译文/Translated:
管理私人信息是当代的要点,管理数字凭证也如此。OmniOne创造了一个建立在EOSIO上的去中心化身份解决方案,现在该方案已经已经在韩国公共领域应用了。
OmniOne是由RAON推动的项目,RAON是韩国领先的公共交易ICT安全软件集团,它为500多个客户集团提供安全产品和ICT安全咨询服务。现在,他们的产品已经由3000多万用户了。
OmniOne的全球业务发展负责人Alex David描述了数字身份的情况。“提供线上资源依然是现在一大的挑战,它还尚待解决。历史来看,身份验证从中心化转为联合身份模式。登陆网站这可能已经足够了,但随着身份窃取和身份盗用越来越普遍,一定程度的风险也随之而来。数字世界中,数据被认为是新的石油,不单单有收集数据的企业会采集数据,同时他们储存在中心化服务器的时候也会受到恶意黑客的攻击。”
为了解决这些问题,OmniOne在为一个数字交互为重点的世界中构建一个信任层,其目的是帮助人们从服务为中心的身份过渡到身份自主范例,让每个人都可以用高度安全的方式控制自己的身份,同时让系统参与者都能获得好处。
“OmniOne充当去中心化身份平台,它把线上快速身份认证(FIDO)带来的便捷和安全与EOSIO区块链的效率结合起来。”Alex说,“OmniOne的目标是利用其团队在公共重要基础设施和生物统计的专业技能,引入和标准化全球自主身份协议,同时利用诸如W3C可验证凭证等国际标准。
证明谁是谁
身份管理系统曾经主要是靠纸质文档,但是现在它大多已经电子化了。为了逐渐适应网络服务发展,数字身份管理也就带来了中央数据服务器的大规模使用,这些服务器主要用来储存账户凭证。脸书和谷歌已经提供了类护照服务,可以仅通过一套凭证连接到网站,从而绕过创建账户的麻烦。
确实,联合身份服务比不久前的传统孤立的账户管理系统方便许多。但是,从安全性和用户数据隐私的角度来看,这些服务还有提高的空间。
OmniOne利用新方法处理身份管理问题:依靠自主身份概念的创新的区块链系统。Alex解释说,“自主身份这个概念的目的是让用户能够重新控制自己的身份,其方式包括让用户能够把私人的身份信息储存在自己的设备上,这样数据就不用存储在中央服务器上了。”
OmniOne给用户提供了一个方便的方式,让他们能够寻回凭证:依靠用户独特的生物信息创建和进入的钱包。根据全球认可的FIDO安全标准,该钱包是安全的。
OmniOne利用自主身份的方式增强了安全,这个方法利用EOSIO区块链上的去中心化身份识别(DID)。用户不需要把信息储存在中心化服务器中,相反,他们把凭证储存在自己的设备中,这样就减少了外部攻击向量。
OmniOne利用零知识证明(ZKP)技术维护隐私、防止过度收集个人信息。利用ZKP技术,一方就可能向另一方证明自己拥有某些信息,但除了拥有该信息这个事实以外的一切信息都不需要披露。
为什么OmniOne选择了EOSIO
OmniOne选择区块链平台的时候,性能是他们考虑的一个因素。“我们的平台建在EOSIO上,EOSIO能保证高规模化水平,这就让OmniOne网络能够顺利运行,同时还支持大量交易。”
在所有可用的区块链技术中,OmniOne最终选择了EOSIO有以下几个原因:
- EOSIO适用于企业解决方案。EOSIO适合企业级用例,因为它能实现向用户提供区块链ID进行验证的服务。
- EOISO和去中心化身份认证集成。一个EOS公网账户可以有多个公共密钥这个概念和DID方法相似,都可以加速DID平台的发展。
- EOSIO的高性能。EOSIO智能合约的性能能保证每秒大约4000个交易。这对于规模化很有帮助,而规模化是开发身份相关的基础架构中的一个重要因素,因为不管用户有多少,基础架构都必须一直顺利运行。
- EOSIO提供可配置的共识。EOSIO共识方式可以用在多个环境中,对于寻找公共和受许可的平台的企业来说这特别有用。比如说,OmniOne利用一个权威证明(PoA)+异步拜占庭容错系统为基础的公式模型加快其技术的配置。
