A Digital “Yellow Book” for Low Doc Persons
“Yellow Books” traditionally hold vaccination records. Our digital yellow book safeguards all important verified records for people with little documentation.
People with little or no identity documentation, whether they live in developing nations or are on the move as refugees, face enormous challenges which have come to be characterised as “identification”. Yet there is no globally agreed model for “identity”, much less any standardised way for establishing identity, or proving it to others. In any event, identity is a means to an end: “identity” is almost always a context-dependent short hand for eligibility. The pragmatic problem faced by “low doc” individuals everywhere is proving they are eligible for the things they urgently need: access to services, healthcare, social security, transportation, financial benefits, relief funds or credit, government and NGO assistance, and so on.
We believe that digital identity and mobile technologies bring the opportunity to clarify and reframe the “identity” challenge.
We believe individuals globally need the means, first and foremost, to prove pertinent facts about themselves. As low doc people make their way through the world―metaphorically speaking, as they participate and build their presence in an emerging economy, or literally, as they make a refugee’s chaotic journey―they accumulate facts about themselves. Educational qualifications, social security entitlements, economic status, credit worthiness, healthcare milestones, welfare rights for their children or relatives, travel visas and permits of various sorts. We take the concept of the vaccinations “Yellow Book” which travellers use to record and evince their official immunizations and health-checks, and use it as a metaphor for official personal record keeping in general. Our “Digital Yellow Book” is deployable on a choice of mobile technologies, to securely hold the verified records that a person accumulates as they make their way through today’s rich and varied world.
The Digital Yellow Book recognises that different personal facts and claims are established through different rules and pathways. Each authority has their own way of “doing business” and as such is sovereign over their respective attributes. The Digital Yellow Book is completely agnostic as to the rules for issuing people with credentials, qualifications or entitlements, and the rules for accepting and relying on them. The problem we solve, and the promise we make, is that if a personal attribute is true in the real world, then it is true in digital form.
For each personal attribute, the Digital Yellow Book records the fact it has been issued to the holder of the Book, which exact authority issued it, its lifetime where applicable, and a secure pointer to all pertinent terms & conditions. Each attribute within the Digital Yellow Book is separately and cryptographically sealed within the owner’s mobile device, guaranteeing its provenance, uniqueness, security and accuracy, and preventing copying, tampering or counterfeiting. Attributes are presented from the Digital Yellow Book electronically by an open-standard interoperable protocol, so that Relying Parties can verify their origin, meaning and validity. The Digital Yellow Book owner maintains complete visibility and control over how and where their personal data flows.
Solution location:Sydney NSW, Australia
Solution's stage of development:Prototype
What makes the solution innovative:
The Digital Yellow Book is a new application of a mature cryptographic technology. We have developed a novel yet standards-based way to encapsulate personal attributes, issued by any agency or authority, within a standard mobile device, preserving the provenance of the issuer. The method operates at “layer 5” of the communications stack and unlike most IDAM solutions has no impact on the meaning or liability of personal data (layers 6 and 7), making it quicker and simpler to deploy. The Digital Yellow Book is based on technology proven for emergency workers at the Department of Homeland Security.
How the solution demonstrates 'privacy by design':
The Digital Yellow Book minimises data collection, by carefully separating personal attributes and allowing each to be presented in isolation, within the particular context where it applies. There is no extraneous collection of Personal Data, and no disclosure of Personal Data by the Digital Yellow Book across domains. We introduce no new identifiers whatsoever.
We enhance the reliability of separate personal facts (such as account numbers) to such an extent that online authentication can occur without any of the customary and risky extraneous Personal Data like shared secrets. Neither are intermediate identity brokers or “identity providers” necessary, so we avoid new honeypots and we avoid sharing of Personal Data and metadata with new and often questionable third parties. The Digital Yellow Book presents the owner’s bona fides directly from point to point.
If an attribute is not natively identifiable, then the Digital Yellow Book enables its owner to transact anonymously. As a privacy enhancing technology, encapsulation is ultimately superior over tokenization because encapsulated data is rendered useless if stolen and presented in the raw.
How the solution can be incorporated into digital identification systems:
The Digital Yellow Book works within any existing credentialing or identification system. If a given identification system has issued an individual with an ID and/or attribute, then we preserve that ID within the Digital Yellow Book’s secure data capsules, together with details of the issuer and precise context of usage. Therefore, the Digital Yellow Book is the ideal means for storing and presenting national IDs. It enables Relying Parties to tell “original” IDs from stolen or counterfeited data, thus safeguarding owners against ID theft (and, incidentally, protecting the whole system against large scale hacks of national ID databases; such hacks do not invalidate original data safeguarded within Digital Yellow Books and thus business continuity is ensured). The Digital Yellow Book is completely agnostic with regards to identification processes; if an ID has been issued officially by any process and is deemed to be true by its issuer for a particular purpose, then we ensure that the ID remains true in digital form, and that the purpose remains unambiguous.
