data for a one-time single use transaction. It is then entered into an official template that is a digitally signed PDF document. For example, after an individual’s driver’s license PIDI data is released, it will then fill into an official driver’s license card template that looks just as a driver’s license would only in a digital format, such as a downloadable PDF. A current example is the use of PDFs for official academic degree documentation. Various templates will be stored on individual Nodes and only pulled up when the decryption package is received and identifies which template to use. At that point the decrypted PIDI information will be entered into the template for official document use. In the case of an expired driver’s license, an amendment to the Blockchain must be made to either halt use of the expired document or issue a new driver’s license with updated data to a new encrypted block and set that block’s hash as the new identifier for this individual’s driver’s license request. If the digital identity information for a driver’s license has expired then an amendment must be made to the block that data is stored on to disregard the older expired block and create a new encrypted block containing any updated driver’s license information and a new date of expiry. This expiry date must be monitored autonomously on the Blockchain, meaning that a notice must be sent to the driver’s license holder notifying them of the upcoming expiry. Once the driver’s license holder meets the renewal requirements, then a new driver’s license will be added to the Blockchain and the amendment will now direct driver’s license requests for this individual to the new block rather than the previously expired block. Making amendments to the Blockchain just as amendments are made to official identity documentation in the real-world requires the standardization of digitally signed credentials and that is the main underlying factor contributing to why the BDIMS is a disruptive innovation. The BDIMS brings to real-world application the use of DLB technology in a simple-easy-to-use platform for PIDI management.
-
Architectural Process
The software development process will adopt the Spiral Model method as shown below.