Secure Global Digital Identity, for the Digital World

What's worse than paying your taxes? Having an identity thief steal your return payment, the IRS paid out $5.8 Billion in fraudulent returns in 2015.

In Australia we don't have the same SSN issue (the failed Australia Card), which is the root cause of most of the above USA tax fraud, but the expanding use of TFN's, drivers licenses (for ID not driving a vehicle, i.e. functionality creep) is creating the same fraud opportunities here in Australia, ask any of the 770,000 Australian's who suffered from identity theft. The problem is real and no solution exists today.

Principles:
a) personal data shall be exclusively under the individuals control, b) not held in any centralised system, which does not hold a current certificate for a system evaluation to EAL3 at a minimum, this applies to all government as well as commercial systems, c) be held in fewer and more secure places and d) be global and freely available for verification subject to principle a.

Identity Theft is a Global problem, as such this article proposes a Global Solution to protect individuals and organisations, while still allowing the shared "community" objectives like AML ect to remain in place. The current Government, and private industry Identity protection practices, belong to a world which no longer exits, have consistently failed the Individual, and community, and are simply not suitable for the current Digital World. A truly Global secure solution is required which is effective in both the bricks and mortar, and Digital world, and should be publicly accessible and free. The same solution should en power "third world Individuals" to enable a truly global digital world in which everyone can participate.

Ones identity is something we take for granted (after all it is you), and expect the various organisation, including governments we deal with to protect our identity. Yet these same organisation are at the heart of the identity theft problem. All of these organisation tend to blame the "Individual" for any Identity Theft when in fact they are the root cause, and only the Individual is affected by theft of their Identity.

“Digital identity“ is the sum of all digitally available information about an individual. It is becoming increasingly complete and traceable, driven by the exponential growth of available data and the big data capabilities to process it. The issue addressed within this article is the ability to link both the Digital and physical worlds, and how a compromise within the digital world can affect the physical identity, i.e Identity Theft..

The data elements which underpin, most widely used "personal" identifying data, are birth dates, names and addressees, and drivers licence numbers. The aggregation of this data, under pins our "identity", with regard to many Digital Transactions. Many organisations routinely collect this information, some like banks, use birth date continuously.
Information collected for the purpose of AML,should only be used for the specified purposes it was collected for, not for general bank operations, this is clearly defined in the Privacy Act (Section 6.1), yet banks, and other organisations routinely violate this principle. This ongoing violation of the Privacy Act, is one source of Identify fraud, yet continues without any checks or balances.

Today the collection of personal identifying data, has become epidemic, and grows each and every day, routinely night clubs, and hotels (with zero security protection, or regulations in place), photo copy an individuals drivers licence. Banks photo copy drivers licences, birth certificates, even though not required under any legislation. With a drivers licence, a birth date and data readily available from a postbox or even available on line, almost anyone can open a bank account on-line as "you" today. On-line organisation like Google, track and scan all of your on-line and digital activities, collecting any data which lows though your emails or any site you visit, while using systems that have zero security accreditation or any stated compliance with Privacy Principle APP8 (cross boarder data transfers).

Once your Identity is lost, it can be impossible to participate within today's digital and physical world; many find it takes years to address their Identity, after being stolen, their are cases where physical properties have been sold from under their owners.

"Identity crime is now one of Australia’s most common crimes, It’s estimated to cost at least $1.6 billion each year. ID crime is one of the key tools of organised crime groups. Yet Around 20 government agencies in Australia issue more than 50 million documents or credentials used as proof of identity" from DVS transcript.

In many cases, Government departments are the root cause of the problem, by forcing the Individual to provide identifying data when in fact only authentication is required. Additional "function creep" , has become epidemic as data is collected for a specific purpose,and then used for a different purpose, in the case of DVS a unrelated revenue generation purpose. Government departments are the source of almost all Identifying documents, these MUST NOT be outside of the Individuals "control", and must not be used for any purpose other than as collected. This simple requirement is explicitly covered in the Privacy Act Section 6.1 which also applies to Government departments.

A drivers licence is solely for the purpose of authorising an Individual to dive a nominated vehicle, it is NOT an identity card, it is not an Australia Card by default. The whole DVS concept is bizarre. Check out the total absence of even the most basic security for these systems, the best you get is some waffle or links to policy documents, there is not a single Certification available on any Government or Commercial Site. DVS has recently started selling individuals verification to commercial entities, yes using an Individuals data as a means to generate Government revenue, and selling this as enhanced digital security, truly bizarre.

Identity theft is a by product of the issuance and storage of these 50 million documents and credentials within a range of in-secure centralised systems, this is just crazy.

Today there are a range of commercial providers of "Identity" systems, sometimes labelled as Green ID?, mainly to support AML requirements, and many private solutions such as used by banks, and recently Governments via DVS? All of these have fundamental security flaws, they are centralised and the control over the Identifying data is not the exclusive control of the individual but rather the centralised authority. This is is fundamentally flawed concept, as the identifying data MUST be under the control of the Individual or Entity to whom the data belongs, this is so very basic, as only the Individual is affected by Identity Theft, non of these organisation are affected at all, and take no responsibility for any Identity Theft relating to the data they collect and store.

The whole concept of storing multiple copies of ones identifying data all over the planet in in-secure repertories (could not find a single provider who has its systems accredited to ITSEC at even the most basis EAL2 or more appropriate EAL3  level). Not a single operator has published their mandatory security policy which should include as a minimum encryption in transit and storage. See D&B Green ID, VEDA, and from 2015 the Australian Government via their DVS all fail this basic test.

Seriously, does no-one care less about Individuals, and theft of their Identity?

In the security world, centralised systems are known as "single point of compromise", the reason why one sees 100,000 of personal data affected,when one of these systems is compromised (credit card data is typically one such system). Centralised systems are not used for a single high assurance deployment anywhere in the world today, why is Identity data being stored in such insecure systems?