“有这个基础架构,EOSIO带来了OminiOne的成功。OminiOne现在是韩国领先的DID平台。该平台已经部署在多个公共机构和金融公司中了,这些机构和企业都需要基于信任的验证基础架构。同时,EOSIO还帮助我们搭建了OmniOne主网,这是一个高度安全的公共网络,让任何公司都能利用去中心化身份服务,而不需要承担相应的基础设施费用。”
OminiOne是怎么管理身份的
OmniOne利用EOISO传递加密保护的信息,让用户在证明身份的时候不需要过度暴露信息。EOSIO结构在本地支持把多个公共密钥绑定到一个账户上,它让用户可以安全地在多个设备上用一个ID进行验证。
用户把公共和私人密钥组和自己的指纹绑定,从而创造Omni ID账户。这个信息和DID绑定起来,就安全地把用户绑定到凭证验证发行方上。当用户发起请求时,发行方用利用DID验证用户。如果用户通过验证,发行方,如政府机构,就会把凭证发放记录存储在区块链上。而用户则从发行方获得一个可验证的凭证,这个凭证可以存储在本地设备上。而设备就可以凭用户意愿使用,而参与的服务提供方则能够在OmniOne网络上查看用户可验证的凭证信息。
OmniOne的EOSIO区块链被配置成在PoA异步拜占庭容错共识模型下运行,这个模型和委托权益证明(DPoS)相似。但是,和DPoS模型下超级节点选举的方式相反,在PoA模型下,网络上的超级节点是预先决定的。这种超级节点选取模型适合包括教育机构、政府机关、医疗机构在内的能够从受许可的公共平台获益的实体。
DID的美好未来
OmniOne已经支持韩国政府推出公务员ID卡和其他电子凭证识别方式,同时还在和负责开发电子驾照的部门协商合作。此外,韩国政府还打算引入全国的数字识别项目,其中包括把多数政府发行的ID数字化,而OmniOne已经在为这个多步走的计划做初步贡献了。
全球范围来看,OmniOne继续支持其美国分部,它正在和多个潜在合作伙伴谈判。OmniOne还积极促成通过其参与DID联盟,开发新的可追责的电子身份基础架构。“这个基础架构为实现OmniOne这样的去中心化身份平台的民主化奠定基础。”Alex说,“这些努力都会帮我们构建一个可信任的全球DID平台,这样,全世界的参与者都可以加入我们,控制自己的私人数据。”
OmniOne背后的团队
OmniOne庞大的团队包括50多个成员,其中包括研究者、开发者、服务规划、业务开发、市场营销人员。OmniOne的研发团队中有PKI和生物数据方面的专家,他们的知识和专业覆盖了加密技术。公司服务规划团队在为RAON公司的多种IT、安全和验证解决方案和平台上有丰富的UI/UX设计经验。OmniOne的业务开发才是韩国IT企业趋势的专家,他们还和合伙人及用户,包括很多重要的公共和私人组织,有紧密的人脉。OmniOne的市场营销人员在IT营销和内外市场交流上有丰富经验。
Alex David
OmniOne的业务开发负责人,Alex David,精通法语、英语、西班牙语和汉语。他是自主身份和DID相关技术的爱好者,他参与做区块链空间已经有四年多了。在此之前,他在一个顶层跨国金融机构担任投资经理长达七年多。现在,他努力提高自主身份意识,同时也在努力部署在真实用例上领先的去中心化身份平台OmniOne。
建立在EOSIO之上?
我们的 #建立在EOSIO 系列展示了利用EOSIO科技的一些卓越的项目,它们都能为我们更加安全和联系的世界添砖加瓦。如果您想给我们下一个阶段的项目提建议,请给我们的开发者关系小组发送邮件spotlight@block.one
了解EOS VC如何通过战略性投资和风投合伴基金支持EOSIO生态,请访问 vc.eos.io
–Block.one开发者关系小组
原文/Original:
Managing private information has become a focal point of the common era, and managing digital credentials is no different. OmniOne created a decentralized identity solution built on EOSIO that is now being embraced by the South Korean public sector.
