Hire Dedicated Mobile app Developers | Umano Logic

Hire App Developers to create mobile apps, design mobile apps, or manage your mobile app. Our mobile app developers have developed knowledge in all aspects of mobile applications and are ready to help your company.

For more information: https://umanologic.ca/ 

How to Choose the Best App Development Company in Canada 2025

The Canadian app development market is booming, with businesses of all sizes recognizing the value of mobile applications in reaching customers, streamlining operations, and driving growth. Finding the right partner to bring your app idea to life is crucial in this competitive landscape. This guide will provide you with a comprehensive overview of how to choose the Best App Development Services in Canada in 2025.

1. Define Your Project Requirements

Before you start researching companies, clarify your app's specific needs and goals. Ask yourself the following questions:

What problem will your app solve?

Who is your target audience?

What are the essential features and functionalities?

What is your budget and timeline?

What platforms (iOS, Android, or both) do you need to support?

Having a clear understanding of your requirements will help you narrow down your search and communicate effectively with potential development partners.

2. Research and Identify Potential Companies

Start your search online. Use search engines, industry directories, and review websites to identify potential app development companies in Canada. Look for companies with a strong portfolio, positive client testimonials, and relevant experience in your industry. If you're based in Alberta, specifically research for an App Development Company in Calgary.

3. Evaluate Their Portfolio and Experience

A company's portfolio is a window into their capabilities and expertise. Review their past projects to assess the quality of their work, their design aesthetic, and their technical skills. Look for projects that are similar to your own in terms of complexity, functionality, and industry.

Pay attention to the technologies they use. Are they up-to-date with the latest trends and frameworks? For instance, if you plan to develop a cross-platform application then enquire if they Hire React Native App Developer.

4. Check Client Testimonials and Reviews

Client testimonials and reviews provide valuable insights into a company's reputation and customer service. Look for feedback on their communication, project management, technical expertise, and overall satisfaction. Check independent review sites like Clutch, GoodFirms, and Trustpilot to get unbiased opinions.

5. Assess Their Technical Expertise and Development Process

A reliable app development company should have a well-defined development process that includes:

Planning and Discovery: Thoroughly understanding your requirements and creating a detailed project plan.

Design: Creating wireframes, mockups, and prototypes to visualize the app's user interface and user experience (UI/UX).

Development: Writing clean, efficient, and well-documented code.

Testing: Rigorous testing to identify and fix bugs.

Deployment: Launching the app on the app stores.

Maintenance and Support: Providing ongoing maintenance and support to ensure the app's stability and performance.

6. Consider Their Communication and Project Management Skills

Effective communication is essential for a successful app development project. The company should be responsive, transparent, and proactive in keeping you informed of progress. They should also have a robust project management system in place to track tasks, manage deadlines, and ensure that the project stays on track.

7. Evaluate Their Location and Team Structure

While remote collaboration is common, consider the benefits of working with a local company, especially if you value face-to-face meetings and on-site collaboration. An IT Agency in Calgary would be ideal if you're in Calgary. Understand the team structure and the roles of each team member.

8. Discuss Pricing and Payment Terms

Get a clear understanding of the company's pricing model and payment terms. Do they charge hourly, fixed-price, or value-based pricing? Make sure you understand what's included in the price and what's not. Also, clarify the payment schedule and any potential extra costs.

9. Consider Long-Term Support and Maintenance

App development doesn't end with the launch. You'll need ongoing maintenance and support to fix bugs, update features, and ensure compatibility with new operating systems and devices. Choose a company that offers long-term support and maintenance services.

Conclusion

Choosing the best app development company requires careful research and evaluation. By defining your project requirements, researching potential partners, and assessing their skills and experience, you can find a company that can bring your app idea to life and help you achieve your business goals.

This article provides a comprehensive guide on how to select the best app development company in Canada in 2025. It emphasizes the importance of defining project requirements, evaluating portfolios, checking client reviews, assessing technical expertise, and considering communication and project management skills. It also highlights the need for long-term support and maintenance.

At A Square V Solutions, we pride ourselves on being a leading provider of innovative and user-centric app development services in Canada. With a team of experienced developers, designers, and project managers, we are committed to delivering high-quality solutions that meet the unique needs of our clients. Contact us today to discuss your app development project and learn how we can help you succeed in the mobile world.

Hire App Developers Alberta

AppStudio is a full service app development company in Alberta, Canada, specializing in innovative products for startups and industry leaders. If you are searching for mobile app developers in Alberta then you can contact with Our team. Our mobile application development services are world class, as we combine our skills and knowledge to offer the best. 

Hire the Mobile APP development company in Alberta

Whatever your Mobile app development company in Alberta needs are, our team is ready to help take your business online with a professionally designed website that will make an impact on your customers.

Top Web Development Companies in Alberta

Know About the Web Development Company and Web Developers 

 One option is to hire top web development companies in Alberta to help with site creation or redesign. But what exactly do they do, and how can this help your business grow and possibly provide new revenue streams? With this guide, you’ll have all the information you need to decide whether or not a web or app development company is suitable for your business’s needs.

What does a web development company do?

A web development company provides expert assistance in creating a website or an application for commercial or individual use. Most web designers and developers follow a common process for creating websites. The developer may meet with you to discuss your site’s goals. At this meeting, the developer will determine the website layout ideal for achieving your business objectives.

Similarly, the developer may start the application development process with a discovery phase. They will then examine your workflows and revenue goals to determine which features your application must have.

What is a Web Developer?

Do you want to create and manage client websites? Maybe you might look at becoming a web developer! Designers of websites are responsible for writing the code that essentially “directs” the website in its operation. The websites they created are ‘user friendly,’ meaning they are simple. They also construct features within a website, such as a subscription form, a paywall that requires users to enter their payment information, or a thank-you note for their patronage.

What exactly does a Web Developer do?

Web developers have a technical background and an understanding of how computers and server’s function. In addition, they have extensive experience with a wide range of software tools, web apps, and web programming languages like HTML, JavaScript, Ruby on Rails, and C++.

• There are three main components to web development: client-side scripting (which runs in the user’s web browser and determines what they see), server-side scripting (which runs on the server and powers the website’s underlying mechanics), and database technology (which helps keep the website up and running). These responsibilities are typically split up among several Top Web Developers in Alberta on larger projects.

• A back-end developer sets up the site’s infrastructure, while a front-end developer enhances the site’s visual design and interactive features for users (front-end developer). It’s common for employees to operate in teams to better coordinate the needs of their clients with the final result.

• It’s possible that some of your time at work will be spent chatting with customers about their wants and needs regarding a website or how to maintain it best. Web developers build websites from the ground up, from the home page to the back end, ensuring that everything works smoothly and is as user-friendly as possible. As soon as a website goes live, its developers test it in different browsers and make any necessary adjustments to make it work properly across the board.

Conclusion:

A web developer might work in an organization’s IT division, either whole or part-time, or they might run their own company out of their homes. If a developer goes the freelancing route, they may have to do some travelling. Some web developers work as consultants or independent contractors for many companies, while others want to freelance their services to as many businesses as possible.

Why Alberta oil and gas workers are pivoting to tech jobs

As Alberta's oil and gas sector struggles through a labour shortage, some former industry workers are pivoting to careers at technology companies.

