1Kosmos CTO, Rohan Pinto, and CMO, Michael Cichon, discuss the 1Kosmos platform, identity proofing, the NIST guidelines, blockchain technology and more in this vlog.

Michael Cichon:
Hello, Rohan Pinto, chief technology officer, and co-founder of 1Kosmos. Welcome to the 1Kosmos vlog.

Rohan Pinto:
Thank you. Thank you, Michael. In fact, I love the Mike and Mike show that you used to do earlier. I guess it’s my turn now.

Michael Cichon:
It’ll be the Mike and Rohan show, but I got to tell you, I’m not used to seeing you with pink hair. Did you?

Rohan Pinto:
Oh my, oh my. Yes, yeah. We’ve all been working from home for a very long time. I know that things in the U.S. are much better, but out here in Canada, I’m based out of Toronto, and out here in Canada, we are still under strict stay at home orders. And it’s been getting to everybody.

Rohan Pinto:
And we are all humans and it’s been getting to me and my kids as well. And my daughter just thought a few days ago saying that we have tried doing everything to keep ourselves entertained from playing ping pong at home, or have little game parties playing cards. And she said, “Hey, you know what, let’s do something different.” And she thought it would be a great idea to color my hair. And I thought it would be a great idea to let her do that. So I now have pink hair.

Michael Cichon:
That’s awesome. That’s awesome. Well, clearly you’re a great father. I did that. Well, I didn’t do that. I took my daughter once to a nail salon. I had my toenails done, but you see, I could wear shoes. So nobody knew, but it was a great experience.

Rohan Pinto:
My safety net is that we are under strict stay at home orders, so I don’t have to go out and meet anyone, but I did go out to the grocery store and got a couple of weird looks from the cashier, but you know what? It’s all fine and dandy.

Michael Cichon:
I like it. You look amazing. So you might stay with it. But on the serious side, I wanted to talk to you about our platform, this amazing platform as I’ve come to know it. I’d like to know from you. To start with, what problems did you set out to solve when you architected this platform?

Rohan Pinto:
See the thing is that the platform has gone through a huge cycle of evolution over the last three years since the platform was initially launched. Now, when we launched the platform around three years ago, the intent was to help consumers. To help consumers securing and to give them control over their own identity and also make things easier for them.

Rohan Pinto:
Now, we did not know at that point in time that we are going to be in a pandemic and everybody’s going to be working remotely and nobody’s going to go and meet someone face to face. But the whole idea at that point in time was to enable, to leverage technology, to enable consumers, to go and verify themselves and build a verifiable credential that they could then leverage to access services that required a very high level of assurance.

Rohan Pinto:
For example, banks are mandated to go through a whole identity verification process before they let a person open up a bank account where you’ve got to also go and verify that the consumer is a resident of a specific country, lives at a specific address, has a valid identity document.

Rohan Pinto:
And we said, hey, you know what? We could leverage leading-edge technologies like the blockchain and the capabilities that we have today on mobile devices to allow the consumer to go and create that verifiable credential, so he could go out and open a bank account remotely online, for example.

Rohan Pinto:
And then we realized that the technology platform just doesn’t apply to consumers, it applies to enterprises as well. Because if you look at the whole onboarding process of an employee, you really have to go and verify whether the employee graduated from a specific university. You’ve got to go and verify whether his educational credentials are actually valid. And the process today takes anywhere between a few days to a couple of weeks to verify an individual.

Rohan Pinto:
So we thought the whole idea of being able to verify an individual using technology within a few minutes would bring a lot of value to not just the consumer workspace, to the consumers side of the equation, but to the workspace, as well, to allow them to onboard employees onto their HR platform.

Rohan Pinto:
And then the whole platform took another big turn because it was so advanced in terms of the ability to verify an individual, we could then leverage that same identity to go passwordless and access websites and enterprise applications without having to deal with the complexity and the problems that revolve around passwords.

Rohan Pinto:
And here we are with a platform that not only does identity verification, it also does passwordless access to systems and desktops and web applications. And it also does biometrics.

Michael Cichon:
That’s fascinating. So it was the intersection of identity and authentication that drew my attention.

Rohan Pinto:
Absolutely.