When ones "identity" data is compromised, this data cannot be put "back into the bottle" or fixed, once ones Identify is lost via compromise of identifying documents, one can be totally unable to participate in every day functions, yet the same insecure, centralised solutions are still in use today, as are the ongoing compromise of such systems systems.

Finally after 15 years of R&D and recent advances in cloud security, a solution to address both Identity Theft  and Anti Money Laundering compliance in a single secure and publicly available framework. The end of hidden or secret data storages with no transparency.

As part of the Global Block Chain Ledger network, we have deployed the worlds first totally Global Secure Identification system.

The system is based around a open standard, for a Secure Identification Number(SIN), which is derived from Elliptic Curve cryptography and keys generated and stored within cloud based Hardware Security Modules.

The solution to Identity Theft, is not complicated,
STOP:

• Collecting personal identifying data which is not required to perform the immediate activity, by the requesting entity.
• Storing any personal identifying data in any centralised system.
• Sharing or accessing any personal data without the explicit approval, on a per request basis by the Individual
• Storing aggregated personal identifying data in any System 
• Sharing personal data, outside of the initial receiving entity and system
• Routinely requiring personal identifying data as apart of an authentication process.

In order to prevent Identity theft, in all cases the Customer should be able to provide the "authentication token" to be used by any organisation when requesting authentication. This is very basic security and privacy requirement, and a part of the digital world today.

The fully decentralized, anonymous, secure identity.
Enter the Secure Identity Number(SIN), this is a totally digital identity that may be securely used for any type of transaction within the digital world, including replacement of the traditional username/password.
A SIN(s) is the unique record identifier by which this identity will be known, the key concepts are:

• there is no centralized infrastructure or entity required
• the secure identity is under the total control of the Individual
• can securely support the full range of Identity and authentication requirements

Attributes:

• Ownership can be digitally proven with high assurance, and possible non-repudiation
• Disposable
• Optionally attach sequence of key-value pairs (public proof) and hashes (private proof) to your SIN record. 
• Start out as anonymous identity, and as required, support opt out of anonymity on a per SIN basis, by attaching identifying key-value pairs (real.name = "John Smith").
• All key-value pair updates digitally signed by SIN owner (private key holder) abn=123456
• Third parties may offer digital attestations:
• Identity Verification, Inc. digitally signs a SIN as passing their 100 points check.
• Auction Provider, digitally signs a SIN as having a certain reputation score, on their website.
• Decentralized market users, digitally sign one another's SINs, building a decentralized reputation, social media.

Within the Public Block Chain Ledger, these signed  "attributes" are stored within the industry standard DNS "TXT" records for the entity identified by the SIN. This allows a totally secure, yet publicly accessible resource for any agency to securely query any AML related attributes, anywhere any-time for no cost. 

Customer identification and verification play a critical role in meeting anti-money laundering regulations and for maintaining an accurate customer database.

Address your business’s know-your-customer compliance obligations and reduce the business costs associated with outdated and inconsistent data with our Global Secure Identification Number(SIN) solution.

The World First Global, Secure Identification Number is now publicly available.
Any AML attribute verifications can be performed on-line, anywhere in the world for free.


Also see
http://villagemall-ceo.blogspot.com.au/2015/06/identity-theft-and-digital-world.html
http://villagemall-ceo.blogspot.com.au/2015/06/bitauth-decentralized-authentication.html
http://villagemall-ceo.blogspot.com.au/2015/07/public-block-chain-ledger-navigation.html

The following SIN attributes are supported in Release 1.0:
public enum attributeType
        {
            dob, // Date of birth
            adr, // Address
            bus, // Business number (abn)
            tax, // Tax number (tfn)
            drv, // Drivers licence
            pas, // Passport
            age, // Age card
            nam, // Individual name
            cpy, // Company, Trust ect name
            act, // Account, value is free form ASCII. Meaning within context of signing entity.
            bic, // Swift Code/Bank Identification Code
            lmt, // Payment Limit, value in local currency of signing entity
            rev, // Social Review of this entity, value is review scale of 1 to 10 where 10 is highest
            rat, // Social Reputation, based upon eBay rating, converted to a scale of 1 to 12
            rvk  // SIN is revoked, value is date of revocation, this makes any SIN disposable.
        }

Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Navigating the Public Block Chain Ledger

Unlike bitcoin which has a "single" duplicated block chain, the Block Chain Ledger(PBCL), has a fully distributed block chain.

As a fully decentralised Public Block Chain Ledger, there needs to be a  mechanism to support the navigation through the P2P block chain segments, which make up the Global Block Chain Ledger.
Optionally this same mechanism supports the discovery of all block chain nodes, in a similar manner to bitcoin.

Node Discovery.
The PBCL makes use of industry standard DNS.
The PBCL root is the domain blockchainledger.net

This root contains the P2P seed seed.blockchainledger.net which will operate much like bitcoin seeds. The PBCL protocol does not support hard coded seeds, only the hard coding of the seed domain.

Each node within the PBCL is identified by a Secure Identification Number (SIN), this SIN is used as the "host" within the DNS "A" record entry.
This allows navigation to any segment in the same manner as any host on the Internet, the preferred means of linking segments of the PBCL together and navigation along the PBCL.

Secure Identification Number, Attributes
In order to support a number of regulatory and business requirements for identification or other related entity attributes, the PBCL supports optional SIN attributes.

Attribute:

• Sequence of key-value pairs (public proof) and hashes (private proof) to your SIN record. 
• Start out as anonymous identity, and as required, support opt out of anonymity on a per SIN basis, by attaching identifying key-value pairs (real.name = "John Smith").
• All key-value pair updates digitally signed by SIN owner (private key holder)
• Third parties may offer digital attestations:
• Identity Verification, Inc. digitally signs a SIN as passing their 100 points check.
• Auction Provider, digitally signs a SIN as having a certain reputation score, on their website.
• Decentralized market users, digitally sign one another's SINs, building a decentralized reputation, social media.