For almost seven years, Daniel Afekhume worked as a geoscientist in the oil and gas industry in Nigeria and the United States. But after moving to Canada during the COVID-19 pandemic, Afekhume changed his career path.

"The volatility in the oil and gas industry, it's getting more rapid," Afekhume said.

"It's just tough for me basically to do long-term planning for career growth opportunities."

Afekhume took part in the EDGE UP program, led by Calgary Economic Development, which offers free training to workers transitioning from energy to tech. Over 300 workers took part in the program.

For the past two months, Afekhume has been working as a data engineer at Neo Financial, a financial tech company. He hopes to find more stability in the tech industry.

"I needed a fresh start. I needed to move my experience, my skill set, to another industry, and the tech industry was almost a natural fit for me."

According to commercial real estate and investment firm CBRE, Calgary had a 17.9 percent growth in its tech worker numbers between 2015 and 2020. That's an increase of 46,700 workers. With multinational companies like Amazon Web Services (AWS) setting up shop in Calgary, the city's tech sector appears to be gaining momentum.

Vince O'Gorman, CEO of Calgary-based Vog App Developers, said hiring among tech employers is extremely competitive. His company has been hiring oil and gas workers with applicable skills to the tech sector.

"There's many people in there that have the knowledge in project management and maybe some technical background that is transferable," O'Gorman said.

But with the oil and gas sector experiencing a boom due to price surges, O'Gorman said it may become harder to recruit energy workers into tech.

Kris Read, co-founder and head of technology at Neo Financial, agrees that despite the positive growth in Calgary's tech sector, hiring remains competitive. In less than four years, Read's company has hired over 600 employees, but recruiting is still a challenge.

"Everyone wants the best talent. So, it's going to always be competitive," Read said.

Companies like AWS are turning to post-secondary schools for recruitment. The company partnered with Mount Royal University in November 2021 to create a training program that prepares workers for entry-level jobs in cloud computing.

The recruitment power of larger companies like AWS may be another factor that makes it harder for smaller tech companies in Calgary to hire top talent.

Felipe Moreno, 46, is a mechanical engineer by trade, but for the past year he has worked as a technical analyst at Neo Financial.

Moreno used to work at a sustainability company that was involved in projects in the oil and gas industry. He said the skills he gained in his former work are like what he does in his current tech job.

"It's just a different type of problem solving, using computers and data to analyze problems," Moreno said.

But the transition to working in tech isn't always a breeze. Moreno said the IT industry is always changing, so workers like him need to be constantly learning new skills.

Afekhume also said the biggest challenge of transitioning out of the oil and gas sector was the number of new tools and technologies he had to learn.

"You need to be up to speed. So, it keeps you on your feet, but the good side is that you're always learning … your perspective is always growing and broadening every day."

Key Considerations When Hiring a Mobile App Developer: What You Need to Know

The mobile app market is booming, with millions of apps vying for user attention. If you have a brilliant app idea, bringing it to life requires the expertise of a skilled mobile app developer. But with so many developers out there, choosing the right one can feel overwhelming.

This blog post will guide you through the key considerations when hiring a mobile app developer, ensuring you find the perfect partner to turn your vision into a successful app.

1. Define Your Needs & Budget

Before diving headfirst into the developer pool, take a step back.  Clearly define your app's purpose, target audience, and desired functionalities. This roadmap will help you communicate your vision effectively and attract developers with the right skillset.

Here are some key aspects to consider:

App type: Is it a native app for a specific platform (iOS or Android) or a cross-platform app that works on both?

Features and functionalities: What are the core features your app must have? Consider potential future features as well.

Budget: Be realistic about your development budget.

2. Expertise and Experience

Not all developers are created equal. Look for Mobile app developers who have experience building apps similar to yours. Here are some areas to explore:

Technical Skills: Verify their proficiency in programming languages and frameworks relevant to your chosen platform(s).

Portfolio: Review their past projects to assess their design and development capabilities. Look for projects with a similar level of complexity to your app.

Client Testimonials: Positive feedback from past clients can be a telling sign of a developer's reliability and quality of work.

3. Communication and Collaboration

Effective communication is key to the success of any mobile app development project. When hiring a developer, consider their communication skills, responsiveness, and willingness to collaborate as important factors.  Here's what to look for:

Excellent communication skills: Both written and verbal communication are crucial. Look for someone who actively listens to your needs and provides regular updates.

Problem-solving skills: App development can encounter unexpected challenges. Choose a developer who is resourceful and can find creative solutions.

Transparency and honesty: Open and honest communication is essential. A good developer will transparently discuss potential issues and project timelines.

4. Development Process and Timeline

Before finalizing a contract with a mobile app developer, it's essential to discuss and agree upon the project budget and timeline. Be upfront about your budget constraints and inquire about the developer's pricing structure, payment terms, and any additional costs that may arise during the project. Similarly, establish a realistic timeline for the development and launch of your app, taking into account factors such as the complexity of the project, required features, and potential setbacks or delays.

5. Cost Structure and Payment Terms

Mobile app development can vary greatly in cost depending on the complexity of your app.   Discuss potential pricing structures with developers:

Hourly Rate: Some developers charge an hourly rate, which can be good for smaller projects.

Fixed Project Fee: For well-defined projects, a fixed fee can be more predictable.

Milestone-Based Payments: Payments are made at key milestones throughout the development process.

Hire Umano Logic's Skilled Mobile App Developers 

Hiring the right mobile app developer is a critical step towards turning your app idea into reality. 

At Umano Logic, we understand the importance of hiring skilled mobile app developers who can seamlessly integrate with your team and deliver exceptional results. As a leading mobile app development company in Edmonton, Our dedicated mobile app developers are committed to working within your timezone and maintaining clear communication throughout the development process.

By clearly defining your needs, vetting developers based on expertise and communication style, and understanding the development process and costs, you'll be well on your way to finding the perfect partner.

Get in touch with us for more!

Contact us on:- +1 (780) 993-6637

Email us at:- [email protected] 

Do you wish to create a Mobile App within an affordable budget? Hire our professional app developers, who are well-versed in App development and create path-breaking Android and Ios Apps. . To read more in detail, click on the below link. www.foebby.com . #androidappdevelopment #prometteursolutions #mobileappdevelopment #appdevelopment #android #androidapp #androiddeveloper #digitalmarketing #mobileappdevelopmentcompany #androidapps #mobileapp #websitedevelopment #androidstudio #androiddevelopment #startup #ios #iosapps #iosapplication (at Calgary, Alberta) https://www.instagram.com/p/CPz-W72D3-F/?utm_medium=tumblr

Top Mobile App Development Companies in Alberta in 2020

Are you looking for top mobile app development companies in Alberta? We have listed app development companies to hire for your enterprise app development.

Professional Web Design & Development Calgary

A full-service digital agency with capabilities of web design, web development, and professional Web Design Calgary

Do you need to hire a Web Designer in Calgary? We offer Web Design, SEO and Web Development services in Calgary, Cochrane, Chestermere, and Airdrie of Alberta. We are local, Calgary based professional and an affordable web design, Mobile App and CMS web development, eCommerce and online shopping cart development, custom application development, online internet marketing, search engine optimization, graphics and logo design, database design & development company. We are a complete IT solution for mobile and web applications & SEO services for profit & non profit organization, small businesses to corporate organizations. We possess the valuable assets of 7+ highly professional and experienced IT specialist including website designers, engineers, web developers, SEO experts, and digital marketing executives . Our Web Design &Development work includes with HTML Development, PSD to WordPress, PSD to HTML, Web Design Development, Responsive Design, AR Development and VR Development.