Michael Cichon:
And you have these identity proofing companies. And then you had the authentication companies, but it was the combination that made it interesting. And you mentioned banking, and certainly, with the know your customer, it’s absolutely essential in the United States, at least that if you’re going to open a bank account, that you prove your identity.

Rohan Pinto:
Who you are.

Michael Cichon:
But how would you describe the ideal customer for this type of technology?

Rohan Pinto:
Like I said earlier, the ideal customer would be consumers because it’s all about consumers having the ability to prove themselves and go and access online services.

Rohan Pinto:
Now, while I say that the consumer side of the equation is an ideal customer base, it’s a very hard problem to solve because you can’t convince the entire population of the U.S., for example, to go and use a platform to access a service. Whereas the service that actually consumes that identity does not exist.

Rohan Pinto:
So if you look at it the other way around, it’s enterprises that actually provide you with service. So the thought process, our thought process changed along the way of saying the actual ideal customer is an enterprise, an enterprise that provides a service, an enterprise like a bank. And they need to acquire consumers.

Rohan Pinto:
So if a bank offered a service like a remote account opening, or if a telco provided a service like passwordless authentication system into any of your applications, that would be the most ideal scenario where you’re not really have a service that is.

Rohan Pinto:
So you now really have a service that organizations or enterprises offer to the consumers, but consumers also have a way to very quickly identify themselves, verify themselves, and avail themselves of a service in a much more easier and secure fashion.

Michael Cichon:
That’s interesting. What I’ve found interesting, it’s the graduated levels of identity proofing that we could introduce for different employees or categories of employees or customers with really just a flip of the switch that I found really fascinating. That it wasn’t a redeployment. It wasn’t some kind of a custom configuration. It’s basically deploying the level of identity proofing that was appropriate for that use case.

Rohan Pinto:
Absolutely.

Michael Cichon:
So I’ve come to learn about the standards in our industry, the FIDO2 standard, the NIST 800-63-3, the W3C standards. Why should anybody care that we are we’re certified on these standards and very few others are?

Rohan Pinto:
That’s a great question. Now, I wouldn’t want to dive into the specifics of the NIST 800-63-3 standards really mean, or what it brings to the table, or what the W3C verifiable credentials really mean, or what FIDO2 really means. But yes, we are not just compliant with standards, we are actually certified.

Rohan Pinto:
And there’s a huge difference between a product or a service that’s compliant versus a product or a service that’s actually certified. When you see that it’s compliant, you hope that it does what it’s supposed to do, but when you’re certified, you know that it actually does what it’s supposed to do.

Rohan Pinto:
Now here’s why standards are really important. Have you heard of this term called being holed into a walled garden? Organizations typically have a mentality, or they have a process, or they have a system or a platform where customers or enterprises get sucked into a walled garden, which means that every solution that you deploy, every little product that you deploy has to be from the same vendor, and you don’t really inter-operate with other vendors or with other platforms.

Rohan Pinto:
Adhering to standards would assure you that an enterprise that deploys any product that is certified and adheres to standards will inter-operate with all other vendor products that might be out there. So you can actually say, I’m going to use the passwordless authentication service from one customer, but you also have the liberty to deploy identity verification service by someone else altogether, rather than putting yourselves into a situation where every little product, every little service has to be bought in from the same vendor. It actually opens your doors and gives you the opportunity to pick and choose the services and the products that you want. And it also gives you the opportunity to pick and choose the vendors that you would want to within your organization.

Rohan Pinto:
Now, having said that, I would love it if they use our products for all their services, but again, giving customers the liberty of picking and choosing what they want from whom they want is as important as a user knowing who you are, what you are, and where you are.

Michael Cichon:
That is so cool. That is so cool. So you architected a distributed ledger into the platform. And you selected Etherium as the blockchain of choice. Why did you make these two choices? Why a distributed ledger? Why Etherium?

Rohan Pinto:
Okay, so let’s talk about distributed ledger for a moment. Here’s what distributed ledger brings to the table. When you’re talking in terms, or when you’re referring to something like a verified identity, where I stayed that I am Rohan. My last name is Pinto. I’m based in Toronto, and I’m going to turn 50 very soon.

Rohan Pinto:
Now, if this information sits on some kind of a centralized database, you have to trust the organization that owns the database, or you need to trust the administrators of that infrastructure to not go and tampered with that data and say, well, when Rohan’s identity was initially created, it said Rohan Pinto, but some administrator went in there and changed it to Rohan Cichon.