Example
Host SIN: 01ccf7bcaffbf94ce060c5ee79c2294ee992de521dac8da52e
A Record: 01ccf7bcaffbf94ce060c5ee79c2294ee992de521dac8da52e.blockchainledger.net
Attribute TXT Record:

v=sinatt;type=02;abn=19088024560;sig=0x3045022100970 CE1AD84D5E9012DE04502A67E7EDA5F9979 66C3C1497CF619199116FD27A802201E1DB 771D023A9DD827AAF1E6372FB0BA2A093D7 E3A7F1BA72BD19ACC40AC62C

Type: 01 = Attribute/Hash , 02= Attribute/Value pairs
sig: HexEncoded(DER ECDSA Signature)

Also see
1. Free hardware generated and protected Bitcoin Private key and key-chain.
2. Identity Theft and the Digital World..



Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Superanuation, Block Chain Ledgers and Digital Auditors

Following several auditing scandals, the most notable the Enron Scandal in October of 2001,for the first time in its modern history the global audit industry lost its most precious asset: public trust. Although the industry has since recovered, and the rules have changed to limit the risk of another scandal of similar proportions, the potential for auditor fraud, as uncovered in 2001, still remains.

Over the course of the evolution of financial markets, there was an obvious and increasing need for a system of public accountability. Traditional methods of accounting and bookkeeping allowed companies to record and report their financial information in a standardised format that could be more easily digested by fund members and public investors; but without adequate trust, the public was often left at the mercy of self-interested businesses.

The Auditor
An audit is quite simply an opinion provided on the financial statements of a Fund or Company based on pre-determined accounting guidelines (most commonly International Accounting Standards). The role of the auditor is to provide the trusted voice that states that opinion. On this, an enormous and lucrative industry has been built, with the majority of large players in global financial markets being audited by the “Big Four”.  Our Australian Superannuation sector has mandated yearly audits as part of the public confidence in the Superannuation system.

The evolution of bitcoin, and more recently specialist standard double entry accounting systems with integrated Block Chains, has been discussed as being potentially disruptive in the context of many major industries. In different scenarios, significant variations of block chain architectures have been suggested. Bitcoin, the most common use of a block chain, has proven to be tremendously valuable as a perceived network for broad transparency and security, where public participation and visibility is is essential element of this trust. This contrasts with the secretive nature of almost all Superannuation Funds worldwide, a similar situation applied to most investment managers,

Recently we have seen the emergence of both Public (bitcoin like) and Private Block Chain Ledgers, the latter have greater flexibility for data privacy and authorised access. In many implementations these are  based on standard double entry ledgers with block chain security applied to them, nothing radical like bitcoin, just a natural evolution of accounting systems.
Across this spectrum (from fully public to private) lies the solutions to many of the world’s centralised data problems, including financial reporting and auditing. The first commercial Private Block Chain Ledgers for the superannuation industry was released in 2015, we expect to see the first truly decentralised (bitcoin has a single distributed block chain)  Public Block Chain Ledger within the same year.

Problems and Opportunities
Those familiar with accounting will understand the concept of double-entry bookkeeping, as being an evolution “from single-entry, which just recorded what happened, to double-entry, where what happened has to be explained by reasoning with another account. So if you don’t have an explanation, you can’t have an entry”.

This is the basis of debits and credits in accounting, where one account tracks a balance and the other an event or activity. Over the course of an operating period, balances above accumulate with each additional entry. By the end of the year, Fund X may be accumulated balances for each of its members after all contributions, investment activities and payments are netted together.

This is the point in time where the auditor comes in. Because Fund X is accountable to its members, they require accurate financial statements to characterise the Fund activities and their resulting member benefits.

In essence, the auditor will test a reasonable sample of these balances, and the transactions they are comprised of, to make sure that the reporting is “close enough” to the truth (based on the materiality of the Fund). Often, the auditor’s test will include communicating with the respective parties to have them confirm the balance reported on Fund X’s financial statements.

In addition to this entire process, consider that for each customer and supplier, there could be another auditor testing the very same transactions on the other end. In terms of instances of redundancy and inefficiency, this is one of global proportions.

The Audit Premise
The audit processes involved in the scenario described above have remained relatively unchanged for decades, with slight improvements to change the nature of the information from paper to digital, but without questioning the underlying premise and the role of the auditor. The technology of a Block Chain Ledger is very well suited to address this scenario.

With the ability to compare accounting entries between two parties, while maintaining data privacy, this solution could significantly reduce the reliance on auditors for testing financial transactions. Once a match is posted to the block chain ledger, the transaction is time stamped and irreversibly recorded. each and every transaction and flows between systems can be verified from the source. You have the debit, the credit, and the confirmation by the network.

A block chain ledger solution could essentially allow for an automated third party verification by a distributed network to ensure that transactions are complete and accurate and unalterable.
As described, it is difficult to properly convey the size of this opportunity. The use of a block chain for the purpose of audit is unique from other uses as audits impact all industries and are the fundamental basis by which global financial markets are trusted by superannuation members.

The use of  private and Public Block Chain Ledgers, will revolutionise the audit process and significantly enhance the confidence in the Superannuation Industry. The rate of change in this area is truly amazing, and like all disruptive technologies there will be the inevitable winners and looses.

The future of secure Block Chain Ledgers and the next generation of digital audits is here today..

Further Reading

Triple Entry Accounting, and Secure Block Chain Ledgers.

Public Block Chain Ledger for Accounting, SMSF, and Portfolio processing.



Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

The Battle for Competitive Advantage in the Digital Economy

Latest research shows a software-driven enterprise is critical for competitive differentiation.

A new kind of company, the software-driven enterprise, is redefining business strategy and performance. They are leaders in the accelerating application economy, where code is king and competitive differentiation depends on customer-pleasing apps and advanced development methods.