Hire the Best Mobile App Development Agency in Canada

We are a mobile app development agency that works with start-ups and enterprise-level businesses to provide them with sophisticated mobile applications. Our team can help you design and build a personalized, intuitive user experience that will delight your customers and help you achieve your business goals.

Our team of experts has extensive experience in building mobile apps for both iOS and Android platforms. We have worked with numerous companies across various industries to build their mobile app solutions.

 When it comes to technology, we're on the pulse. We help you find ways to improve efficiency, increase productivity, and save time. Lybius Tech team help you to find wide range of services to meet your needs, including: - App development and design

- Web app development and design

- Mobile app development, design, and testing

Our clients include businesses from all sectors, large and small, and we've helped them build some truly outstanding custom software. You are welcome to contact our Mobile app development Alberta team to discuss your requirements and our web applications are built using the latest technologies and best practices, ensuring that they're secure, scalable, and easy to manage. They will help you to develop an effective mobile app for your website. Also, if you have a vision that's burning inside of you, talk to us about it. You may just be surprised by what we can create together! Addition to this, we also offer several other services including prototyping, testing, cloud hosting and more.

Sources by: bit.ly/3x4rWbV

How blockchain may kill the password

How blockchain may kill the password

Imagine a company that can verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer who can verify their identity for a loan without exposing personally identifiable information – again with a click of a button.

That’s the potential blockchain holds for decentralized identity management. It’s done  by creating a digital wallet that serves as a repository for all kinds of personal and financial data, info that can only be shared after a specific request and only with the permission of the owner.

Blockchain distributed ledger technology (DLT) – in combination with digital identity verification – holds the potential to solve online privacy issues that plague everything from consumer sales and bank know-your-customer regulations to employee credentials that allow access to confidential business systems.

“There are multiple vendors in this space that are either in the early R&D stage or testing their products in pilot projects,” said Homan Farahmand, a senior research director with Gartner. “It is too early to declare any winner, by any means, because just having a working product is not enough. Decentralized identity requires a vibrant ecosystem, a robust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.”

One considerable security attribute of storing digital identities on an encrypted, distributed blockchain ledger is eliminating “honey pots,” or central repositories for customer account information, according to Julie Esser, chief engagement officer for CULedger, a Denver-based Credit Union Service Organization (CUSO). Those repositories are prime targets for hackers.

Credit Unions are already testing ID management

Like other CUSOs, CULedger is a cooperative owned by multiple credit unions for the purpose of providing back-office services; it was created a year ago to build out a blockchain-based identity management platform called My CUID. The platform is expected to launch in the second half of 2019 and will hand the keys to data protection over to customers who sign up for an app. CULedger has 36 investors – 26 credit unions and several CUSOs.

In October, CULedger began piloting My CUID with five other credit unions and another CUSO; it eliminated the need for user names and passwords and relieved credit union call centers from the obligation of resetting them when a customer loses them.

How it works: a new or current customer of a member credit union contacts a customer service call center, which sends a text message to the customer’s mobile device with a link to download the My CUID app. The credit union’s rep then issues the customer their credentials – a digital wallet, which holds personally identifiable information obtained during the initial customer contact. That information is encrypted and can only be accessed with the member’s authorization, which is requested when they make a transaction.

Each time a customer using My CUID contacts the credit union – or vice versa – their smartphone or tablet receives a pop-up dialogue requesting they confirm their membership before any transaction is completed.

“You’d click OK or Not OK. It doesn’t feel a lot different than what happens with other apps on your phone,” Esser said. “It’s all based on…the encrypted channels we’ve created, which is really cool. You’re creating a two-way secure communication channel. So, not only does your credit union know it’s you they’re talking to, but you also you know it’s your credit union calling you.”

CULedger has set a goal of issuing 1 million digital identities to credit union members in 2019. Because credit unions must comply with Know-Your-Customer federal regulations, the blockchain-based digital ID service would also fulfill regulatory compliance, Esser said.

Along with giving the customer control over their identity by handing them the blockchain encryption keys, My CUID would eliminate the need for user login names and passwords and dramatically reduce the time it takes for a credit union call center representative to authenticate a member.

It can take a rep from 60 to 90 seconds to authenticate a member before a transaction even starts. That can be reduced to 5 seconds or less with My CUID, according to Esser. “It’s not a pleasant experience to phone a call center because the customer is welcomed with 20 questions to identify who you are, so it’s a wonky process that needs fixing.”

Traditionally, credit unions and other financial services firms rely on third-party service providers for call center and customer authentication services, many of which are located outside the U.S. CULedger would place control back in the hands of member credit unions, Esser said.

In 2019, CULedger plans to begin building out its production customer permission network; it is currently considering several blockchain platforms, including IBM’s Hyperledger Fabric service and R3’s Corda, the biggest commercial blockchain consortium among banks, insurers and other financial service firms. CULedger is also considering working with the Hedera Foundation, the creator of Swirlds, a software platform for creating distributed applications (dApps).

Swirlds is based on the Hashgraph protocol, a DLT well suited to the financial services industry because it can process more than 100,000 transactions per second, unlike bitcoin, which processes three to four transactions per second.

“We need the ability to conduct transactions instantaneously – in real time,” Esser said. “We’d planned to create our own platform, but with the focus on a decentralized identification piece, this allows us to not recreate the wheel. There may be some applications that require different [blockchain] platforms.”

How a self-sovereign ID works

For consumers who are mindful of their online information – credit card numbers, date of birth, annual income, etc. – blockchain has the potential for “self-sovereign” identities like CULedger is creating, meaning the user controls who can see their data or get purchasing approval without releasing their income details.

Self-sovereign identities work like this: the user has a bank confirm a credit limit or an employer confirm annual income; that confirmation information is then encrypted, but available, on a public blockchain ledger to which the consumer holds the private and public cryptographic keys.

If a buyer wants a car loan from an auto dealership, for example, the consumer can give them permission through a public key to confirm that he or she has enough credit or annual income without revealing an exact dollar amount. So, for example, if the car dealer wants to ensure a consumer earns more than $50,000 a year, that’s all the blockchain ledger will confirm (not that they actually earn $72,587).

The confidentiality technique is known as zero knowledge proof (ZKP), a cryptography technology that allows a user to prove that funds, assets or identifying information exist without revealing the information behind it. Ernst & Young has created a public blockchain prototype it plans to launch in 2019 that lets companies use ZKPs to complete business transactions confidentially.

Sovereign IDs in the enterprise

CULedger is also working with the Sovrin Foundation, a new nonprofit that has created the blockchain-based Sovrin Network; it enables anyone to globally exchange pre-verified data with any entity also on the distributed ledger.

The online credentials issued via the Sovrin Network are akin to a physical ID you might carry in your wallet, such as a driver’s license, a company ID or a bank debit card. The virtual encrypted wallet (or crypto wallet) would link back to the institutions that created them, such as a bank, a government agency or even an employer, which, through the blockchain, would automatically verify the needed information to a requestor.

