The proposed system is a block chain based solution for storing, managing and accessing the personal identity details and their related KYC documents. Using a web based dashboard users can add their relevant identity details and upload the KYC documents. Instead of storing the user identity data in the conventional databases, this solution allows to store all the identity information in a block (a data structure with certain number of fields). These all blocks are signed by using the cryptographic algorithms. After signing these blocks are forwarded to a block chain network where the mining operation take place and after successful mining, these blocks will linked together to form a chain structure called as block chain.
The peer to peer network consists of number of nodes which are interested to use the identity information. Any nodes can able to join the network or leave the network. Some of the ordinary nodes of this solution are Government, Bank and University. Each and every node will own its own public and private key pairs generated. These keys are used to sign the transaction and send it to the network for Mining. Among these nodes there may be one or more mining nodes and these miners has a special role to validate the blocks.
Each and every node will have a ledger and this ledger consists of the updated block chain. These ledgers will record all the activities related to the block chain network. Users and other organizations can able to monitor the entire block chain history such as block properties, transaction details, mining details, organization account details and the block content in hashed form. It also shows the details of the similar smart contract deployment related history in the block chain.
Any organization which is interested in an identity data or a document will send a transaction request to the block chain. This request will be validated by miner nodes of the network and also with an explicit consent approval given by the owner of the details for the legitimate transaction. After the approval of the user the particular identity data requested will be returned to the network as transaction. This data will also undergo a mining process and provided to the organization requested. A user has the right to reject a request transaction if he is not willing to share the data to a particular organization.
This solution is a private permissioned block chain application, so each and every node need to provide their own identity to join the network. This feature makes block chain as a secure way of handling the data within the known organizations. Due to the usage of the distributed ledger the activities of the user node or other organization node is transparent to all which ensures that only a valid user performs a valid transaction.
In a block chain based solution in order to perform any transaction it may require some gas. A gas is nothing but a unit required to perform a transaction. This gas can be obtained by using the native money of the Ethereum called as Ether (ETH). Each account (organization) will have a certain amount of ether with them and to perform a transaction these organizations must use some ether from their account.
Since we use a private block chain for this personal identity management, these Ethers are just virtual money within the network. But the real world Ether is very expensive and it may needs some real money to buy the Ether for an account.
The algorithm proposed to implement the block chain based identity solution is as follows;
---------------------------------------------------------------------------------------------------
Step1: Create a new package for carrying dependency of block chain
Step2: Create a new config file to serves the client pages to browser.
Step3: Create a new smart contract for handling the identity data and documents
Step4: Migrate the required contracts to the block chain.
Step5: Create a new file and initialize a gethblockchain environment
Step6: Create new account
Step7: Start the block chain console and start the mining operation and generate new blocks
Step8: Create a new client page
Step9: Create a file which is used to obtain the block chain details in client browser.
Step10: Launch the application.
Step11: Now the application is launched and synchronized.
The framework shown in Fig. 2 explains the way the identity data or KYC documents which are handled in a block chain based identity management. It consists of different components for performing different actions or services within the block chain.
Users will provide their personal identity details and their KYC documents through the client interface (web application). Organizations can also request the data or document through another interface.
Any transaction performed in a block chain is signed by using these pair of keys. Ethereum platform uses an Elliptic curve digital signature scheme (ECDSC) for signing the transactions performed in a block chain. The process in this algorithm includes the generation of two pair of keys using the available domain parameters and a random number. A random number generation is started and a numeric scalar value is obtained which is the private Key. Using private key and the other domain values such as G (x, y) public key is generated. After two signature components r and s are calculated using the formula represented as;
-
Q(x, y) = d * G(x, y)
-
(x1, y1) = k × G(x, y) mod p
-
r = x1 mod n
-
s = (k− 1 (h (m) + d * r) mod n
Hashing converts a given identity data or a document address to a fixed length hash based on the type of hash function. Hashing scheme is the one of the core security feature of the block chain based solution. The way this hash is used in block chain is very complex compared to the conventional applications.
The public key encryption algorithm used by the Ethereum platform is found to be “KECCAK-256 a sponge based hash function”. There are 7 available widths for permutations denoted by the given closed set b and its width values are;
B ∈ {25, 50, 100, 200, 400, 800, 1600}
The keccak [r,c] is a sponge function used for hashing the given transaction input where r and c are rate and capacity respectively. The function is organized
5*5 lane matrix of length w=> (1, 2, 4, 8, 16, 32) = > w = 2^l
The number of rounds n required for applying the sponge function is represented as n = 12 + 2 l and the corresponding sponge function for padding is defined as the below definition;
Keccak[r,c](Mbytes || Mbits) {
d = 2^|Mbits| + sum for i = 0..|Mbits|-1 of 2^i*Mbits[i]
P = Mbytes || d || 0x00 || … || 0x00
P = P xor (0x00 || … || 0x00 || 0x80)
In the above function the message M is represented as Mbytes and the another value of function Mbits is a 7 trailing zeros. Finally the variable p returns the padding array calculated for the given input message.
