A team from Pillar recently participated in a large hackathon organized by DutchChain. The Odyssey Hackathon is billed as the largest blockchain and artificial intelligence hackathon in the world, with 100 teams competing for prizes across 20 challenges.
I led a team of six as we developed a proof-of-concept solution for their next generation digital identity for citizens of The Netherlands. Our team, whimsically named “Ron Liberty and the Pillaristas”, used the 48 hours of the hackathon to develop the start of the Pillar Citizen Wallet.
We published a video of our participation in the event, which includes the presentation made to the judges. While our team didn’t win any big prize money or trophy, we have been invited back to The Netherlands to be part of the pilot project for this service.
While the video looks at what we did, this article focuses on more details of the challenge and how and why we developed our solution.
As a Dutch citizen, in order to access government services, both physically and online, you need an identity document and credentials issued by the government. To receive these, you must present yourself in-person to an agent organization with sufficient paperwork to prove that you are a citizen. Once the agent is satisfied as to your qualifications, they issue you a national identification card and login credentials to the DigiD system, which allows you to access government and business services.
One of the major issues with the current system is that it’s a centralized database of all citizen login credentials, that if hacked, would cause huge problems for all government services relying on these credentials to validate their users. The Pillar solution envisioned a decentralized approach, where each citizen stored their own credential, and presented that electronically to the government services when requested.
The challenge suggested that the solution not require the existing holders of these login credentials to present themselves to an agency, but instead to be able to issue their digital identity using their smartphone.
To enable identity authentication to an appropriate confidence level, we wanted the citizen to produce evidence of three things:
In this case, they are a face that can be recognized, they have a national identity card and they know their DigiD login credentials.
The solution, as shown in the video, allows the citizen to first scan the front and back of their national ID card. The Pillar wallet app retrieves the information from the card, including all text and their photo.
Next, the citizen is asked to take a selfie photo of their face. To avoid a photo being held to the camera for this step, the citizen is asked to blink their eyes to show that they are real and alive. The biometrics are captured from the face and used to compare to the photo.
Then the wallet app asks for their DigiD login information and uses that to validate their name and national ID number.
All this data is captured within the device and all checks thus far are performed without any data leaving the device. If the app is confident that the data matches, then it securely sends the national ID card data to a government web service to validate that the photo is identical to the one captured when the card was issued, and also to verify that the ID card has not been revoked.
If these tests pass, then the government web service creates a digital verifiable credential, cryptographically signs it, and returns it to the citizen’s wallet app, where it is stored in their secure, encrypted cloud storage area.
Once the credential has been issued, the citizen must have an easy way to use it in their daily transactions with government and business services. The second part of the Pillar solution focused on how a citizen could access a government website and use their credential to log in to the service.
The team mocked up a website that contained a login button for using their digital wallet. When the citizen clicked the button, a QR Code (2 dimensional barcode) appeared on their laptop screen. Then, clicking a quick connect option in their digital wallet app, the phone was able to scan the QR Code and present a list of personal data that the website was requesting of the citizen. If the citizen consented to this request, the data is sent to the website and the user is logged into the service. This effectively eliminates usernames and passwords as well as any centralized storage of these login credentials.
The Odyssey hackathon provided the stage for the Pillar team to show its concept for how it envisions a Citizen Wallet.
We’ll continue to work with the Dutch government in their pilot project, and we’ll continue to build out functionality for digital identity and credentials into the Pillar Wallet.