“Our market strategy involves working with enterprise partners to solve their ID problems rather than trying to go direct to end users, so yeah, we’re working hard in that area and have a number of partners who are doing things there. Three who come to mind are Government of British Columbia, CULedger and IBM/ATB Financial,” said Phil Windley, chair and co-founder of the Sovrin Foundation.

The Government of British Columbia and the Government of Ontario have already rolled out a production system using the Sovrin Network for business registration and licensing; together they’ve issued over 6 million credentials, according to Windley.

Sovrin development partners IBM, Workday and ATB Financial (a bank in Alberta) have also started pilot tests of the Sovrin Network.

The partners are demonstrating how digital credentials could work for IBM employees. ATB Financial issues a digital credential, which can be used for both logging into the bank and IBM’s user network. Along with validating the employees’ financial information, the distributed ledger application eliminates the need for employees to have a username or password, Windley said.

“Because it’s cryptographically based, it has a public key associated with them, and you [the employee] own the private key,” Windley said.

Gartner’s Farahmand said self-sovereign identities based on blockchain distributed ledgers are being eyed for all kinds of enterprises uses, including onboard new hires.

Each time a new employee is hired, a new decentralized identifier is generated by the that employee and passed to the enterprise. That identifier can then be propagated within the internal systems for user authentication to the enterprise network and applications, Farahmand said.

“This can be a powerful proposition as it speeds up the onboarding process and subsequent identity life cycle management activities, as well as enabling password-less authentication. It also helps with converging multiple personas a person can have relevant to the organization,” Farahmand said, explaining that the digital IDs can be used to access multiple systems within a company based on organization-based permissions.

A popular design pattern for decentralized identity is comprised of a core identifier and a set of “pairwise” identifiers, each for a relationship the user has with an organization. Pairwise identifiers are cryptographically derived from the core identifier. The pairwise identifier enables an enterprise system to uniquely verify a user identity for each relationship and potentially prevent correlation of user activity across different relationships, enabling privacy-by-design principles at the protocol level, Farahmand said.

For example, a bank employee can be a bank customer at the same time while using the same self-sovereign ID. The two personas are typically represented by two digital identities in two siloed systems – one as an employee and one as a customer of the bank.

“In case of a decentralized identity model, the same person can have two sets of identifiers … mapped to the same core digital identity, which can potentially simplify reconciliation of user activities,” Farahmand said.

Another benefit to a self-sovereign ID is the ability to streamline B2B scenarios where an employee of one organization can have access to systems in another. For example, Farahmand said, if the host organization trusts the decentralized identity that is attested by the guest organization, then a new pair-wise decentralized identifier can be generated to authenticate the user; that simplifies the onboarding and access governance for business customers or other partners.

Significant hurdles remain

While self-sovereign IDs based on blockchain hold significant promise for increasing privacy and efficiency, there are also significant technology hurdles that have yet to be vaulted. For one, trust in blockchain.

A 2018 Gartner CIO survey revealed on average that only 3.3% of companies worldwide had actually deployed blockchain in a production environment.

In a blog post, Avivah Litan, a Gartner vice president and distinguished analyst, listed eight hurdles blockchain needs to surmount before it can become a cure-all for virtually any international, transactional network need – from fee-less, cross-border payments to supply chain tracking.

One significant challenge is integrating DLT systems with legacy databases, the current repositories for corporate employee identities. A decentralized identity system also requires a vibrant ecosystem, a roust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.

“While we encourage our clients to watch this space and do some limited experimentation or even proof-of-concept projects,” Farahmand said, “we also caution them to make sure these products are battle tested, hardened and ready to withstand different types of attacks.”

Source link http://bit.ly/2Sw4gra

How blockchain may kill the password

How blockchain may kill the password

Imagine a company that can verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer who can verify their identity for a loan without exposing personally identifiable information – again with a click of a button.

That’s the potential blockchain holds for decentralized identity management. It’s done  by creating a digital wallet that serves as a repository for all kinds of personal and financial data, info that can only be shared after a specific request and only with the permission of the owner.

Blockchain distributed ledger technology (DLT) – in combination with digital identity verification – holds the potential to solve online privacy issues that plague everything from consumer sales and bank know-your-customer regulations to employee credentials that allow access to confidential business systems.

“There are multiple vendors in this space that are either in the early R&D stage or testing their products in pilot projects,” said Homan Farahmand, a senior research director with Gartner. “It is too early to declare any winner, by any means, because just having a working product is not enough. Decentralized identity requires a vibrant ecosystem, a robust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.”

One considerable security attribute of storing digital identities on an encrypted, distributed blockchain ledger is eliminating “honey pots,” or central repositories for customer account information, according to Julie Esser, chief engagement officer for CULedger, a Denver-based Credit Union Service Organization (CUSO). Those repositories are prime targets for hackers.

Credit Unions are already testing ID management

Like other CUSOs, CULedger is a cooperative owned by multiple credit unions for the purpose of providing back-office services; it was created a year ago to build out a blockchain-based identity management platform called My CUID. The platform is expected to launch in the second half of 2019 and will hand the keys to data protection over to customers who sign up for an app. CULedger has 36 investors – 26 credit unions and several CUSOs.

In October, CULedger began piloting My CUID with five other credit unions and another CUSO; it eliminated the need for user names and passwords and relieved credit union call centers from the obligation of resetting them when a customer loses them.

How it works: a new or current customer of a member credit union contacts a customer service call center, which sends a text message to the customer’s mobile device with a link to download the My CUID app. The credit union’s rep then issues the customer their credentials – a digital wallet, which holds personally identifiable information obtained during the initial customer contact. That information is encrypted and can only be accessed with the member’s authorization, which is requested when they make a transaction.

Each time a customer using My CUID contacts the credit union – or vice versa – their smartphone or tablet receives a pop-up dialogue requesting they confirm their membership before any transaction is completed.

“You’d click OK or Not OK. It doesn’t feel a lot different than what happens with other apps on your phone,” Esser said. “It’s all based on…the encrypted channels we’ve created, which is really cool. You’re creating a two-way secure communication channel. So, not only does your credit union know it’s you they’re talking to, but you also you know it’s your credit union calling you.”

CULedger has set a goal of issuing 1 million digital identities to credit union members in 2019. Because credit unions must comply with Know-Your-Customer federal regulations, the blockchain-based digital ID service would also fulfill regulatory compliance, Esser said.

Along with giving the customer control over their identity by handing them the blockchain encryption keys, My CUID would eliminate the need for user login names and passwords and dramatically reduce the time it takes for a credit union call center representative to authenticate a member.

It can take a rep from 60 to 90 seconds to authenticate a member before a transaction even starts. That can be reduced to 5 seconds or less with My CUID, according to Esser. “It’s not a pleasant experience to phone a call center because the customer is welcomed with 20 questions to identify who you are, so it’s a wonky process that needs fixing.”

Traditionally, credit unions and other financial services firms rely on third-party service providers for call center and customer authentication services, many of which are located outside the U.S. CULedger would place control back in the hands of member credit unions, Esser said.

In 2019, CULedger plans to begin building out its production customer permission network; it is currently considering several blockchain platforms, including IBM’s Hyperledger Fabric service and R3’s Corda, the biggest commercial blockchain consortium among banks, insurers and other financial service firms. CULedger is also considering working with the Hedera Foundation, the creator of Swirlds, a software platform for creating distributed applications (dApps).

