Investec, BankservAfrica reveal blockchain-based ID system
The demonstration, born in the digital identity working group of the SA Financial Blockchain Consortium, was done at the recent Blockchain Africa conference in Johannesburg.
"Through the Ethereum blockchain, our prototype allows individuals to register a universal, re-usable and encrypted identity," says Graham Nelson, Investec's blockchain engineer.
"This identity has no restrictions on who or what can integrate with it, so it has many other applications and can be enhanced by any other entities the user has a relationship with."
According to Investec, this is comparable to a Facebook account, where a user can give other entities approval to integrate with his/her Facebook login and then access personal information, such as name, friend lists and contact information.
Gary de Beer, BankservAfrica's blockchain engineer, explains: "The big differentiator of Investec and BankservAfrica's prototype is that the user has full ownership of his/her identity and can decide who can access this information.
"As the data is encrypted, it prevents entities from selling a user's personal data to other third-parties without permission. It makes large-scale data hacks a thing of the past."
As the Ethereum blockchain anchors each individual identity, other individuals or entities can "attest" to specific information to enhance an identity, De Beer adds.
"For example, once John Doe has an identity, Investec can attest he has a private bank account, pays his salary into this account, has a home loan, etc. Similarly, the Department of Home Affairs could attest John Doe has an official identity and passport number," Nelson notes. "There are no limitations - any entity can attest any information."
Chris Becker, Investec's blockchain specialist, says the possibilities are endless. "A single identity can be used globally, which means greater simplicity for the user.
"As he/she is in full control of his/her encrypted profile and who can access this information, no one can share personal information without explicit consent. In future, users might even be paid by entities for access to personal information. Also, there will be no need to send copies of identity documents or other personal details over unsecured Internet connections. This improved security will minimise the risk of identity fraud significantly."