Rohan Pinto:
We know what happened with Edward Snowden at the NSA. When you have access to databases that have critical information, people can tamper with it. People can modify it, people can change it, which leads to multiple personas of the same individual being out there in the black market out on the dark web. I wouldn’t want to go and even try and look at the number of personas being sold on the dark web as of today. Identities are being bought and sold by the minute.

Rohan Pinto:
Now, having kind of a system that would give you the assurance that once you have your identity data stored there, it can only be accessed by the individual who owns that data, and that data can never, ever be tampered with is a huge value. So when we built the platform, we kept a couple of things in mind.

Rohan Pinto:
The first thing we had to keep in mind is to build it with security and privacy from the ground up. Now it’s very difficult for any existing product to embed security and privacy into their existing ecosystem. But we had the advantage of going greenfield and building the platform from the ground up, so we ensured that whatever we did kept security and privacy at the core of its infrastructure.

Rohan Pinto:
So anything and everything that we built on top of it automatically did derive the benefits of security and privacy by design. And in fact, privacy by design is one of the principles that was advocated by the privacy commissioner of Ontario, who I admire a lot, Dr. Ann Cavoukian. Also because I live in Ontario. So we incorporated her principles into the very core of our ecosystem.

Rohan Pinto:
Now, the platform itself is blockchain agnostic, which means that we can run our platform on any blockchain of choice. However, our drug of choice, I like to say, call it a drug of choice is Etherium because of a couple of things. One is having a private Etherium network that uses algorithm like proof of authority, enables us to conduct way more, many transactions on the blockchain than be limited to a normal public blockchain.

Rohan Pinto:
The other huge advantage that Etherium brings to the table is the advantage of deploying smart contracts. So think about smart contracts as a computer program that can never be modified. If a program was written to take A as an output and give you B as an output, it would always do that. And because this program is deployed on a blockchain, you can have the assurance that that program will always do exactly what it was designed to do. And it can not be modified by anybody and manipulate the results in any form.

Rohan Pinto:
Hence, the blockchain adds a lot of value. It also serves as an immutable audit trail. So you know that the person who logged into your desktop is the same person who logged into a web application, who is the same person who conduct a transaction on an online application. And since it’s immutable, there’s no way to refute that.

Rohan Pinto:
So while blockchain has its advantages, Etherium also had a huge bunch of advantages over all the other flavors of blockchains that are out there. And hence we chose Etherium. But having said that, we do have the ability to run on top of Hyperledger Indies, Hyperledger Aries. We can run on top of the Bitcoin blockchain as well, R3 Corda, or even JP Morgan’s Quorum.

Michael Cichon:
Okay. But we know that Etherium takes gas. And I know that gas is getting very expensive. It costs me, $4.90 cents the other day to fill up the car. So isn’t this going to get cost prohibitive?

Rohan Pinto:
Okay. Before I get into cost-prohibitive, it’s funny that you asked me that question because I was talking to my son a few hours ago and he said, “Hey dad, what are you going to get me for my next birthday?” And I said, “What do you want? You’ve got your PlayStation. You’ve got your video games. I just got you a Nintendo Switch the other day. So what do you want for your next birthday?”

Rohan Pinto:
And he in fact helped me build one of my first mining rigs that’s still running in my basement. So he’s been very interested in this whole cryptocurrency space. And he says, “Hey Dad, can you give me a Bitcoin?” And my first response to him was why would you want $15,000 for. Wait, hold on a second. That was $16,000. But what are you going to do with $14,000? And the whole point is that it’s so volatile. It fluctuates so much that it can go from very cheap to very expensive within a matter of minutes.

Rohan Pinto:
Now, having said that, one thing I’d like to point out is that our blockchain is not the public blockchain. It has got absolutely nothing to do with Etherium and the cost of Etherium or the cost of Bitcoin. We have got absolutely nothing to do with cryptocurrencies.

Rohan Pinto:
Yes, our blockchain also uses gas, and gas is a way to go and validate transactions. It’s a cost that you pay to validate transactions in the blockchain. But because of the way we have built our permission ledger per se, we also use gas, but think about gas in our world as monopoly money.

Michael Cichon:
Got it.