Swirlds is based on the Hashgraph protocol, a DLT well suited to the financial services industry because it can process more than 100,000 transactions per second, unlike bitcoin, which processes three to four transactions per second.

“We need the ability to conduct transactions instantaneously – in real time,” Esser said. “We’d planned to create our own platform, but with the focus on a decentralized identification piece, this allows us to not recreate the wheel. There may be some applications that require different [blockchain] platforms.”

How a self-sovereign ID works

For consumers who are mindful of their online information – credit card numbers, date of birth, annual income, etc. – blockchain has the potential for “self-sovereign” identities like CULedger is creating, meaning the user controls who can see their data or get purchasing approval without releasing their income details.

Self-sovereign identities work like this: the user has a bank confirm a credit limit or an employer confirm annual income; that confirmation information is then encrypted, but available, on a public blockchain ledger to which the consumer holds the private and public cryptographic keys.

If a buyer wants a car loan from an auto dealership, for example, the consumer can give them permission through a public key to confirm that he or she has enough credit or annual income without revealing an exact dollar amount. So, for example, if the car dealer wants to ensure a consumer earns more than $50,000 a year, that’s all the blockchain ledger will confirm (not that they actually earn $72,587).

The confidentiality technique is known as zero knowledge proof (ZKP), a cryptography technology that allows a user to prove that funds, assets or identifying information exist without revealing the information behind it. Ernst & Young has created a public blockchain prototype it plans to launch in 2019 that lets companies use ZKPs to complete business transactions confidentially.

Sovereign IDs in the enterprise

CULedger is also working with the Sovrin Foundation, a new nonprofit that has created the blockchain-based Sovrin Network; it enables anyone to globally exchange pre-verified data with any entity also on the distributed ledger.

The online credentials issued via the Sovrin Network are akin to a physical ID you might carry in your wallet, such as a driver’s license, a company ID or a bank debit card. The virtual encrypted wallet (or crypto wallet) would link back to the institutions that created them, such as a bank, a government agency or even an employer, which, through the blockchain, would automatically verify the needed information to a requestor.

“Our market strategy involves working with enterprise partners to solve their ID problems rather than trying to go direct to end users, so yeah, we’re working hard in that area and have a number of partners who are doing things there. Three who come to mind are Government of British Columbia, CULedger and IBM/ATB Financial,” said Phil Windley, chair and co-founder of the Sovrin Foundation.

The Government of British Columbia and the Government of Ontario have already rolled out a production system using the Sovrin Network for business registration and licensing; together they’ve issued over 6 million credentials, according to Windley.

Sovrin development partners IBM, Workday and ATB Financial (a bank in Alberta) have also started pilot tests of the Sovrin Network.

The partners are demonstrating how digital credentials could work for IBM employees. ATB Financial issues a digital credential, which can be used for both logging into the bank and IBM’s user network. Along with validating the employees’ financial information, the distributed ledger application eliminates the need for employees to have a username or password, Windley said.

“Because it’s cryptographically based, it has a public key associated with them, and you [the employee] own the private key,” Windley said.

Gartner’s Farahmand said self-sovereign identities based on blockchain distributed ledgers are being eyed for all kinds of enterprises uses, including onboard new hires.

Each time a new employee is hired, a new decentralized identifier is generated by the that employee and passed to the enterprise. That identifier can then be propagated within the internal systems for user authentication to the enterprise network and applications, Farahmand said.

“This can be a powerful proposition as it speeds up the onboarding process and subsequent identity life cycle management activities, as well as enabling password-less authentication. It also helps with converging multiple personas a person can have relevant to the organization,” Farahmand said, explaining that the digital IDs can be used to access multiple systems within a company based on organization-based permissions.

A popular design pattern for decentralized identity is comprised of a core identifier and a set of “pairwise” identifiers, each for a relationship the user has with an organization. Pairwise identifiers are cryptographically derived from the core identifier. The pairwise identifier enables an enterprise system to uniquely verify a user identity for each relationship and potentially prevent correlation of user activity across different relationships, enabling privacy-by-design principles at the protocol level, Farahmand said.

For example, a bank employee can be a bank customer at the same time while using the same self-sovereign ID. The two personas are typically represented by two digital identities in two siloed systems – one as an employee and one as a customer of the bank.

“In case of a decentralized identity model, the same person can have two sets of identifiers … mapped to the same core digital identity, which can potentially simplify reconciliation of user activities,” Farahmand said.

Another benefit to a self-sovereign ID is the ability to streamline B2B scenarios where an employee of one organization can have access to systems in another. For example, Farahmand said, if the host organization trusts the decentralized identity that is attested by the guest organization, then a new pair-wise decentralized identifier can be generated to authenticate the user; that simplifies the onboarding and access governance for business customers or other partners.

Significant hurdles remain

While self-sovereign IDs based on blockchain hold significant promise for increasing privacy and efficiency, there are also significant technology hurdles that have yet to be vaulted. For one, trust in blockchain.

A 2018 Gartner CIO survey revealed on average that only 3.3% of companies worldwide had actually deployed blockchain in a production environment.

In a blog post, Avivah Litan, a Gartner vice president and distinguished analyst, listed eight hurdles blockchain needs to surmount before it can become a cure-all for virtually any international, transactional network need – from fee-less, cross-border payments to supply chain tracking.

One significant challenge is integrating DLT systems with legacy databases, the current repositories for corporate employee identities. A decentralized identity system also requires a vibrant ecosystem, a roust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.

“While we encourage our clients to watch this space and do some limited experimentation or even proof-of-concept projects,” Farahmand said, “we also caution them to make sure these products are battle tested, hardened and ready to withstand different types of attacks.”

Source link http://bit.ly/2Sw4gra

How blockchain may kill the password

How blockchain may kill the password

Imagine a company that can verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer who can verify their identity for a loan without exposing personally identifiable information – again with a click of a button.

That’s the potential blockchain holds for decentralized identity management. It’s done  by creating a digital wallet that serves as a repository for all kinds of personal and financial data, info that can only be shared after a specific request and only with the permission of the owner.

Blockchain distributed ledger technology (DLT) – in combination with digital identity verification – holds the potential to solve online privacy issues that plague everything from consumer sales and bank know-your-customer regulations to employee credentials that allow access to confidential business systems.

“There are multiple vendors in this space that are either in the early R&D stage or testing their products in pilot projects,” said Homan Farahmand, a senior research director with Gartner. “It is too early to declare any winner, by any means, because just having a working product is not enough. Decentralized identity requires a vibrant ecosystem, a robust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.”

One considerable security attribute of storing digital identities on an encrypted, distributed blockchain ledger is eliminating “honey pots,” or central repositories for customer account information, according to Julie Esser, chief engagement officer for CULedger, a Denver-based Credit Union Service Organization (CUSO). Those repositories are prime targets for hackers.

Credit Unions are already testing ID management

Like other CUSOs, CULedger is a cooperative owned by multiple credit unions for the purpose of providing back-office services; it was created a year ago to build out a blockchain-based identity management platform called My CUID. The platform is expected to launch in the second half of 2019 and will hand the keys to data protection over to customers who sign up for an app. CULedger has 36 investors – 26 credit unions and several CUSOs.

In October, CULedger began piloting My CUID with five other credit unions and another CUSO; it eliminated the need for user names and passwords and relieved credit union call centers from the obligation of resetting them when a customer loses them.

