1kosmos blockid-overlay

Underlying technologies

BlockID solutions take advantage of several powerful and proven technologies — technologies that enable you to completely transform the way you identify people by replacing outdated solutions with a more secure, less expensive and easier solution.

Public-key cryptography

Public key cryptography is an encryption technology that uses cryptographic "keys," which are really just very long, randomly generated numbers that are guaranteed to be unique.

The keys serve as an input for the algorithm that encrypts data. Because the keys are unique, the encrypted file you create using your key will be different than the encrypted file that someone else creates using their key, even if you both use the exact same encryption software and algorithm. This means that the keys also serve as a way to digitally "sign" the file to prove that it came from the person who holds the keys — and only that person.

The keys come in pairs: a public key and a private key. These keys are different but mathematically related. Whatever is encrypted using the private key can be decrypted only by its corresponding public key, and vice versa. You can’t decrypt data using the same key that encrypted it — you must have the other key in the pair.

As its name implies, the public key is typically placed on a publicly accessible server and made available to anyone who wants it. The private key remains securely in the sole possession of the keys' owner, protected from the outside world.

If someone encrypts something using your public key, only you can decrypt it using your private key — even if the encrypted data file and the public key that encrypted it are publicly available.

BlockID solutions use public key cryptography to protect the user's identity data by encrypting and digitally signing it. The data is also signed when it's verified by a trusted third-party certification service using BlockID Verify (so that you know it has been verified and by whom) and when it's exchanged between you and the user.

Blockchain identity

Blockchain technology is an essential part of the BlockID solutions.

As its name suggests, a blockchain is a chain of blocks of data. The blocks are cryptographically linked. Once data has been written to the chain, it can never be modified — doing so breaks or invalidates the chain because the cryptographic signatures that hold the chain together would no longer match. Therefore, the blockchain creates a permanent, immutable record that's invulnerable to tampering.

The blockchain is replicated across many servers, so there's no centralized database and no single point of failure, which also helps to ensure its integrity.

This makes blockchain an ideal technology for storing identity data as well as the complete history of its usage — perfect for auditability. All of the data is encrypted with the person’s own public cryptography key, so only they can decrypt it and authorize its use with their corresponding private key.

Decentralized identifiers (DIDs)

The identity data that's entered by the user, verified by BlockID and trusted third-party certification services, and stored on the blockchain create what's known as a decentralized identifier (DID). DIDs are the new standard for identity data that's enabled by blockchain technology.

DIDs are not controlled by any single organization — instead, they're controlled by the owner of the identity information. They — and only they — get to choose what identity information to provide and to whom.

Smart contracts

In addition to using the blockchain to create and store DIDs, BlockID solutions use the blockchain's smart contracts feature to broker the request and exchange of information between the user and your authorization systems, seamlessly and automatically.

A smart contract is simply a bit of software logic that describes what identity information will be exchanged, why it's being exchanged, and with whom. The contract is added to the blockchain so that it's secure and can't be modified, and to provide an audit trail.

When a user wants to log in to your secure network, for example, they use their BlockID mobile app to scan a QR code, click a link or receive an NFC signal that initiates the process. Using the information encoded in the QR code, link or signal, BlockID creates a smart contract that specifies who you (the company) are, what identity information you need from the user, and what you'll do in return when you receive it, such as granting them access to your corporate network or their online customer account.

Your request is displayed on the user's mobile phone in their BlockID mobile app. Once they authenticate and consent to your request using their biometrics, the smart contract then knows what identity data must be retrieved from the user's BlockID digital identity safe and sends that data back to the user's BlockID mobile app, where it's decrypted using their private key.

That data is then re-encrypted and digitally signed using your public cryptography key, which is also contained in the smart contract — so you, and only you, can decrypt it using your corresponding private key. The smart contract then sends that information to you to complete the authorization process.