Discover, Connect & Collaborate at TECHINNOVATION 2021
GDPR Proof and Fraud Resistant Access Control
We have developed a standard blockchain-based identity and access solution. The solution gives issuers and verifiers a clear overview of verifiable credentials (e.g. diplomas, certificates, proof of course attendance etc). These verifiable credentials are stored and will never leave the wallet of the holder. Instead of using physical papers and manually checking whether employees possess the proper credentials, we use cryptographically signed certificates by trusted institutions. This makes the solution GDPR compliant and reduces fraud and paperwork, which will lead to an efficient method of verifiable access.
Examples of verifiable credentials:
- Passports or other identification properties, and more
With verifiable credentials, access control will be a lot faster and more secure. Holders get a digital wallet on their (work) phone in the form of an app. All the physical documents have now become digital verifiable credentials. Moreover, the credentials and content are now cryptographically signed by the institution that issued the certificate and addressed it the holder, whom can share and prove their credentials at any moment.
The transactions on the blockchain provide an activity log where, for example, the authenticity of a passport or a user can be verified.
Credentials can be verified with a scan of a QR-code from the holders’ app and instantly verify whether the holder has the proper credentials. Furthermore, the data of the holder will never leave their device. This makes this solution 100% GDPR proof and will reduce the chance of hacks significantly.
Technology Features, Specifications and Advantages
This solution contains:
- A dashboard – User could log in to a dashboard and create and generate location passports on the blockchain in a simple, intuitive way. The dashboard also serves to give users an overview of the passports that have already been created.
- Smart contracts - The smart contract acts as the carrier of the location passport and can contain both public and private parts, from which it can be determined for which parties these are transparent. ZKP principles can also be applied to these private smart contracts.
- Transactions - The transactions on the blockchain provide an activity log where, for example, the authenticity of a passport or a user can be verified.
- Permissions/Authorisations - The permission model/user management ensures that roles are defined within the system that have certain authorizations concerning the data.
- A consensus model -The consensus model checks/verifies the transactions in the blockchain system and prevents fraud.
- Notifications - The different roles within the system can receive messages that are appropriate for performing certain activities.
- Wallets - Each user's wallet provides an ID# with which transactions are performed and the passports are written to the blockchain and with which actions can be performed within the blockchain.
- Design - The core of the Minimum Viable Design is that it must convince the users of its usefulness, through convenience, a natural intuitive flow, and an appealing design.
This technology offer is primarily targeted at companies who want to give access to internal or external workers who possess the correct credentials for entrance. Since all the credentials are stored on the wallet of the holder, we prevent personal data leaks.
Other potential applications:
- KYC verification
- People counting
- Employers presence detection
- Hour registration
- Credential maintenance notification
- Efficient and secure checks of credentials, granting access to proper employers. The technology will do the check for you.
- Freedom off access control.
- Planners can easily see who has the right credentials to be in the right places.
- Eliminate risk of forged (or lost) physical access cards.
- Eliminate the need to install or update hardware for granting access.
- Eliminate the chance of hacks since we are not storing any personal data or copies of credentials. This makes this solution completely GDPR Proof.
- No employer has the power to modify or manipulate the issued credentials. Therefore, we can guarantee access to the right employers, which will reduce fraud and manipulation.