How it works: a new or current customer of a member credit union contacts a customer service call center, which sends a text message to the customer’s mobile device with a link to download the My CUID app. The credit union’s rep then issues the customer their credentials – a digital wallet, which holds personally identifiable information obtained during the initial customer contact. That information is encrypted and can only be accessed with the member’s authorization, which is requested when they make a transaction.

Each time a customer using My CUID contacts the credit union – or vice versa – their smartphone or tablet receives a pop-up dialogue requesting they confirm their membership before any transaction is completed.

“You’d click OK or Not OK. It doesn’t feel a lot different than what happens with other apps on your phone,” Esser said. “It’s all based on…the encrypted channels we’ve created, which is really cool. You’re creating a two-way secure communication channel. So, not only does your credit union know it’s you they’re talking to, but you also you know it’s your credit union calling you.”

CULedger has set a goal of issuing 1 million digital identities to credit union members in 2019. Because credit unions must comply with Know-Your-Customer federal regulations, the blockchain-based digital ID service would also fulfill regulatory compliance, Esser said.

Along with giving the customer control over their identity by handing them the blockchain encryption keys, My CUID would eliminate the need for user login names and passwords and dramatically reduce the time it takes for a credit union call center representative to authenticate a member.

It can take a rep from 60 to 90 seconds to authenticate a member before a transaction even starts. That can be reduced to 5 seconds or less with My CUID, according to Esser. “It’s not a pleasant experience to phone a call center because the customer is welcomed with 20 questions to identify who you are, so it’s a wonky process that needs fixing.”

Traditionally, credit unions and other financial services firms rely on third-party service providers for call center and customer authentication services, many of which are located outside the U.S. CULedger would place control back in the hands of member credit unions, Esser said.

In 2019, CULedger plans to begin building out its production customer permission network; it is currently considering several blockchain platforms, including IBM’s Hyperledger Fabric service and R3’s Corda, the biggest commercial blockchain consortium among banks, insurers and other financial service firms. CULedger is also considering working with the Hedera Foundation, the creator of Swirlds, a software platform for creating distributed applications (dApps).

Swirlds is based on the Hashgraph protocol, a DLT well suited to the financial services industry because it can process more than 100,000 transactions per second, unlike bitcoin, which processes three to four transactions per second.

“We need the ability to conduct transactions instantaneously – in real time,” Esser said. “We’d planned to create our own platform, but with the focus on a decentralized identification piece, this allows us to not recreate the wheel. There may be some applications that require different [blockchain] platforms.”

How a self-sovereign ID works

For consumers who are mindful of their online information – credit card numbers, date of birth, annual income, etc. – blockchain has the potential for “self-sovereign” identities like CULedger is creating, meaning the user controls who can see their data or get purchasing approval without releasing their income details.

Self-sovereign identities work like this: the user has a bank confirm a credit limit or an employer confirm annual income; that confirmation information is then encrypted, but available, on a public blockchain ledger to which the consumer holds the private and public cryptographic keys.

If a buyer wants a car loan from an auto dealership, for example, the consumer can give them permission through a public key to confirm that he or she has enough credit or annual income without revealing an exact dollar amount. So, for example, if the car dealer wants to ensure a consumer earns more than $50,000 a year, that’s all the blockchain ledger will confirm (not that they actually earn $72,587).

The confidentiality technique is known as zero knowledge proof (ZKP), a cryptography technology that allows a user to prove that funds, assets or identifying information exist without revealing the information behind it. Ernst & Young has created a public blockchain prototype it plans to launch in 2019 that lets companies use ZKPs to complete business transactions confidentially.

Sovereign IDs in the enterprise

CULedger is also working with the Sovrin Foundation, a new nonprofit that has created the blockchain-based Sovrin Network; it enables anyone to globally exchange pre-verified data with any entity also on the distributed ledger.

The online credentials issued via the Sovrin Network are akin to a physical ID you might carry in your wallet, such as a driver’s license, a company ID or a bank debit card. The virtual encrypted wallet (or crypto wallet) would link back to the institutions that created them, such as a bank, a government agency or even an employer, which, through the blockchain, would automatically verify the needed information to a requestor.

“Our market strategy involves working with enterprise partners to solve their ID problems rather than trying to go direct to end users, so yeah, we’re working hard in that area and have a number of partners who are doing things there. Three who come to mind are Government of British Columbia, CULedger and IBM/ATB Financial,” said Phil Windley, chair and co-founder of the Sovrin Foundation.

The Government of British Columbia and the Government of Ontario have already rolled out a production system using the Sovrin Network for business registration and licensing; together they’ve issued over 6 million credentials, according to Windley.

Sovrin development partners IBM, Workday and ATB Financial (a bank in Alberta) have also started pilot tests of the Sovrin Network.

The partners are demonstrating how digital credentials could work for IBM employees. ATB Financial issues a digital credential, which can be used for both logging into the bank and IBM’s user network. Along with validating the employees’ financial information, the distributed ledger application eliminates the need for employees to have a username or password, Windley said.

“Because it’s cryptographically based, it has a public key associated with them, and you [the employee] own the private key,” Windley said.

Gartner’s Farahmand said self-sovereign identities based on blockchain distributed ledgers are being eyed for all kinds of enterprises uses, including onboard new hires.

Each time a new employee is hired, a new decentralized identifier is generated by the that employee and passed to the enterprise. That identifier can then be propagated within the internal systems for user authentication to the enterprise network and applications, Farahmand said.

“This can be a powerful proposition as it speeds up the onboarding process and subsequent identity life cycle management activities, as well as enabling password-less authentication. It also helps with converging multiple personas a person can have relevant to the organization,” Farahmand said, explaining that the digital IDs can be used to access multiple systems within a company based on organization-based permissions.

A popular design pattern for decentralized identity is comprised of a core identifier and a set of “pairwise” identifiers, each for a relationship the user has with an organization. Pairwise identifiers are cryptographically derived from the core identifier. The pairwise identifier enables an enterprise system to uniquely verify a user identity for each relationship and potentially prevent correlation of user activity across different relationships, enabling privacy-by-design principles at the protocol level, Farahmand said.

For example, a bank employee can be a bank customer at the same time while using the same self-sovereign ID. The two personas are typically represented by two digital identities in two siloed systems – one as an employee and one as a customer of the bank.

“In case of a decentralized identity model, the same person can have two sets of identifiers … mapped to the same core digital identity, which can potentially simplify reconciliation of user activities,” Farahmand said.

Another benefit to a self-sovereign ID is the ability to streamline B2B scenarios where an employee of one organization can have access to systems in another. For example, Farahmand said, if the host organization trusts the decentralized identity that is attested by the guest organization, then a new pair-wise decentralized identifier can be generated to authenticate the user; that simplifies the onboarding and access governance for business customers or other partners.

Significant hurdles remain

While self-sovereign IDs based on blockchain hold significant promise for increasing privacy and efficiency, there are also significant technology hurdles that have yet to be vaulted. For one, trust in blockchain.

A 2018 Gartner CIO survey revealed on average that only 3.3% of companies worldwide had actually deployed blockchain in a production environment.

In a blog post, Avivah Litan, a Gartner vice president and distinguished analyst, listed eight hurdles blockchain needs to surmount before it can become a cure-all for virtually any international, transactional network need – from fee-less, cross-border payments to supply chain tracking.

