SelfKey: A Blockchain Based Self-Sovereign Identity System

  • 28 February 2018
  • Expert Insights

Our new Disruption by Blockchain series aims to highlight companies that are leveraging the incredible potential of blockchain technology to disrupt and revolutionize their industry. Through one on one interviews, we'll speak directly with industry leaders to cut beyond the hype and get directly to the heart of practical use cases and examples of how it will change the world, one industry at a time.

The following is an interview we recently had with Edmund Lowell, Founder of SelfKey.

1. What’s the history of SelfKey? How and where did you begin?

EL: Everything started when I set up a company formation business that helped clients to research, compare, and determine their options for incorporating in a new country or jurisdiction, and KYC was a repetitive and painful experience both for me and my clients. That was when I knew that there was a huge problem to solve, and I started KYC-Chain. KYC-Chain is a KYC onboarding software that uses blockchain technology to help businesses verify the identity of their clients and consumers, process regulatory checks, and onboard clients more quickly.

After bringing our product to banks, I realized that banks often perceive that customer data belongs to them. This sharpened my focus. The real problems were that identity owners do not own their data, there was a need to digitize identity transactions, and that identity owners should be able to manage their digital identity in a wallet that no other entity except them had access. I started to research potential solutions, wrote a white paper about Self-Sovereign Identity, and started the SelfKey journey. I surrounded myself with brilliant advisors and built a team around the core KYC-Chain team to develop the project.

We deemed that Ethereum-based tokens were helpful in minimizing potential drawbacks that a digital identity system could have. Requiring users to stake a certain amount of tokens to access the network helps to prevent spam, and encourages participants to act in accordance with a trust framework (legal agreement) to avoid potential bad practices and misuse of identity data . This is why we enabled our own token distribution event, which had a spectacular response.

As we were aware of the current government uncertainty in the blockchain space, we established a Foundation in Mauritius and applied for a Regulatory Sandbox License to grow long term under the official licensing of a government agency. Recently, the Board of Investment of Mauritius granted the Foundation with the RSL, which gives as a greater level of regulatory certainty to develop the project.

2. Who are the founders and key team members?

EL: I am an entrepreneur living in Asia since 2011, innovating at the crossroads of the finance, technology, and legal fields.

I am also the founder of FlagTheory, which helps individuals and businesses create more freedom, privacy, and wealth through strategic internationalization, and I built several Fintech and RegTech products, including jurisdictional comparison applications such as incorporations.io, residencies.io, passports.io, and a blockchain-based KYC onboarding software, KYC-Chain.

KYC-Chain has worked with renamed financial institutions such as Standard Chartered, as well as with ambitious startups of the Fintech space, and powered the KYC for a number of token generation events.

Other key team members of SelfKey include:

Joonas Ruotsalainen, Technical Leader

Joonas is a Finnish software engineer based in Asia since early 2012, and is the VP of Engineering at SelfKey and KYC-Chain. Joonas has over 12 years of full-stack programming experience, with his initial interest stemming from exposure to and interest in web and mobile development in his early teens. Prior to joining the SelfKey and KYC-Chain team, Joonas was a lead developer at Iglu — a software shop based in Chiang Mai, Thailand. Joonas is passionate about blockchain technology and its potential to positively impact modern society.

Giorgi Maisuradze, Technical Leader

Giorgi Maisuradze is a lead developer and a software architect of SelfKey and the Georgian Municipal Service Development Agency, one of the most efficient government identity systems in the world, where one can set up a company, residency, corporate bank account, and personal account in one afternoon. Giorgi spent more than 8 years being a back-end and a front-end developer in various companies before he joined KYC-Chain and Selfkey.

Andre Goncalves , Technical Leader

Andre is a Portuguese software Engineer with a master’s degree in Computer Science from Porto University.
Since he was young, he has been interested in building things, so software engineering was an obvious career choice for him. He really enjoys building clean, lightweight and resilient systems.
He has been writing code for most of his adult life, starting his career as a network engineer for Alcatel-Lucent, and moved on to consulting and worked for a wide spectrum for companies and verticals.

Carlos Bruguera , Blockchain Engineer

Carlos Bruguera is a smart contract developer and software engineer at SelfKey. Carlos is very enthusiastic about the disruptive potential of decentralized ecosystems in many areas of society, and especially in digital identity. With more than 12 years of experience in software architecture design and full-stack development, Carlos also loves writing and taking part in collaborative efforts towards innovation.

Zach Garman , Product Manager

Zach Garman leads product management and business development at SelfKey. Zach is passionate about the potential of Self-Sovereign Digital Identity as a means to radically improve financial inclusion and human potential. Prior to joining KYC-Chain and SelfKey, Zach spent three years at a financial services consultancy with experience in Fintech, Commercial Banking, and Housing Finance. Zach holds a Bachelor of Science degree in Mechanical Engineering from Virginia Tech.

3. What problem are you solving? Who are you solving it for?

EL: As our lives become increasingly tied to the internet and the digital space, we start to have a digital identity. As identities move online – they will need to be proven, mostly with identity documents that are often stored in giant, vulnerable, centralised databases. This may lead to two huge problems:  

Data breaches, exposing people to identity theft. Centralized databases storing a huge amount of identity data and documents are attractive for hackers.
Identity owners do not control this data. Instead, third parties control it and might misuse their customers’ identity data.

