For those of you who just turned on their TV,
Persona is a trust protocol, with the scope of harnessing the blockchain technology to provide the tools for individuals to be in control over their data. In these days, no matter what we want to do, what services we want to acquire or use, we need to sign-up, create an account and so, providing details about who we are.
At the minimum, we are handing over some email address while at the maximum we even let a trail of documents in hard copy (booking a hotel room or an Airbnb, renting a car or opening a bank account or create an account with a web service like Quora.
The issue is that all these entities we are in a relationship with, from that moment we hand over our details, they become the custodians of our data. We don't know how safe they keep them if they are going to sell those details or not, or in case of a security breach guess who's features are all over the dark market? For example, just in the last six months of 2018, more than 1 billion individuals private details were hacked, exposed and sold over the dark market. So, the only victims of the current onboarding process are us. Our details are ending up over the internet, our passwords, our preferences, our home address.
This is the scope of Persona, to provide the tools so we can be in the position of controlling what and with whom we share them, to be able to prove that we are whom we claim to be without actually leaving a trail of copies of our ID's and passports, preferences,skills or previous work experience.
About Persona "internals":
Persona is a DPoS, a fork of Ark, running on its own blockchain.
Persona is not an Ethereum token.. Fifty-one delegates are maintaining the network, and we've kept the Ark's voting mechanism. The rewards are 8 PRSN, 4 PRSN, 2 PRSN, halving every two years. Persona is listed on COSS, and according to LAToken, we should be live by the end of the weekend on their platform as well. The coin's ticker is PRSN.
We are days away from launching our fully functional testnet, providing the whole process of identity claiming. We focused on the personal details required in a banking grade onboarding process. You might know it under the term of KYC or CDD(Customer Due Diligence).
How we are doing it:Registering and claiming identityIndividuals are creating an account(username, email address and password) on the enrollment website and once they confirmed their email address, they can start filling their details: date of birth, home address, SSN and such. For all these attributes, after there are filled, the individual will be able to upload on an isolated IPFS instance, its government-issued documents that prove that whatever details the individual supplied there are the real ones.
Verification and ValidationThe verification and validation are done by the community, by the people that when created their account also checked the option to be a notary, a verifier in the community. To the newly created identity, the system will allocate 16 random verifiers or notaries. We do this to prevent the contagious scenario in which someone with 20 friends would push fake details into the system. This doesn't mean that your friends can't validate you, is just that only after those 16 verifications and validations you're trustworthy.
The verification and validation are done face to face after the individual that wants to be verified and validated gets into contact with the notaries and agree on the details of the meeting.
Once face to face, the individual decrypts his claimed details, and its IPFS saved documents and also provides the originals of the documents uploaded. The verifier will check all these three sources and proceed accordingly. If all match he/she will say that X is who claims to be or not. Whatever the individual shared with the verifier is revoked, and the individual can ask for a new verification and validation. If the verification and validation are negative, a red flag is raised. The red flag can be undone by three random picked by the system verifiers. If all three are saying that whatever details are there are true, then the individual can use its identity. If the result is negative, that single individual option is to fill the real information and upload the authentic documents and proceed to a new verification and validation.
Using your identityIt doesn't make sense to offer people a way to be in control over their identity if there is no entity accepting this as means of onboarding. We are working to bring companies that allow Persona as a means of identification. There is granularity in Persona, and this means that you can share your phone with your mobile carrier, and your home address and SSN with the bank (due to regulations, you might even have to give them access to the documents uploaded in the IPFS instance. This meaning that you're encrypting the documents with your key and the banks key the documents and they are the only one that has access to that link. Once you decide to end your relationship with the bank you deactivate the connection and issue a notification to the bank that you request to have all your details deleted according to the GDPR).
When an entity is accepting Persona as means of onboarding, there is a cost associated with this process. The price, in Persona tokens, will be split evenly to all the notaries that verified and validated that specific identity.
To maintain the onboarding even more straightforward, an entity can choose if they accept an identity verified and validated by community only or they can appoint their trust person to perform the verification and validation or both.
Take this scenario: to maintain the customer acquisition costs low to none, a bank can decide that it is comfortable to allow online account opening based only on community validations. Once the individual wants a credit card, the verification and the validation will be conducted by the trusted person the bank designated for that specific geography(town or whatever)
What makes us differentWell, identity is a classical use case for blockchain, and some other initiatives are trying to handle it. Not only because it's a traditional use-case, but because it makes sense and because we need the means to protect our details.
- Unlike most of the rest of identity blockchain projects(98%), Persona runs on its own blockchain, not on Ethereum blockchain as an ERC20 token. This means that we are not vulnerable to whatever happens to some other blockchain and that we are the master of our "faith."
- We are the only identity project that can interconnect with other blockchains, to push identity cross blockchains, by using Ark's Smart Bridge capabilities(that's the reason we are developing Persona on Ark)
- We are democratizing identity. In Persona there is no higher authority, everybody has the same level of trust, making sure there are as less as possible scenarios in which someone might be corrupted to push fake data.
- Each validation gives the individuals some trust points. These trust points are depreciating in time, so we move the data refreshment effort for the companies to the individuals. If they want to be in control over their data and not be the next hacking victims, individuals will have to be verified and validated permanently. We are looking at six months right now, but it depends on how the tests with the partners will go. You might ask yourself why this depreciation? Well, think about this: you just opened a bank account by identifying yourself with Persona. Two weeks later you move, or your ID/passport is stolen. Now you have a new address, a new ID or a new passport. You are the same person you were three weeks ago, but some of your attributes are not accurate anymore. You'll have to meet some new people and get verified and validated, and all the entities that you're in a relationship with potentially will have access to the latest version of your details.No other project does this.
- Persona is a trust protocol over blockchain, but to build on top of it, we need first to establish the identity. So Persona is not just a decentralized, better and safer KYC solution, but any interested developer can build its application on top of Persona. You could build a proper social network, making Cambridge Analytica just a bad memory, a safer Twitter like, where all the accounts are real people, you could develop an application to fight fake news or safely store medical records, use Persona as LDAP, or as a ledger for previous skills, voting applications or reviews. We just formatted the documentation in GitHub format, and we are going to publish it on the testnet branch in the following days
- Imagine you decide to rellocate to a new country. The entities you were in a relationship with back home, can provide identity as a service in the new country, making it easier for you to have access to renting an apartment, signing up with utilities providers, because you are the same person you were back home, nothing changed.
Where we are now?As already stated, we are days away from launching our fully functional testnet, covering the identity claiming up to "consuming your identity." We are using Ark V1, so as soon as we publicly launch the testnet, we will focus on security, high availability (testing scenarios with tens of thousands of users claiming or consuming their identity). We are inviting all of you to take Persona to a "test drive" and get a glimpse of how the future of decentralized trust looks like.