One significant challenge is integrating DLT systems with legacy databases, the current repositories for corporate employee identities. A decentralized identity system also requires a vibrant ecosystem, a roust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.

“While we encourage our clients to watch this space and do some limited experimentation or even proof-of-concept projects,” Farahmand said, “we also caution them to make sure these products are battle tested, hardened and ready to withstand different types of attacks.”

Source link http://bit.ly/2Sw4gra

How blockchain may kill the password

How blockchain may kill the password

Imagine a company that can verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer who can verify their identity for a loan without exposing personally identifiable information – again with a click of a button.

That’s the potential blockchain holds for decentralized identity management. It’s done  by creating a digital wallet that serves as a repository for all kinds of personal and financial data, info that can only be shared after a specific request and only with the permission of the owner.

Blockchain distributed ledger technology (DLT) – in combination with digital identity verification – holds the potential to solve online privacy issues that plague everything from consumer sales and bank know-your-customer regulations to employee credentials that allow access to confidential business systems.

“There are multiple vendors in this space that are either in the early R&D stage or testing their products in pilot projects,” said Homan Farahmand, a senior research director with Gartner. “It is too early to declare any winner, by any means, because just having a working product is not enough. Decentralized identity requires a vibrant ecosystem, a robust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.”

One considerable security attribute of storing digital identities on an encrypted, distributed blockchain ledger is eliminating “honey pots,” or central repositories for customer account information, according to Julie Esser, chief engagement officer for CULedger, a Denver-based Credit Union Service Organization (CUSO). Those repositories are prime targets for hackers.

Credit Unions are already testing ID management

Like other CUSOs, CULedger is a cooperative owned by multiple credit unions for the purpose of providing back-office services; it was created a year ago to build out a blockchain-based identity management platform called My CUID. The platform is expected to launch in the second half of 2019 and will hand the keys to data protection over to customers who sign up for an app. CULedger has 36 investors – 26 credit unions and several CUSOs.

In October, CULedger began piloting My CUID with five other credit unions and another CUSO; it eliminated the need for user names and passwords and relieved credit union call centers from the obligation of resetting them when a customer loses them.

How it works: a new or current customer of a member credit union contacts a customer service call center, which sends a text message to the customer’s mobile device with a link to download the My CUID app. The credit union’s rep then issues the customer their credentials – a digital wallet, which holds personally identifiable information obtained during the initial customer contact. That information is encrypted and can only be accessed with the member’s authorization, which is requested when they make a transaction.

Each time a customer using My CUID contacts the credit union – or vice versa – their smartphone or tablet receives a pop-up dialogue requesting they confirm their membership before any transaction is completed.

“You’d click OK or Not OK. It doesn’t feel a lot different than what happens with other apps on your phone,” Esser said. “It’s all based on…the encrypted channels we’ve created, which is really cool. You’re creating a two-way secure communication channel. So, not only does your credit union know it’s you they’re talking to, but you also you know it’s your credit union calling you.”

CULedger has set a goal of issuing 1 million digital identities to credit union members in 2019. Because credit unions must comply with Know-Your-Customer federal regulations, the blockchain-based digital ID service would also fulfill regulatory compliance, Esser said.

Along with giving the customer control over their identity by handing them the blockchain encryption keys, My CUID would eliminate the need for user login names and passwords and dramatically reduce the time it takes for a credit union call center representative to authenticate a member.

It can take a rep from 60 to 90 seconds to authenticate a member before a transaction even starts. That can be reduced to 5 seconds or less with My CUID, according to Esser. “It’s not a pleasant experience to phone a call center because the customer is welcomed with 20 questions to identify who you are, so it’s a wonky process that needs fixing.”

Traditionally, credit unions and other financial services firms rely on third-party service providers for call center and customer authentication services, many of which are located outside the U.S. CULedger would place control back in the hands of member credit unions, Esser said.

In 2019, CULedger plans to begin building out its production customer permission network; it is currently considering several blockchain platforms, including IBM’s Hyperledger Fabric service and R3’s Corda, the biggest commercial blockchain consortium among banks, insurers and other financial service firms. CULedger is also considering working with the Hedera Foundation, the creator of Swirlds, a software platform for creating distributed applications (dApps).

Swirlds is based on the Hashgraph protocol, a DLT well suited to the financial services industry because it can process more than 100,000 transactions per second, unlike bitcoin, which processes three to four transactions per second.

“We need the ability to conduct transactions instantaneously – in real time,” Esser said. “We’d planned to create our own platform, but with the focus on a decentralized identification piece, this allows us to not recreate the wheel. There may be some applications that require different [blockchain] platforms.”

How a self-sovereign ID works

For consumers who are mindful of their online information – credit card numbers, date of birth, annual income, etc. – blockchain has the potential for “self-sovereign” identities like CULedger is creating, meaning the user controls who can see their data or get purchasing approval without releasing their income details.

Self-sovereign identities work like this: the user has a bank confirm a credit limit or an employer confirm annual income; that confirmation information is then encrypted, but available, on a public blockchain ledger to which the consumer holds the private and public cryptographic keys.

If a buyer wants a car loan from an auto dealership, for example, the consumer can give them permission through a public key to confirm that he or she has enough credit or annual income without revealing an exact dollar amount. So, for example, if the car dealer wants to ensure a consumer earns more than $50,000 a year, that’s all the blockchain ledger will confirm (not that they actually earn $72,587).

The confidentiality technique is known as zero knowledge proof (ZKP), a cryptography technology that allows a user to prove that funds, assets or identifying information exist without revealing the information behind it. Ernst & Young has created a public blockchain prototype it plans to launch in 2019 that lets companies use ZKPs to complete business transactions confidentially.

Sovereign IDs in the enterprise

CULedger is also working with the Sovrin Foundation, a new nonprofit that has created the blockchain-based Sovrin Network; it enables anyone to globally exchange pre-verified data with any entity also on the distributed ledger.

The online credentials issued via the Sovrin Network are akin to a physical ID you might carry in your wallet, such as a driver’s license, a company ID or a bank debit card. The virtual encrypted wallet (or crypto wallet) would link back to the institutions that created them, such as a bank, a government agency or even an employer, which, through the blockchain, would automatically verify the needed information to a requestor.

“Our market strategy involves working with enterprise partners to solve their ID problems rather than trying to go direct to end users, so yeah, we’re working hard in that area and have a number of partners who are doing things there. Three who come to mind are Government of British Columbia, CULedger and IBM/ATB Financial,” said Phil Windley, chair and co-founder of the Sovrin Foundation.

The Government of British Columbia and the Government of Ontario have already rolled out a production system using the Sovrin Network for business registration and licensing; together they’ve issued over 6 million credentials, according to Windley.

Sovrin development partners IBM, Workday and ATB Financial (a bank in Alberta) have also started pilot tests of the Sovrin Network.

The partners are demonstrating how digital credentials could work for IBM employees. ATB Financial issues a digital credential, which can be used for both logging into the bank and IBM’s user network. Along with validating the employees’ financial information, the distributed ledger application eliminates the need for employees to have a username or password, Windley said.

“Because it’s cryptographically based, it has a public key associated with them, and you [the employee] own the private key,” Windley said.

Gartner’s Farahmand said self-sovereign identities based on blockchain distributed ledgers are being eyed for all kinds of enterprises uses, including onboard new hires.