How the solution is 'user-friendly':
The Digital Yellow Book (in its current prototype form) provides an intuitive user-friendly presentation of personal data visualised as capsules. The detail of the data is shown plus the issuer of the data. Users select relevant data for presentation in context by simply pressing on the capsule. User Acceptance testing proves the UX with little or no training. The Yellow Book technology can be implemented in other ways, to automate the data presentation.
How the solution ensures interoperability:
The Digital Yellow Book saves personal attribute values plus details of the issuer and a pointer to terms & conditions, using the open standards syntax of X.509 / X.500. ValidIDy also provides free libraries for easily editing and parsing/interpreting data capsule contents. The solution is technologically highly interoperable at the protocol layer. Furthermore, we impose no business process changes, so the native meaning of stored data is unchanged. Newer cryptographic techniques such as blockchain are not yet mature with regards to APIs and syntactical interoperability.
How the solution accounts for low connectivity environments and for users with low literacy and numeracy levels:
The graphical user interface of the Digital Yellow Book is intuitive (and has been proven as such through UAT without training). The GUI is entirely modifiable from one deployment to another, and can be designed in a purely graphical way, or with local languages & conventions of course.
The underlying technology of ValidIDy data capsules had been expressly designed to operate in low-to-zero network environments (namely DHS emergency workers). Capsules are uniquely verifiable as being true at the time of issue, at any time later, without needing to look up any database, registry or authentication broker.
Vision over the next three to five years to implement or grow the solution to affect the lives of more people:
ValidIDy data protection technology can transform the robustness, reliability and interoperability of personal attributes globally. The solution is scalable almost without limit, thanks to the ubiquity of cryptographic technology in mobile phones, PCs, and coming IoT devices. The integrated cryptographic services that power the solution are provided today for 100s of millions of users by a contestable market of white-label PKI cloud services. By protecting the provenance of all personal data, we can turn the tide of identity crime and the data black market. Populations will no longer be at risk of national ID database hacks.
How the solution team is organized:For-Profit
How many people work on the solution:6-10
Solution age:5-10 years
The organizations applicants are currently working with:
US Dept of Homeland Security: we were contracted to develop, prove and user-acceptance-test the Reference Implementation, deployed as a mobile app plus underpinning cloud service, referred to as "MDAV" (Mobile Device Attributes Validation).
Selected emergency management organisations: we are currently negotiating and scoping a pilot of the core "ValidIDy" technology and platform.
Multiple healthcare organisations: we are currently negotiating and scoping several pilots of the core technology and platform.
Applicant skills that can attract the different resources needed to succeed and make an impact:
Technology development, entrepreneurship, identity & privacy technologies, international deployment and NFP sector.
Steve Wilson https://www.linkedin.com/in/lo...
Bruce Goldsmith https://www.linkedin.com/in/br...
Les Chasen https://www.linkedin.com/in/lc...
Steve is an identity security and privacy leader, with particular experience in identity policy for emerging economies, as senior member of the APEC eAuthentication Task Group 1998-2001, and national IDAM adviser in ASEAN, Hong Kong, Indonesia, and Kazakhstan, as well as Australia, New Zealand, the US and Singapore. He is currently an adviser on blockchain technologies to Accenture, IBM, Evernym amongst others, and was an invited speaker at the ID2020 Summit NYC 2018.
ValidIDy Inc. licences the core enabling technology to developers, systems integrators, credential issuers and/or and identification system operators. We do not license the technology on a usage basis; that is, we do not “clip the ticket”. We have highly favourable NFP license conditions.
Digital Yellow Book data capsules are able to be processed on the Relying Party side by a variety of entirely standard open source tools. Thus there is no vendor lock-in.
ValidIDy’s business model is self-sustained from business in healthcare and commercial banking; we will not profit from developing countries.
Reason for applying to the Mission Billion Challenge:
We have been committed for over a decade, as advisers and innovators, to simplifying digital identity at scale. In all sectors of all economies. people and businesses are suffering from identity crime, identity mishaps, usability and cost problems. Privacy has been lost in a futile attempt to shore up identification. We see these problems are being especially acute in the developing world, and have a vision for correcting the digital divide, without inflicting new and unproven technologies on disadvantaged peoples. These environments provide a challenging and definitive proof point for our vision.
Key barriers to the solution:
As a small specialist innovator and provider of a "wholesale" solution, our challenge is to achieve integration with large platform operators and systems integrators. There is a great deal of noise at present around blockchain, brand new distributed ledger technology spin-offs, and orthogonal techniques like biometrics. Our experience tells us that public blockchains were not conceptualised and are not supported for identity management emerging economies. Much more work is needed on fit-for-purpose distributed ledger technologies. We continue to work in raising awareness of the subtleties (see for example Steve Wilson at the ID2020 summit 2018).