Furthermore, KYC compliance is inefficient, expensive, and a painful reality for financial service providers that make consumers go through a long and laborious onboarding process.

We currently lack digital identity storage that can be managed in a self-sovereign manner.

4. What is your solution to this problem?

EL: SelfKey is developing a decentralized digital identity system using blockchain technology, which gives users complete control over their personal identity information, a concept known as Self-Sovereign Identity.

Our go-to market strategy involves an identity wallet where we can control and manage our most important identity attributes and financial data, and a business-facing KYC platform that allows efficient KYC onboarding processes.

The gateway into the world of Self-Sovereign Identity is through the creation of a SelfKey digital wallet, the Identity Wallet. This identity wallet is capable of storing personal identity data such as a copy of an individual’s passport photo page, tax numbers, and other unique identifiers such as driver’s licence numbers and proof-of-address information.

When the SelfKey wallet is created, a unique public/private cryptographic key pair is generated for that individual. The premise of public key cryptography is that anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt the message. Once the SelfKey wallet is created and loaded with cryptographically signed identity documentation, the individual can begin securely sharing their digital identity information in commercial transactions.

With SelfKey, proving identity becomes seamless — and secure. When an individual is asked by their bank to provide a copy of their passport, instead of sharing a physical copy of this document with SelfKey, they’ll simply sign a digital copy of the passport photo page in their wallet using the bank’s public key and deliver it to the bank via the SelfKey network.

As it travels along the SelfKey network, the individual needs not be concerned about their passport information falling into the wrong hands. Because the passport information is cryptographically signed (encrypted) using the bank’s public key, it can only be decrypted once the bank applies its corresponding private key, which is known only to them. To everyone else on the network, only the secure hash of the passport information is visible.

This cryptographic exchange mechanism, therefore, prevents unauthorised sharing of secured information. For example, if the bank subsequently attempted to share the passport copy with another third party, the document would be unreadable to that third party. Using SelfKey, the individual identity owner is able to retain full control over their personal data while being able to safely and securely share that data with third parties of their choice.

5. Why is your industry ripe for disruption?

EL: Most identity systems have large centralized databases containing millions (or billions) of identity records. Because of their sheer size, these centralized databases are high-value targets for hackers. The identity data they contain is relatively easy to steal and use

The recent Equifax data breach, where the personal data of up to 143 million individuals may have been compromised, highlights the vulnerability of centralized databases and calls into question the continued practice of collecting large centralized sets of highly sensitive data. In some instances, the citizens of entire countries (such as Sweden) have suffered potentially devastating personal data breaches.

Current identity systems are limiting Fintech innovation as well as secure and efficient service delivery in financial services and in wider society. Digital identity is widely recognised as the next step in identity systems.

Recent estimates indicate that over $40B USD is spent complying with KYC regulation each year, in addition to the trillions of hours of associated time costs. This cost is necessarily high because relying parties cannot quickly and easily access up-to-date identity data, validate the data, or screen it to satisfy their regulatory requirements. Therefore, relying parties must send new requests to the identity owner, treating every identity owner as a ‘blank canvas’ and forcing them through the fully robust KYC process.

The time and effort expended by one relying party to perform KYC validation checks cannot be reused or recycled and is not leveraged in future requests. If the identity owner decides to change service providers, these same checks need to be completed by the new relying party. The identity data is not “ported” to the new service provider and so ends up being held by multiple providers, many of whom hold redundant, yet still highly sensitive identity data, for individuals who are no longer their clients or customers.

The high cost involved in this procedure creates a barrier to exit when changing service providers, leading to an uncompetitive environment, to the detriment of identity owners, fintech startups, and innovation, generally. It also increases the risk of identity theft for individuals. Furthermore, those who lack identity documents issued by a national government are excluded from commerce completely because of their inability to comply with KYC regulations.

Although certainly well-intentioned, KYC regulations can easily exclude legitimate market participants and slow down international commerce. This problem could easily be solved if there was a way for existing KYC data to be linked, re-used, and easily ported across borders in a compliant manner.


6. What’s the future of your industry?

EL: It’s difficult to predict the future, it’s even harder to do it with any degree of accuracy. In either event, one usually ends up looking like a fool. “The fool doth think he is wise, but the wise man knows himself to be a fool” – Shakespeare.

Nonetheless, here are my three predictions:

Prediction #1: For Identity
Implementation of “Verified Claim” identity protocols with multiple companies and organizations building into an established industry standard, which is as powerful or more powerful as a protocol than email. This will mean a full digitization of identity transactions, including government issuance of identity certificates, identity management, and KYC processes which breaks down individual silos and puts the identity owner in a true position of enfranchisement and ownership – something called self-sovereign identity.

Prediction #2: For Crypto
Increased regulation and government oversight, as tokenizing assets is a trend that will not go away. All types of financial incumbents will scramble to get into the space, but lobby and rally governments to regulate the space. For countries that get it right, this is an opportunity, and for countries which get it wrong, they are trying to stop a technology which is permissionless, censorship-proof and inevitable and will see jurisdictional arbitrage.

Prediction #3: For ICO’s & Blockchain
A bubble bursting in crypto assets, with many “ICO” companies disappearing without having created any valuable software or company – but through this pit of despair will emerge a plateau of productivity with several valuable organizations left standing, who have created working code with real-world use cases.

About Expert Insights