OmniOne is a project powered by RAON, a leading publicly traded ICT security software group in South Korea providing security products, as well as ICT security consulting services to more than 500 customer organizations. Today, their products reach over 30 million users.
Alex David, in charge of global business development at OmniOne, describes the landscape of digital identities. “Proving our identity online remains one of the challenges that has been left unsolved. Historically, identification has been following a path from centralized to federated identity. This may be good enough for logging in to websites, but at a time when identity theft and fraud are becoming increasingly prevalent, it also introduces a level of risk. In a digital world, where data is considered the new oil, it is not only exploited by companies collecting it, but also targeted by malicious hackers when stored in centralized servers.”
To address these challenges, OmniOne is building a layer of trust for a world where digital interaction remains prominent, to help transition from a service-centric identity to the self-sovereign identity paradigm, empowering anyone to control their identity in a highly secure manner while providing mutual benefits to the participants of the ecosystem.
“OmniOne acts as the Decentralized Identity platform that combines the convenience and security of Fast ID Online (FIDO) with the efficiency of an EOSIO-based blockchain,” says Alex. “OmniOne aims at introducing and standardizing a global self-sovereign identity protocol, leveraging the expertise of its team on public key infrastructure and biometrics, while applying international standards such as W3C-based Verifiable Credentials.”
Proving Who is Who
Once largely paperwork driven, today’s identity management systems are, for the most part, now digital. Over time, to accommodate the growth of web-based services, the evolution of digital identity management has given rise to the widespread use of central data servers that store account credentials. Facebook and Google already offer passport-like services that bypass account creation by connecting to websites through just one set of credentials.
It’s true that federated identity-based services are more convenient than the traditionally siloed account management systems of the not so distant past. However, these services still leave room for improvement in terms of security and user data privacy.
OmniOne takes a new approach to identity management with an innovative blockchain-based system that hinges on the notion of Self-Sovereign Identity. Alex explains, “The Self-Sovereign Identity is a concept that aims to give users control back over their identity by, for example, enabling them to store their personally identifiable information on their own device, so data will not be stored on central servers.”
OmniOne offers users a convenient means to retrieve credentials through a wallet that can be created and accessed with the user’s unique biometrics. The wallet is secured in accordance with the globally recognized FIDO security standard.
OmniOne enhances security with a self-sovereign identity-based approach that leverages a Decentralized Identifier (DID) on an EOSIO-based blockchain. Rather than storing information on a centralized server, users store their credentials on their own devices, reducing external attack vectors.
OmniOne uses zero knowledge proof (ZKP) technology to maintain privacy and prevent the excessive collection of personal information. With ZKP technology, it is possible for one party to prove to another party that they have certain information without conveying anything apart from the fact that they possess it.
Why OmniOne Chose EOSIO
Performance played a factor in OmniOne’s choice of blockchain platforms. “Our platform is based on EOSIO, which ensures a high degree of scalability, enabling the OmniOne Network to run smoothly while supporting a high volume of transactions.”
Among the blockchain technologies available, OmniOne decided to select EOSIO for the following reasons:
- EOSIO is tailored for business solutions. EOSIO is suitable for business grade use-cases as it allows the creation of services that provide users with blockchain-based IDs for authentication.
- EOSIO Integrates with Decentralized Identifiers. The concept of multiple public keys associated with a single EOS Public Network account is similar to a DID-based approach, facilitating the development of a DID-oriented platform.
- EOSIO delivers performance. EOSIO smart contract performance enables around 4,000 transactions-per-second. This is conducive to scalability, a crucial factor when developing an identity-related infrastructure where operations must run smoothly at all times regardless of the number of users.
- EOSIO provides configurable consensus. The EOSIO consensus method can be adapted to numerous environments, particularly useful for companies that look for a public and permissioned platform. For instance, OmniOne uses a Proof of Authority (PoA) + asynchronous Byzantine Fault Tolerance-based consensus model to facilitate the deployment of its technology.
