DokChain Use Case

Identity by Consensus

Unlike popular public blockchain networks like Bitcoin and Ethereum that are intentionally divorced from a notion of identity, the cornerstone of the DokChain network is a multi-party, contextually-relevant identity management protocol that allows entities in the network to confirm the identity of an individual user.

DokChain’s identity management system is grounded in the belief that the entirety of a person’s digital interactions creates the strongest possible signature of who they are as an individual. Medical records, e-commerce clickstreams, government-issued identity cards, biometrics: anything that increases confidence in determining the uniqueness of an individual can be incorporated.

The Complete Multi-Party Identity
Example Contextual Identities
Our solution leverages the horizontal nature of the DokChain Alliance directly, in that the protocol integrates information about users from myriad third-party sources.

And in keeping with PokitDok’s belief that patients should be at the center of their personal data, we have developed an identity management solution that allows the user to decide what they are willing to share of their personal record based on the context of each encounter.

HOW IT WORKS

The PokitDok Identity by Consensus implementation is a means to generate and manage a universal identity that maintains privacy and anonymity while providing a very high level of identity validation confidence through integration of the world's most trusted Identity Providers and a mechanism for proof of the necessary contextually relevant identity attributes without revealing any portion of the private identity attributes. Also, the implementation provides auditable transparency of all interactions with Identity Providers, Identity Requesters and Identity Owners while maintaining the privacy and anonymity of the Identity Owners.

1. Identity Owner gives Identity Providers access to encrypted PII stored off-chain.
2. Identity Providers create verifiable claims indicating their confidence in the accuracy of specific attributes of the Identity Owner.
3. Identity Requesters can query the verifiable claims to gain a consensus of identity attributes for specific criteria.

The implementation orchestrates any number of existing identity verification and validation providers — commercial, private, government — to integrate each provider's data, and store the confidence results and associated attributes with a generated identity. The interactions of an Identity Owner with multiple Identity Providers results in a consensus of identity. Over time, as new Identity Providers prove the identity, this provides additional confidence measures and breadth of verified identity attributes.

Key Generation

Identity Recovery

This orchestration of Identity Providers, Owners and Requesters is implemented in a permissioned blockchain, DokChain, where the personally identifiable information is held in encrypted off-chain data stores. Identity Owners, Providers and Requesters implement a design pattern embedded in an SDK to integrate as off-chain resources. The DokChain identity is created or recovered when an Identity Owner executes the Identity by Consensus Smart Contract of the DokChain SDK.

1. Identity Owner interacts with Identity Provider.
2. Personally identifiable information (PII) is held in encrypted off-chain data store.
3. This interaction is audited and orchestrated through the DokChain.

The result of this process is the generation of a public/private key pair. The private key is split using the Shamir’s Secret Sharing algorithm, and then shards of the key are stored with several Trusted Identity Key Holder services. The Trusted Key Holders each only have access to a single shard of the key.

1. A public/private key pair is generated.
2. The public key is stored on-chain and mapped to the user identity.
3. The private key is split and then each shard of the key is stored securely with a Trusted Identity Key Holder on the DokChain network.

The Identity Providers will facilitate retrieving the key shards from the Trusted Identity Key Holders when a previously verified identity performs the identity by consensus process; this is then viewed as a recovery operation. All of these steps are transparent to the user and preclude the user from having to know details about the storage and management of the private key.

1. The private key is recovered and provided to the Identity Owner.
2. Identity Providers and Key Holders never see the private key.

For more details on DokChain Identity by Consensus, read our blog post or download our whitepaper.