In several instances these software-driven enterprise have already disrupted and even decimated existing business models, the two most well known are AirBnB and Urber, where the existing Real estate based rental agencies have been almost totally driven out of the short term rental market, and taxi licence holders find their licences have become worthless over night. And while they reach for "old world" regulatory help the Generation Y factor makes this a pointless exercise, the horse has bolted.

Urber has social currency to spend, existing taxi companies have none.

In both of these cases software has simply reduced the supply chain, and provides a direct peer-to-peer (P2P)  relationship to more effectively, and efficiently deliver existing services.

We see a future were Software will be used to radically change whole professions, the most obvious one is property related functions, Urber has already proved this is possible for the short term rental market, the days of lawyers and real estate agents charging for what software can radically change, in the same way as AirBnB and Urber is obvious to market observers.

Imagine as P2P property sales replace the current 70% of sales which are done via simple web site on internet today, as well as the old world 30% processed via physical estate offices. Now add almost instant settlements, without the collection of people currently involved, all technically possible today.
Another area ripe for disruption is the $14 Billion bank fees (Australia alone) market, after all payments is just moving around bags of bits, something software can do for near zero cost.

Oxford Economics conducted a global survey of senior business and technology executives, and the results show that 78% of enterprises believe that the shift to becoming a software-driven business models will be a critical driver of competitive advantage.

While the application economy is growing rapidly and already having a significant impact on the way companies view their business, building a software-driven enterprise is no simple task, many (wrongly) are spending millions re-inventing the same software wheels, purely because they believe they need to have everything "in-house". They miss the fact that Software has also gone though a radical change, and has become a commodity, the future comparative advantage comes not from software alone, but by the way software is used within the market place. Within the current and future market, first to market is the "obsolete" competitive advantage. As an example there is simply no reason anyone should pay for Accounting Software today.

Urber owns no cars and employs no drivers, it simply connects customers to suppliers. Urber's software solution could easily be duplicated, but their "first to market" advantage is harder to replicate.

“Companies that don’t accept and meet disruption head on, simply won’t exist.”

Driven the future is Generation Y, social media and new ways of looking at old problem spaces, these must factor into your digital transformation strategy.

We believe one quarter of the Fortune 2000 will have changed within the next two years, with those unable to understand Generation Y buying behaviors losing out. It is essential for not only digital channels to be built, but also fundamentals to be revisited, such as business models and the way in which services are provided, and interaction with customers

The Million plus "APPs" available on Google Play, demonstrate what the future looks like, once the focus moves from games to business applications, the movement has already begun.

The future is much like the past, where synergistic "partnerships" between software and marketing companies will drive the next wave of client centric enterprises, where the client becomes one with the enterprise, much like existing social platforms such as face book, but with a commercial focus, these solutions are almost unlimited in scope.



Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Free, Real-time Gross Settlement system (RTGS) for everyone, with a mobile phone.

Today, "money" is a in all cases a bag of bits within a computer system, gone are the days of bank vaults, guards or burglar alarm systems. Money is today sent for close to zero incremental cost between computers. The real costs involved in monetary payments, is securing the 100+ year old double entry accounting systems, and the mass of clerks and auditors who keep  "payment systems" and decade old payment networks like SWIFT running, and manage the risks associated with any losses. To be fair there is a "significant" regulatory cost imposed on banks, and payment systems as well, but these do not match the excessive payment fees which exist today, this is what creates the opportunity. If existing financial institutions offered a free payment service, or close to costs, once they isolated or upgraded their old world insecure accounting systems, than a new global service would get wind in its sails. The system proposed herein is the next generation of Real-time Gross Settlement Systems (RTGS) where all transactions are atomic, instantaneous and irreversible, and have the ability to execute in a distributed orchestrated data and processing environment, including P2P, even if the P2P is not the most likely first commercially deployable option.

Back to reality
An observation; there is "significant" amounts of money going into bitcoin related "block chain" activities, which will never become "verbs" such as to "Google" to "Xerox". There is no truly disruptive technologies evident in this space, which is probably not surprising given the focus on banks and their involvement combined with the massive amounts of profits made from processing payments today. A free payments system is simply not on anyone's agenda, it is typical to see recent graduates as heads of Banking block chain groups, or it is a part time activity for the non executive banking staff..

Like most entrepreneurs, one looks to the "big vision" which can "change the world", and make life better for all. Making money comes as a by product of achieving the "vision" or getting as close as possible, a fundamental different view of the world from the typical banking executive.

The Bill Gates foundation has spend billions trying to solve third world health problems, such a malaria, a free payments system which creates wealth for individuals, can more effectively address third world health issues, than any cure. Poverty unpins many third world heath problems.

There is a saying "Teach a man to fish and he can feed his family forever" in this case enabling third world populations to securely participate in the global economy, we envisage will bring lasting change for the better for everyone. The "Vision"..

Hence if payments, are the focus, rather than a total "Block Chain Ledger for Everything" solution, a vision which is consistent and a subset of the Secure Block Chain Ledger Vision, is a world with a fully decentralised and totally free payments system which is available to anyone who has only a mobile phone.






If one looks at the bitcoin network, it by design drives up the cost of a each transaction, some say its sits at ~$10 per transaction today, totally the wrong approach, its this basic.

Considering the references listed below, if one combines "triple entry accounting", the Private and Public Block Chain Ledgers and Secure Identification Numbers(SIN), and lastly BlockAuth then the implementation of a secure payments system becomes very simple, especially as almost all of the technologies required exist as freely available software today. To support a wide range of eCommerce, the same protocol supports orders and invoicing as well as payments, the two should not be separated.

As all public Block Chain Ledger entries are atomic and instantaneous, and in reality have close to zero incremental cost, then all payments should also be free, this underpins the vision.
We expect the wide availability of free payments, to have the potential to increase the GDP of many third world individual and countries, and lead to an improvement in the wealth of  all.

Today Cloud Accounting for sole traders, and Superannuation Funds is free, no-one needs to pay for accounting software, why not free payments as well.