“Thanks to its architecture, EOSIO contributed to the success of OmniOne. OmniOne is now a leading DID-platform in South Korea. The platform has already been deployed in a variety of public organizations and financial companies that needed trust-based authentication infrastructure. In parallel, EOSIO helped us build the OmniOne Mainnet, a highly secure public network that allows any company to leverage decentralized identity services without having to bear the related infrastructure costs.”
How OmniOne Manages Identity
OmniOne uses EOSIO to relay cryptographically protected information, enabling users to prove their identity without over-disclosing their information. By natively supporting pairing multiple public keys to a single account, the structure of EOSIO allows users to authenticate with one ID on multiple devices in a highly secure manner.
A user creates an Omni-ID account by pairing a public and private keypair with their fingerprint. This information is bound with a DID, securely connecting users to credential verification issuers that, upon request by the user, can use the DID to authenticate the user. If the user is authenticated, the issuer, for instance a government agency, stores a record of the credential issuance to the blockchain. The user, in turn, receives a verifiable credential from the issuer that can be stored on their local device. Now the device can be used at the user’s discretion with participating service providers that are able to refer to the user’s verifiable credentials information on the OmniOne Network.
OmniOne’s EOSIO blockchain is configured to operate with a PoA Asynchronous Byzantine Fault Tolerance-based consensus model, similar to Delegated Proof of Stake (DPoS). However, as opposed to how Block Producers (BPs) are elected, as they would be under a DPoS consensus model, under PoA, BPs on the network are predetermined. This BP selection method is suitable for entities, including educational institutions, government agencies, healthcare providers, and many more that could benefit from a platform that is both permissioned and public.
A Bright Future For DID
OmniOne is already supporting the South Korean government in rolling out civil servants ID cards and other forms of identification in the form of digital credentials, and is in discussions with the ministry charged with developing the digital driver license. In addition, the Korean government planned to implement a nationwide digital identity program, and OmniOne is contributing to the first stage of this multi-step plan that includes the digitization of most of the government-issued IDs.
On a global scale, OmniOne continues to support its United States branch, where discussions with a variety of potential partners are ongoing. OmniOne is also actively working towards the development of a new architecture for an accountable digital identity through its participation in the DID Alliance. “This architecture lays the groundwork for democratizing the use of decentralized identity-platforms such as OmniOne,” says Alex. “All these efforts will help us build a trustworthy global DID platform where participants from all around the world would be able to join and take control of their personal data.”
The Team Behind OmniOne
OmniOne’s extended team includes over 50 individuals, encompassing researchers, developers, service planners, business developers, and marketers. OmniOne’s R&D team consists of experts in PKI and biometric technologies whose knowledge and expertise covers cryptography. The company’s service planners are experienced in designing UI/UX for RAON’s various IT, security, and authentication solutions and platforms. OmniOne’s business developers are specialists in South Korea’s IT business trends, and have strong networking connections with partners and customers, including many important public and private organizations. OmniOne’s marketers have rich experience in IT marketing and communications for both domestic and overseas marketplaces.
Alex David
OmniOne Business Developer, Alex David, is professionally fluent in French, English, Spanish, and Korean. He is a Self-Sovereign Identity and DID-related technology enthusiast who has been involved in the blockchain space for over 4 years. Prior to that, he worked as an investment manager within a top-tier global financial institution for over 7 years. Now, he strives to increase the awareness of Self-Sovereign Identity while working on the deployment of OmniOne, the leading Decentralized Identity-based platform in terms of real use cases.
Building on EOSIO?
Our #BuiltOnEOSIO series showcases some of the amazing projects leveraging EOSIO technology to build a more secure and connected world. If you would like to suggest a project for us to feature please send an email to spotlight@block.one for our Developer Relations team to review.
For more information on how EOS VC supports the EOSIO ecosystem through strategic investments and venture capital partnership funds, visit vc.eos.io.
– Block.one Developer Relations team
原文链接/Original URL: