Signed, sealed, encrypted: This digital ID is all yours

June 26, 2020 | By Kristin Kloberdanz

How do you prove who you are without revealing who you are?

That’s a question we are struggling with as we balance trust, privacy and security in an increasingly digital age.

When Gareth Genner co-founded Trust Stamp in 2016 with longtime friend Andrew Gowasack, they wanted to tackle the challenge of building trust in commercial relationships that are based entirely on online interactions: “All too often you’d meet someone from Craigslist at the gas station to sell an item and hope you wouldn’t get murdered,” Genner says. “How do you give proof of your identity? We wanted to provide zero knowledge proof — confirmation of something without the underlying data.”

But this challenge extends well beyond person-to-person transactions. After speaking with friends in finance they learned that banks lose $40 billion a year because of synthetic and stolen identity fraud, with an additional $20 million lost to legitimate transactions failing legacy authentication. So they launched the company and started working with banks and Realtors to create a safer way for people to identify themselves.

Genner explains that some of the new means of digital identification, such as facial recognition, can be spoofed. Or if they are hacked, a fraudster’s facial template can be stored, and easily and quickly connected to a person’s legal identification, such as social security or driver’s license, and thereby open to fraud and replication.

In order to fix this problem, Trust Stamp created its Evergreen Hash. The process is simple: The customer takes a photo of their face, palm or fingerprint and shares it with Trust Stamp. The company uses AI to create a 3D mask of it — and then throws away the data and adds encryptions in place of the name or records. “Only a small percentage of the data that originally existed is in the hash,” Genner says. “What you have is something safer for storing because it can’t be used to directly identify you. No one would recognize you in this huge jumble of numbers.” In other words, the hash is irreversible non-personally identifiable information.

In 2018, Mastercard’s startup engagement program Start Path approached the company to discuss how it might contribute to immunization recording and tracking for children in remote regions. Trust Stamp is now working with Mastercard to integrate its digital identity capabilities into Mastercard’s Wellness Pass solution, which will be launched alongside Gavi, the Vaccine Alliance, in West Africa.

Life-saving childhood vaccines are crucial in this region, which has countries with high poverty rates, malnutrition and infant mortality. Although there are robust immunization programs, it is tricky to make sure each child receives the right number of inoculations on the proper schedule. Up-to-date immunization records are in short supply here.

“You are matching hashes, not names, ID numbers or photos, etc.,” Genner says. “This protects privacy, reduces potential for misuse and allows effective inclusion when there is no other form of legal record.” 

The hash has to work where there is no internet, no cellular connectivity, he says. It helps create a simple, low-budget way for children and their guardians to maintain medical records that cannot be confused with another child. Each time the child gets a vaccine and a new hash is created at the clinic, it is encoded with the updated health information. Algorithms can accurately predict if two different hashes belong to the same living person. “The hash evolves over time,” Genner says, “just as you evolve.”

This was the first time Trust Stamp has shared its hash in support of low-income, remote communities. Genner explains that aid agencies don’t even need a legal name or identity, they just need to know if the person has received a vaccine in the past. If this is unknown, people can’t access those services. “Mastercard recognized that if we can create a token ID, we can provide an ability for aid agencies and governments to transact safely unlike before.”

Genner says this work in the region could prove to be beneficial in the time of COVID-19. For example, in certain countries, women cannot show their faces in public, so Trust Stamp can help them create a hash in the privacy of their homes where they can take a photo of their face or scan their fingers or palms. “This equally will work for COVID,” he says. “Touchless hands in the future instead of faces — your face might just be for that original registration.”

Trust Stamp is also exploring new ways to commercialize the hash. The company, which has more than doubled its staff in the past year and has received an investment from Mastercard, is working to provide travel and insurance companies with touchless identity and real estate agents a way to identify criminals prior to appointments. They are also talking to correctional systems about providing identification for people on parole without making them pay for pricey ankle bracelets that monitor their every move."

The objective is to create the ability for any human being anywhere in world to assert their identity without reliance upon anyone,” Genner says. “This is very practical. Anyone in the world can say, ‘This is who I am and these are what my needs are.’"

Kristin Kloberdanz, Contributor