This result will be truly disruptive to the existing old world, when combined with a fully decentralised Public Block Chain Ledger, and secure payment protocols, making use of the almost universally available global mobile phone platform and free software.

Key Features

• All payments less than a threshold, say $10,000 are Free
• Real-time, atomic, cryptographically secured, fully decentralised Public Block Chain Ledger, participating in a "Triple Entry" accounting ledger protocols.
• Explicit for FX transactions as required, no explicit gateways or exchanges required.
• All transactions appear instantly on the distributed distributed Public Block Chain Ledger
• Requires only a mobile device, with internet access,lightweight data usage
• Suitable for both first and third world participants, bring into the commercial world the existing disenfranchised populations.
• Supports payments to and between individuals who lack first world bank accounts or  identification
• Based upon well known double entry accounting systems, with addition of secure Block Chain Ledger technologies. Private Block Chain Ledgers do not need a single or standard technology solution set, only that they can publish and participate in supporting the global distributed Public Block Chain Ledger protocols
• Reuse of as much bitcoin technologies and available free software as possible
• No bank account required
• Saleable from micro payments though to any value, recognising there may be additional measures required to address additional risks or compliance requirements.
• Supports anonymous and non anonymous payments via SIN and SIN attributes.
• Non anonymous SIN required for all transaction amounts above $10,000.
• Support for commercial Orders and Billing within common payments protocols
• Any taxation is held within the Private Block Chain Ledgers, all payments are considered tax free as is the case today.
• Makes use of IMEI within Mobile device SIM cards.
• Practical unlimited value, is capable of being held within the distributed Public Block Chain Ledger, there is no hard protocol limits as there are no limits within the underlying double entry accounting systems. No wealth or money is created within the Public Block Chain Ledger or payments system.

What about Banks
What do financial institutions want?  Cryptographically verifiable settlement and clearing systems that are globally distributed for resiliency and compliant with various reporting requirements.

What role would banks play in a distributed free value transfer world?
Banks can continue with their existing functions, especially in the early stages, but are not a fundamental element of the solution space, especially for sub $10,000 value transactions with SMEs involved in  B2B, C2B and C2C type payments. In fact banks can use these same underlying technologies to bring their own ledgers into the modern digital world we all live in.

They also play a role in the Secure Identification Number (SIN), when there is a requirement for non-anonymous attributes being applied to the SIN, to support a range of commercial payments and regulatory frameworks, but like above this is not a mandatory element of the solution. And other providers will appear over time, like market place "ratings ect) all variations of SIN attributes are supported. One of the objectives is to support payments from people who have no bank accounts and no first world identification today, and are locked out participating in global eCommerce today.
The one palce that banks will still maintain an dominant position is the supply of "cash" most likely via ATM's for the various local communities, we don't envision the total replacement of "cash" and do not see anyone removing the dominance and convenience of ATMs, we would hope that they can be integrated into the free payments network, even if "cash" dispensing will probably never be free.

Banks also have significant risk management expertise, and in many cases this is a requirement of a successful transaction, especially as the transaction value increases.

But banks are optional parties within any payment transaction, it is the participants choice, in any decentralised solution, Opt-in is always the prim objective.

Why Mobile Phones
In many third world countries, without any banking or credit card systems the only technology that exists is a mobile phone.

Many of these countries rely almost entirely on services like "Western Union" to provide universal basic and not free money transfer and payments, western union is the practical "currency" in many countries.

Many developing countries have encouraged mobile phone companies to invest in infrastructure, the story of a home without any electricity, but with a solar charger for their mobile phone is not something unique today. Hence it is an obvious choice to base any global universally available payments system on this infrastructure.

Why the existing RTGS system is broken and cannot get anywhere close to FreeThe answer is obvious refer to the figure below, its nowhere close to KISS..

The Solution, Key Technologies

1. Hardware secured and protected ECDSA, and ECDH keys and key chain ( July 2015)
2. Secure Wallets on mobile devices (mostly available free today, just needs linkage to hardware key chain above).
3. Secure Private Block Chain Ledger (available today)
4. Secure Public Block Chain Ledger (available today)
5. Secure Identification Number(SIN) (complete infrastructure operational today)
6. SIN attributes for non anonymous  transactions (available today)
7. BYOD management for device compromise (available today)
8. BitAuth between key chain and mobile device ( available today)
9. Scaleable, algorithm agile eco-system (available today)
10. Payments protocol (in development)

A new and exciting word is almost here..

Reference Implementation

In the reference implementation, using a commercial hash keyed database, ~10,000 blocks per second could be processed. This is for each of the distributed PBCL nodes within the PBCL's; hence the total processing of the PBCL is practically unlimited. The reference implementation also supported ~ 5,000 read operations, this asymmetry is typical of commercial databases.  The performance is relatively independent of the number of transactions in the distributed PBCL up to the tested 1 Billion transactions. Due to the decentralised nature of the PBCL, this poses no technical transaction processing limitations, and should easily exceed any existing global payments system.

All transactions within the PBCL are atomic, instantaneous and irreversible.

Performance Comparison:

·         Bitcoin 7 tps

·         PayPal 115 tps

·         PBCL 10,000 tps for each BPCL node, unlimited across the global PBCL

·         Visa network <56,000 tps

Storage Comparison

·         Bitcoin, at very high transaction rates each block can be over half a gigabyte in size

·         PBCL typically less than 500 bytes per transaction

References
1. Free hardware generated and protected Bitcoin Private key and key-chain.
2. Identity Theft and the Digital World.
3. Triple Entry Accounting , and Block Chain Ledgers
4. BitAuth, Decentralized Authentication for the mobile digital world


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

BlockAuth, Decentralized Authentication for the digital world.