Any actions performed on a block chain network are called as Transaction. All these transactions are stored in the Blocks. All the transactions initiated must be signed before forward it to the network. Thus it is difficult to alter the data which is present in the hash due to the complex strategy used for hashing.
A block is a data structure which is used to store the relevant identity and document related data. A block has different fields associated with it for making it as a secure way of storing data. It has two parts Block header and block body.
All the signed transactions signed are stored in these blocks. Now these blocks will be submitted for mining operation.
An ethereum wallet is used to transfer the Ethers from one account to another account. A wallet stores the pair of keys of a particular participant of the network. Using the public key addresses ethers will be transferred and private key addresses are used to receive the ethers rewarded for successful mining operation.
Consensus ensures that all the nodes of the network agree to allow the particular block to be part of a block chain. Once all nodes agree a block can be added to a block chain ledger. So if any block which is found to be an invalid block can be rejected by the participants. This solution uses the Proof of Work algorithm for mining operation.
If a user uploads a data it will be formed as transaction and this transaction will be stored in the block body. Now these blocks should be mined by the miner nodes of the network. A network may have more than one miner nodes and the miner who mines the block first will be rewarded with ether. This mined information will be shared with the other nodes of the network for a common consensus and after this these blocks will be linked to block chain. As per the proof of work algorithm miner nodes need to identify the nonce value of the particular block fixed. A miner node will be provided with other parameters such as block hash to compute the nonce.
A smart contract is a self-executing code deployed to a block chain to handle the transactions initiated by the individuals or other organizations of the application. It will provide the way the particular data should be handled in a block chain in a secure way. These contracts are found to be an immutable code, so if any change or updation needed in these contracts then they should be redeployed in the block chain. These smart contracts eliminate the need of the intermediate server to handle the data provided by the users.
Distributed ledgers are used to store the mined and validated blocks in the consensus layer. The mined blocks will be added to the longest chain using the previous block hash as linking field. Every participant will have this block chain copy to ensure the transparency.
Similar to storing the data and document hash to a block chain, identity data and related documents can be retrieved from the block chain in a reverse manner. The user required data block is retrieved, mined and provided to the client.
The Identity block structure as shown in Fig. 3 consists of two parts; block header and block body. Block header consists of the block related attributes and block body consists of set of transactions.
Some of the important fields of a block structure and what are their impacts in this block chain application are; Block Version that provides the version in which the block chain is implemented. It provides a set of features and validation rules for the particular block chain. Nonce is a 4 byte random integer value which is started with 0. The complexity of the nonce can be realized based on the difficulty target. A miner needs to find this particular nonce value in order to validate a legitimate block. Difficulty Target is a value which ensures the complexity of the mining operation. If the difficulty is low then blocks can be easily mined and if the difficulty level is high than it is hard to mine new blocks. This difficulty value will vary for each and every block during mining operation by corresponding formula;
block_diff = parent_diff + parent_diff // 2048 * (1 if block_timestamp - parent_timestamp < 13 else − 1) + int(2**((block.number // 100000) − 2)).
Timestamp denotes the time in which the particular block is created and it also one of the parameter used to calculate the difficulty parameter of block chain.
Merkle root hash makes use of Merkle tree which is a binary search tree which is used to store the identity transactions of the block body. These trees will convert the provided identity data to hashes and store it in a tree structure. All levels of the tree are combined as hashes and this hash is combined with the upper level of the tree to form a new hash. Finally, a single root hash is obtained. This is known as merkle root hash and this hash is stored in the header of block chain. The way this hash formed makes the complexity of altering the data in a block chain. Previous Block Hash is one in which every block has a block header and the fields associated with this header are combined to form a hash value which is known as a “block hash”. For a new block the “previous block hash” field will have the block hash of the previous block. The first block of the block chain is known as a genesis block. Hence, the previous hash of the Genesis block is 0. If there is a block n then the previous hash is the hash of block n-1.
Figure 4 shows the flow of data within a block chain. As per the above diagram the user, organization like banks, universities and bank are represented as entity. It includes enrollment, creation and validation of blocks and the block chain ledger.