We can begin to consider a new paradigm for identity by thinking in terms of chains of processes
If a process can be digitally modeled as a chain then each step of the process would be a link in the chain. Identity is an ever evolving continuum. With every new event in the life of a person or a enterprise, the continuum of identity is affected. From this perspective, we see that identity is an ongoing process.
The current approach to modeling identity in digital systems in no way reflects this perspective of process. Rather, identity is almost universally represented by some form of a string that uniquely identifies the user, called the user id. Leveraging this user id, access control mechanisms ensure authentication and authorization. Once the user is logged in, her interaction with the system is logged as user activities and transactions with her user id included in all corresponding entries of the log.
The current paradigm of identity leads to the following problems:
What the user is doing (user activities and transactions) is not reflected with who the user is in a transparent and real time way
Identity is not automatically updated based on the rules and regulations of the system. For example, incentivizing users to engage in good behavior is difficult
For transactions involving multiple users, the connections and relationships between users are not seen in real time unless an analytics layer on top of the logs is implemented
An additional layer is required to generate a report connecting the dots to present an overview of the life of the user in real time
It is difficult to back a user with activities and transactions she did from another system. Similarly, it is difficult to reuse identity details from one system in another
In the current paradigm, transactions are first class citizens where identity is managed simply by including user ids in transactions; users don’t have a life of their own.
We can begin to consider a new paradigm for identity by thinking in terms of chains of processes. If a process can be digitally modeled as a chain then each step of the process would be a a link in the chain.
In the new paradigm, we can imagine the creation of a new chain for every new instance of identity, and a new chain for every new issuance of an asset. Every user would have her own chain, and every asset would have its own chain. Wherever and whenever the two need to intersect, e.g. when a user is carrying out a transaction on an asset, their chains would intersect in that particular step, and then go on their separate ways from the next step onward.
Every time a user updates her login details, carries out a transaction, links with other users for reference, brings in data from external systems, authenticates herself using her chain, the chain corresponding to her identity would be updated. If multiple users are involved in a transaction, then all of the chains for all the users involved intersect along with the chains of the assets involved. The intersection step would include the relevant metadata in the corresponding steps from all of the chains, be it from user chains or asset chains.
An identity chain would represent the life of the user in real time as the asset chain would represent the life of the asset in real time.
Proof of Process (PoP) technology provides a framework for digitally modeling identity as a process through user chains along with their tokenization, called PoP tokens.
Once we have the life of the user digitally modeled as a process, we can tokenize the process through cryptographic hashing in order to effectively aggregate the process into a single string. The token, much like a user id, allows for the referencing of a user in a shorthand way without the need to include all of the user’s actual process data. At any time in the life of the user, the user token is a faithful representation of the life of the user as per the latest user activity and user status.
The PoP Token:
Represents the life of the user in real time
Can be independently verified
Is cryptographically secured and tamper-proof
Provides a way to more easily re-use user history data and more smoothly onboard users into new systems
Let’s consider another almost universal process for new systems: user onboarding. The following might correspond to a bank or insurance system:
Documents provided by the user to establish her identity
Signed attestations from source of trust which back those documents
Signed references to past transactions involving users from other platforms
Signed due diligence reports from auditors that confirm the integrity of the user’s past transactions
Manually entered information from the user during signup
In a system using PoP technology, each step of the on-boarding process is appended to an identity chain unique to the user. Once the user has completed the on-boarding process, the system would then provide a token calculated from the chain in such a way that the token can act as a handle for user access. The PoP token can then be used for authentication and authorization.
The PoP token can also be used across multiple platforms to uniquely refer to the user without having to reveal any of the details from her on-boarding steps. If the legitimacy of the user’s participation is challenged, any step from her on-boarding can be provided as a proof without revealing all her data.
An example of PoP implemented with a public blockchain, the following diagram illustrates the PoP Identity scheme for the initial registration of a new customer as part of the KYC process.
Each block in the above diagram represents steps in the PoP timeline, which include:
Acquisition of Personal Information
: Private documents are selectively shared by a customer with a trusted trusted regulator, government entity, or licensed partner.
Validation of Personal Information:
The trusted party reviews and verifies the authenticity of the documents. It then produces a digital signature from the documents’ cryptographic proofs, which is then notarized onto a public blockchain, extending the PoP timeline.
KYC Token Issuance: A cryptographic PoP token is generated for the customer. The PoP token can be used to verify the validity of each step of the KYC process, by checking the authenticity of the trusted party’s signature and the integrity of all customer documents presented.
Ongoing Updates: As some documents become obsolete or invalid, updates with new documents and trusted signatures on those are automatically reflected on the PoP timeline.
With PoP, identity is modeled as an ongoing process. All events in the life of the user are added to the processing of a transparent and real time manner thanks to cryptographically secured proof systems and blockchains.
Anuj Das Gupta is a researcher and technologist.