BlockAuth, is a new light weight, password-less authentication protocol, based on the same cryptography used in the bitcoin protocol. Eliminating centralised, server-side storage of shared secrets, and drastically reducing the impact of a compromised server. While designed to support a Block Chain Ledger within a range of financial transactions, can be applied to any existing and future Internet based system requiring secure authentication, especially all mobile platforms.

The majority of computer and internet authentication systems today, are based upon username and password pairs. The username is a unique identifier (usually an email address), the password the shared secret between the user and the system to which access is being granted. Some of the more security conscious systems (HSBC, BofQ, Amazon, Google ect) offer an additional one-time-password, usually based upon something one "has" to form an authentication triple.

The problem with these, and other systems, is the need to share and protect a secret, and the aggregation of these secrets within a centralised system:

• all smart cards need a shared secret key (typically DES key) loaded, CC, SIMs ect
• MFA and all one-time-passwords need a shared "seed" secret
• passwords are a shared secret

BlockAuth is a way to achieve secure, authentication using the same elliptic-curve cryptography as Bitcoin. Instead of using a shared secret, the client signs each request using a private key and the server checks to make sure the signature is valid and matches the public key. A nonce is used to prevent replay attacks and provide sequence enforcement, every BlockAuth signature is unique.
BlockAuth additionally supports mutual authentication between the client and the remote service.

BlockAuth is designed as a light weight, secure authentication service, which leverage's the Bitcoin free software base, be it with commercial EC curves, to allow mobile platform applications(APPS) to mutually authenticate with a wide range of internet accessible services or peers.

BlockAuth make use of a Secure Identification Number, or SIN, a fully decentralized, anonymous, secure identity, based on a the same bitcoin ECDSA key pair, SIN is an integral part of BlockAuth. The SIN supports both persistent, or ephemeral identifier, as well as the ability to opt out of anonymity as required. The SIN can be given to any number of remote services and there are for all practical purposes an unlimited number of SIN's for each client. The SIN is analogous to a bit coin address, as it takes the following form: base16check( 0x01 + ripemd160( sha256( pubkey) )

Typical authentication flow..
Client Application-> Server

1. SIN Registration: register your SIN with the remote service using a mechanism of your choosing generally, this takes place with client registration
2. Submitting Requests: requests are made over HTTP, with an x-signature:
1. generate a unique, unix timestamp
2. include nonce in your request
3. concatenate and sign URI + BODY with your private key, and provide it in x-signature
3. Remote Service: 
1. extract the public key from the ECDSA message signature
2. verify the signature
3. compare the public key against the registered SIN
4. Compose Response using similar form to above, but with remote Service details.
5. Response Body to include an optional expiry, pairing codes
4. Receiving Response: 
1. extract the public key from the response ECDSA message signature
2. verify signature
3. compare public key against with Remote Service SIN, received at registration.
4. Store any one-time use paring codes

BlockAuth Detached, Time Stamped, Signature

Based upon the international standard DER signature, extended with the addition of  "curve" and "timestamp" field elements. These extensions are downgrade comparable with the standard DER signature. This signature is also used within our Secure Block Chain Ledger, so can be utilised across multiple solution sets.

The timestamp field has several objectives, a) as the nonce, b) as a distributed, higher sequence number, c) as an expiry stamp for any key compromise processing, d) secure time stamping service for the signature. The time-stamp is appended to the message hash and hence bound to the signature.
The curve field supports our algorithm agility.

As a detached signature, this design can support the application of  multiple signatures if required.

The BlockAuth signature carries the public key. This removes the requirement to find the public key and allows secure linkage to the SIN attributes as part of any transaction processing.

DER ECDSA Extended Signature
C# Example Code
int recId
BigInteger r
BigInteger s
BigInteger unixtime
string  x-signature

            using (MemoryStream der = new MemoryStream())
            {       
                DerSequenceGenerator seq = new DerSequenceGenerator(der );
                seq.AddObject(new DerInteger(r.Value));
                seq.AddObject(new DerInteger(s.Value));
                // extensions
                seq.AddObject(new DerInteger(version.Value);
                seq.AddObject(new DerInteger(unixtime.Value);
                seq.AddObject(new DerOctetString(pubkey));
       
                seq.Close();
                x-signature  =  BytesToHex(encoder .ToArray());
         }

Example
pubkey:
"02326209e52f6f17e987ec27c56a1321acf3d68088b8fb634f232f12ccbc9a4575"
SIN:
"Tf3yr5tYvccKNVrE26BrPs6LWZRh8woHwjR"
x-signature: 
"304d02207693ad890971718ac5061a9abfdc2a699835e01cb296da8102a6b7d3c7b77e45022009f2b47605c01453d683ef4995660dcaff6e9927864d1bb016af67dc2787f40902011c0204557c38b2"

Note: Hex is used for clarity above, normally base64 encoding would be used for all byte[] structures.

BlockAuth Sessions

While one can  use the above dialogue to support a "stateless authentication" scheme, many existing systems make use of a "session" in which the above process is the initial handshake or login process. In order to support these types of systems, BlockAuth can optionally make use of ECDH key derivation process,  to derive an out-of-band shared session secret between the client and remote service or peer. This shared secret can be combined with the return "expires" time stamp to generate a secure "session token" for all subsequent requests. A typical usage is to combine this ephemerial secret with the HOTP protocol to produce a secure One Time Password solution.
Schemes which could make use of this shared secret are:

1. JSON Web Token scheme

2. AWS scheme

Signature = URL-Encode( Base64( HMAC-SHA1( DHSecret, UTF-8-Encoding-Of( StringToSign ) ) ) );

StringToSign = HTTP-VERB + "\n" +
    Content-MD5 + "\n" +
    Content-Type + "\n" +
    Expires + "\n" +
    CanonicalizedBitAuthHeaders +
    CanonicalizedResource; 

Pairing Token
BlockAuth supports the use of a paring token, this is a one-time-use token which can be used to access specific resources, via a specific role and or device ( mobile phone, tablet ect). This may be bond to a specific device Identifier, such as an IMEI code ect..