Rohan Pinto:
It’s got no correlation to the U.S. Dollar or any other what we call us Fiat in the normal world. So it’s got no correlation to Fiat or real money. It’s just a factor that plays a role in validating the transactions that go onto the blockchain. And it’s got no dollar value to it at all. So it’s never going to get expensive.

Rohan Pinto:
The other interesting aspect of using a private ledger is that when you set up a private ledger, you’ve got something called as a bootnode, which actually goes and creates X number of ether or X amount of gas. And every time a transaction goes through, you pay X amount of gas to the creator. So you never run out of gas in our ecosystem. And we can run an infinite amount of transactions because we pay ourselves ether or gas to conduct those transactions, and we reward ourselves ether or gas for validating those transactions.

Michael Cichon:
Okay, all right, but just for people listening, just to be clear, this is not the gas we put in our automobiles. This is a different kind of gas, just to be clear. Okay.

Rohan Pinto:
And it’s got nothing to do with cryptocurrencies. This is not the Etherium that people talk about. This is not the public network, and it’s got no correlation to or it’s got no dollar value at all.

Michael Cichon:
Okay. Well, I do want to talk to you about cryptocurrencies, but I’ve been warned not to do that because it’s a long conversation. So I’m going to do that offline.

Michael Cichon:
I do want to ask you about the guidance, any guidance you might have for anybody that wants to bone up on distributed ledgers or blockchain. I know that KuppingerCole and Anne Bailey has written a few things about sovereign identity and blockchain. Are there any other resources that you might guide people to that want to bone up on this area?

Rohan Pinto:
Yeah, absolutely. It’s great that you brought up KuppingerCole and Anne Bailey because she has got fantastic articles and publications out there that talk about privacy, that talk about security, that talk about blockchains and what blockchains do. And she also talks about identity management and identity verification and stitches them all together into this perfect story that gives readers a very clear understanding of what blockchains bring to the table and what verifiable credentials or verified identities bring to the table and how they play together with each other.

Rohan Pinto:
But there are a couple of other things that I would recommend the viewers to also go and read up on and catch up on. Number one is the publication of this particular article by Dr. Ann Cavoukian, it’s called 7 Foundational Principles of Security and Privacy by Design, where she talks about being proactive, not reactive, ensuring that privacy is a default setting of any application, embedding privacy into the design of an ecosystem.

Rohan Pinto:
She also talks about ensuring that you provide full lifecycle protection by offering end to end security and not security of only one specific component. She also talks about visibility and transparency and the respect for user privacy. So going and reading up on the 7 Foundational Principles of Privacy by Design is a good starting point to give you an idea of why security and privacy is very critical to the core of any ecosystem.

Rohan Pinto:
The other person I would like to give a shout out to is Drummond Reed. He’s a very good friend of mine, and he’s written this book on Self-Sovereign Identities and Verifiable Credentials.

Rohan Pinto:
It’s a great book to read, and he has gone into details of what self-sovereign identities really mean, what verifiable credentials really mean, and how they play a very important role in the digital identity ecosystem.

Rohan Pinto:
So apart from Dr. Ann Cavoukian and Drummond Reed, I would say there’s also an online tool called Blockgeeks, and Blockgeeks offers a lot of courses on blockchains. You can, in fact, learn a lot, and most of the courses are free.

Rohan Pinto:
I think it was founded by Dmitry Buterin, who’s a very good friend of mine, lives around 15 minutes from my house. And coincidentally, he’s also Vitalik Buterin’s dad, who’s the founder of Etherium.

Rohan Pinto:
So Blockgeeks is a great platform for you to go and learn about blockchains, about biometrics, about tokenization, and about smart contracts. So there are tons of resources online. Especially today, we can go and learn more about these ecosystems. And in fact, there are also tons of WhatsApp groups on the same topic.

Michael Cichon:
That’s amazing. Rohan, as usual, just a fascinating discussion with you. I so much appreciate you taking time to talk to me today. We’re going to have you back soon because the conversation could just go longer. I could talk to you for hours about this. But thank you so much for sharing your time today. I very much appreciate it.

Rohan Pinto:
Thank you. Thank you so much, Michael. And you have a great weekend ahead of you.

Michael Cichon:
Thank you very much.

Rohan Pinto:
Thank you.