Replacing Usernames and Passwords

Simply replace username with a SIN, and password with x-signature, this provides a one time password approach, with no pre-shared secret.

Backward comparability: key the BlockAuth processing from the username SIN keyword prefix  "01" (base16 encoded)  which should be sufficiently unique, given most usernames are human related today.

BlockAuth is available for all Cognition API users, and SIN's will be provided along with the free ECDSA, and ECDH  keys and secure key pool chain available for all subscribers from the 1st July 2015.

C# Code
1. SIN Generation
                // Get sha256 hash and then the RIPEMD-160 hash of the public key.
                byte[] pubKeyHash = PubKeyHash;

                // Convert binary pubKeyHash, SINtype and version to Hex
                String SINversion = "10";
                String SINtype = "1"; //static
                String pubKeyHashHex = Utils.BytesToHexString(pubKeyHash);

                // Concatenate all three elements
                String preSIN = SINversion + _SINtype + pubKeyHashHex;

                // Convert the hex string back to binary and double sha256 hash it leaving in binary
                byte[] preSINbyte = Utils.HexStringToBytes(preSIN);
                byte[] hash2Bytes = Utils.DoubleDigest(preSINbyte);

                // Convert back to hex and take first four bytes
                String hashString = Utils.BytesToHexString(hash2Bytes);
                String first4Bytes = hashString.Substring(0, 8);

                // Append first four bytes to fully appended SIN string
                String unencoded = preSIN + first4Bytes;
                byte[] unencodedBytes = new BigInteger(unencoded, 16).ToByteArray();

                String encoded = Base16WithCheckSum.Encode(unencodedBytes);

Also see
1. Free hardware generated and protected Bitcoin Private key and key-chain.
2. Identity Theft and the Digital World..


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Identity Theft and the Digital World..

Ones identity is something we take for granted (after all it is you), and expect the various organisation, including governments we deal with to protect our identity. Yet these same organisation are at the heart of the identity theft problem.

“Digital identity“ is the sum of all digitally available information about an individual. It is becoming increasingly complete and traceable, driven by the exponential growth of available data and the big data capabilities to process it. The issue addressed within this article is the ability to link both the Digital and physical worlds, and how a compromise within the digital world can affect the physical identity, i.e Identity Left..

The data elements which underpin, most widely used "personal" identifying data, are birth dates, names and addressees, and drivers licence numbers. The aggregation of this data, under pins our "identity", with regard to many Digital Transactions. Many organisations routinely collect this information, some like banks, use birth date continuously, even when precluded by the Privacy Act.
Today the collection of personal identifying data, has become epidemic, and grows each and every day, routinely night clubs, and hotels (with zero security protection, or regulations in place), photo copy an individuals drivers licence.  Banks photo copy drivers licences, birth certificates, even though not required under any legislation. With a drivers licence, a birth date and data readily available from a postbox or even available online, almost anyone can open a bank account online as "you" today.

Once your Identity is lost, it can become impossible to participate within today's digital and physical world, many have taken years to address their Identity after being stolen, properties have been sold from under owners.

In most of these cases, and almost all commercial transactions, within the digital world we all live in "Identity" is actually not required, what is required is positive "authentication".

A typical example is buying and selling or commerce, for most of history, this has been done via stored value tokens, or "money". Coins or notes issued by national banks have zero linkage to any Individual, they simply circulate within the community and are exchanged for goods or services.

The majority of commercial contracts are finalised with a "Signature" which also has zero identity requirements, the thrust of a signature is to support non-repudiation.


Enter The Digital World..
In this world everything changed, all of the previous 1000+ of years of  commerce was thrown away..
All of a sudden (in relative time), there was introduced the need to "Identify", primary due to an Orwellian need by governments and organisations to track various "individuals and their activities in the digital world, the infamous "Australia Card" was perhaps the best example, yet while rejected by the population, has been introduced via TFN's and drivers licences, and data aggregation, without the individuals informed consent.

Putting aside these "political" issues, and looking at the real risks associated with the wide ranging collection, centralized storage and sharing  of "identity" information, without even the most basic security.

There is simply no reasons for any individual to provide anyone with their birth date, ever, unless one wants to celebrate such an event.
If a bank wants to verify a client, then they need to preferably allow the client to provide an authentication "token" or they should provide one to the customer, in no case should a personally and irrevocable birth date be used, its simple... one cannot change ones birth date if the usage is compromised.

The key to securing any Identity, is the removal of the need for any "centralized solution, and to ensure the control of any "identity" remains solely with the Individual.

The solution to Identity Theft, is not complicated,
STOP:

• Collecting personal identifying data which is not required to perform the immediate activity, by the requesting entity.
• Storing any personal identifying data in any centralized system.
• Sharing or accessing any personal data without the explicit approval, on a per request basis by the Individual
• Storing aggregated personal identifying data in any System 
• Sharing personal data, outside of the initial receiving entity and system
• Routinely requiring personal identifying data as apart of an authentication process.

In order to prevent Identity theft, in all cases the Customer should be able to provide the "authentication token" to be used by any organisation when requesting authentication. This is very basic security and privacy requirement, and a part of the digital world today.

Authentication in the Digital World.
The most common form of authentication in usage today is the "user name" "password" duple.
The username is not required to identify the user, but rather to be used as a "synonym" and the shared secret is the "password".

The fundamental security flaw with this scheme, is the need to have a "shared" secret the password. if the "secret" is not keep secret or managed correctly then the authentication scheme will fail, read can be compromised. A credit card is a simple variant, i,e a CC number is the synonym and the Pin is the shared secret. there is nothing secret about the CC number.

A digital Solution for the Digital World..
As Identity theft is a by product of the increasing use of the digital world, then the same digital world needs to provide a solution.

The fully decentralized, anonymous, secure identity.
Enter the Secure Identity Number(SIN), this is a totally digital identity that may be securely used for any type of transaction within the digital world, including replacement of the traditional username/password.
A SIN(s) is the unique record identifier by which this identity will be known, the key concepts are:

• there is no centralized infrastructure or entity required
• the secure identity is under the total control of the Individual
• can securely support the full range of Identity and authentication requirements

Attributes:

• Ownership can be digitally proven with high assurance, and possible non-repudiation
• Disposable
• Optionally attach sequence of key-value pairs (public proof) and hashes (private proof) to your SIN record. 
• Start out as anonymous identity, and as required, support opt out of anonymity on a per SIN basis, by attaching identifying key-value pairs (real.name = "John Smith").
• All key-value pair updates digitally signed by SIN owner (private key holder)
• Third parties may offer digital attestations:
• Identity Verification, Inc. digitally signs a SIN as passing their 100 points check.
• Auction Provider, digitally signs a SIN as having a certain reputation score, on their website.
• Decentralized market users, digitally sign one another's SINs, building a decentralized reputation, social media.

Within the Cognition Public Block Chain Ledger, these signed  "attributes" are stored within industry standard DNS "TXT" records for the entity identified by the SIN. This is just one of the many possible options for securely linking and distributing public attributes to the World.

The technical bits

The solution makes use of existing global software and infrastructure, a simple add-on..

SIN, is a new form of identity based on a cryptographic key pair. SINs were originally proposed by Bitcoin Core Developer Jeff Garzik,

The SIN is analogous to a Bitcoin address, as it takes the following form:

base16WithCheckSum( 0x01 + 0x02 + ripemd160( sha256(k1) )

Where k1 is your public key from an ECDSA keypair. 0x0F is the special byte for SINs, and 0x02 is the type of SIN; in this case, an ephemeral or standalone identity.

This SIN can be shared openly with the world, as the corresponding private key is kept on the client-side and never transmitted over the wire, and never shared with any entity.

How does Secure Identity Number(SIN)  based  authentication work?
The general flow to authenticate a request is as follows.

• Key generation: Individual generates a key pair k using ECDSA (use a free ECDSA key chain service).
• SIN construction: with public key k1, concatenate the SIN version byte and hashed public key, then encode this in the base16WithCheckSum format.
• SIN sharing: register your SIN with the remote service using a mechanism of your choosing generally, this takes place with client registration.
• Submitting Requests: requests are made over light weight HTTP/JSON, with the x-signature and x-identity header:
• generate a unique, higher-than-previous nonce, we recommend using a "unix time" integer, and include in as the  nonce HTTP parameter of your request
• include your compressed bitcoin public key (hex encoded string)  in the  x-identity header 
• if JSON body is included, set content type to  "application/json"
• concatenate and sign base URL + URI + JSON with your private key, and provide the resulting bitcoin message signature as a hex encoded string in x-signature
• Receiving System: will validate request using x-signature and x-identity header:
• check x-identity against stored SIN
• use x-identity header and posted data to validate x-signature
• optionally check any attributes linked to the registered SIN.

The server will now verify the signature against the public key you've provided and the SIN you've shared previously (does not need to be a secret), confirm that the signed nonce is greater than this SIN’s previous nonces (preventing replay attacks), and subsequently authenticate the request.

Replacing Usernames and Passwords
The authentication scheme is directly compatible with the familiar username (or email) and password mechanic. The primary difference is that the password is never sent over the wire, in any format.
Using this mechanism, you can still provide the user with the experience of entering a username and a password, but locally use that password to decrypt the private key and subsequently use it to sign the request.

Advantages over existing authentication mechanisms
Gone are the days when a single hacker, can compromise an entire customer base's credentials, the removal of all shared secrets, is the key to improving on-line security. In the above, passwords are only used locally, to encrypt the private key.

• Support for per transaction (ephemeral)  as well as persistent SIN's to manage scope of any compromise. 
• Only a compromise of the client machine can endanger the system, and hardware backed ECDSA keys can readly address this possibility.
• Because the private key is never revealed to the server, it does not need to be exchanged between the server and client over a side channel, there is No Shared Secret to compromise.
• Piggy backs on the global, and freely available Bitcoin protocol infrastructure, no central PKI is required.
• Decoupled from Bitcoin addresses, allowing for a more explicit separation from financial transactions and allowing for greater privacy, also allows support for algorithm agile solutions
• Support for persistent, and ephemeral SIN's to manage compromise
• Identity becomes portable the same identity can be used on multiple services, letting you take your identity with you.

It's time, for Individuals to take control over their digital Identity and how or when their data is used and stored.

What if I need to prove my identity?
Within a community, there are situation where is is required provide an assurance of "identity", a simple fact of living in a community.
The SIN framework has been designed to allow an opt in to a "set of signed attributes" on a per SIN basis and still under the total control of the individual.

Why should Corporations and Governments world wide, care about personal data?
BCG estimates that two-thirds of the potential digital identity value – or about €440 billion in 2020
alone – is at risk if stakeholders fail to protect personal data.
Nor is it digital identity value alone, the additional revenues or efficiency gains derived from personal data applications are at risk: Mishaps in handling consumers‘ data can go much further, causing damage to an organisation‘s brand, its client relationships and its reputation. Privacy is increasingly becoming an area of competitive differentiation.

Usage today

All Subscribers to VillageMall have a hardware generated and secured ECDSA key, and type 1 SIN incorporated, for free, with their subscription.
The worlds first Global Digital Identity Service with SIN attributes is now operational, and publicly available (see DNS domain blockchainledger.net)

The first usage is to secure our Cognition API, including BYOD management system, used to manage lost, stolen or compromised Mobile Devices and access to Cognition Suite of Services.  

See Free hardware backed ECDSA Keys and SIN

References:
1. Data from fraud prevention service Cifas shows ​​34,151 confirmed instances of identity fraud were recorded in the first quarter of ​2015​.
2. Prevent identity theft 
3. Number of identity theft victims 'rises by a third'

Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.