Each time a new employee is hired, a new decentralized identifier is generated by the that employee and passed to the enterprise. That identifier can then be propagated within the internal systems for user authentication to the enterprise network and applications, Farahmand said.

“This can be a powerful proposition as it speeds up the onboarding process and subsequent identity life cycle management activities, as well as enabling password-less authentication. It also helps with converging multiple personas a person can have relevant to the organization,” Farahmand said, explaining that the digital IDs can be used to access multiple systems within a company based on organization-based permissions.

A popular design pattern for decentralized identity is comprised of a core identifier and a set of “pairwise” identifiers, each for a relationship the user has with an organization. Pairwise identifiers are cryptographically derived from the core identifier. The pairwise identifier enables an enterprise system to uniquely verify a user identity for each relationship and potentially prevent correlation of user activity across different relationships, enabling privacy-by-design principles at the protocol level, Farahmand said.

For example, a bank employee can be a bank customer at the same time while using the same self-sovereign ID. The two personas are typically represented by two digital identities in two siloed systems – one as an employee and one as a customer of the bank.

“In case of a decentralized identity model, the same person can have two sets of identifiers … mapped to the same core digital identity, which can potentially simplify reconciliation of user activities,” Farahmand said.

Another benefit to a self-sovereign ID is the ability to streamline B2B scenarios where an employee of one organization can have access to systems in another. For example, Farahmand said, if the host organization trusts the decentralized identity that is attested by the guest organization, then a new pair-wise decentralized identifier can be generated to authenticate the user; that simplifies the onboarding and access governance for business customers or other partners.

Significant hurdles remain

While self-sovereign IDs based on blockchain hold significant promise for increasing privacy and efficiency, there are also significant technology hurdles that have yet to be vaulted. For one, trust in blockchain.

A 2018 Gartner CIO survey revealed on average that only 3.3% of companies worldwide had actually deployed blockchain in a production environment.

In a blog post, Avivah Litan, a Gartner vice president and distinguished analyst, listed eight hurdles blockchain needs to surmount before it can become a cure-all for virtually any international, transactional network need – from fee-less, cross-border payments to supply chain tracking.

One significant challenge is integrating DLT systems with legacy databases, the current repositories for corporate employee identities. A decentralized identity system also requires a vibrant ecosystem, a roust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.

“While we encourage our clients to watch this space and do some limited experimentation or even proof-of-concept projects,” Farahmand said, “we also caution them to make sure these products are battle tested, hardened and ready to withstand different types of attacks.”

Source link http://bit.ly/2Sw4gra

How blockchain may kill the password

How blockchain may kill the password

Imagine a company that can verify the background of a new employee and onboard them with the click of a single virtual button, or a banking customer who can verify their identity for a loan without exposing personally identifiable information – again with a click of a button.

That’s the potential blockchain holds for decentralized identity management. It’s done  by creating a digital wallet that serves as a repository for all kinds of personal and financial data, info that can only be shared after a specific request and only with the permission of the owner.

Blockchain distributed ledger technology (DLT) – in combination with digital identity verification – holds the potential to solve online privacy issues that plague everything from consumer sales and bank know-your-customer regulations to employee credentials that allow access to confidential business systems.

“There are multiple vendors in this space that are either in the early R&D stage or testing their products in pilot projects,” said Homan Farahmand, a senior research director with Gartner. “It is too early to declare any winner, by any means, because just having a working product is not enough. Decentralized identity requires a vibrant ecosystem, a robust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.”

One considerable security attribute of storing digital identities on an encrypted, distributed blockchain ledger is eliminating “honey pots,” or central repositories for customer account information, according to Julie Esser, chief engagement officer for CULedger, a Denver-based Credit Union Service Organization (CUSO). Those repositories are prime targets for hackers.

Credit Unions are already testing ID management

Like other CUSOs, CULedger is a cooperative owned by multiple credit unions for the purpose of providing back-office services; it was created a year ago to build out a blockchain-based identity management platform called My CUID. The platform is expected to launch in the second half of 2019 and will hand the keys to data protection over to customers who sign up for an app. CULedger has 36 investors – 26 credit unions and several CUSOs.

In October, CULedger began piloting My CUID with five other credit unions and another CUSO; it eliminated the need for user names and passwords and relieved credit union call centers from the obligation of resetting them when a customer loses them.

How it works: a new or current customer of a member credit union contacts a customer service call center, which sends a text message to the customer’s mobile device with a link to download the My CUID app. The credit union’s rep then issues the customer their credentials – a digital wallet, which holds personally identifiable information obtained during the initial customer contact. That information is encrypted and can only be accessed with the member’s authorization, which is requested when they make a transaction.

Each time a customer using My CUID contacts the credit union – or vice versa – their smartphone or tablet receives a pop-up dialogue requesting they confirm their membership before any transaction is completed.

“You’d click OK or Not OK. It doesn’t feel a lot different than what happens with other apps on your phone,” Esser said. “It’s all based on…the encrypted channels we’ve created, which is really cool. You’re creating a two-way secure communication channel. So, not only does your credit union know it’s you they’re talking to, but you also you know it’s your credit union calling you.”

CULedger has set a goal of issuing 1 million digital identities to credit union members in 2019. Because credit unions must comply with Know-Your-Customer federal regulations, the blockchain-based digital ID service would also fulfill regulatory compliance, Esser said.

Along with giving the customer control over their identity by handing them the blockchain encryption keys, My CUID would eliminate the need for user login names and passwords and dramatically reduce the time it takes for a credit union call center representative to authenticate a member.

It can take a rep from 60 to 90 seconds to authenticate a member before a transaction even starts. That can be reduced to 5 seconds or less with My CUID, according to Esser. “It’s not a pleasant experience to phone a call center because the customer is welcomed with 20 questions to identify who you are, so it’s a wonky process that needs fixing.”

Traditionally, credit unions and other financial services firms rely on third-party service providers for call center and customer authentication services, many of which are located outside the U.S. CULedger would place control back in the hands of member credit unions, Esser said.

In 2019, CULedger plans to begin building out its production customer permission network; it is currently considering several blockchain platforms, including IBM’s Hyperledger Fabric service and R3’s Corda, the biggest commercial blockchain consortium among banks, insurers and other financial service firms. CULedger is also considering working with the Hedera Foundation, the creator of Swirlds, a software platform for creating distributed applications (dApps).

Swirlds is based on the Hashgraph protocol, a DLT well suited to the financial services industry because it can process more than 100,000 transactions per second, unlike bitcoin, which processes three to four transactions per second.

“We need the ability to conduct transactions instantaneously – in real time,” Esser said. “We’d planned to create our own platform, but with the focus on a decentralized identification piece, this allows us to not recreate the wheel. There may be some applications that require different [blockchain] platforms.”

How a self-sovereign ID works

For consumers who are mindful of their online information – credit card numbers, date of birth, annual income, etc. – blockchain has the potential for “self-sovereign” identities like CULedger is creating, meaning the user controls who can see their data or get purchasing approval without releasing their income details.

Self-sovereign identities work like this: the user has a bank confirm a credit limit or an employer confirm annual income; that confirmation information is then encrypted, but available, on a public blockchain ledger to which the consumer holds the private and public cryptographic keys.

If a buyer wants a car loan from an auto dealership, for example, the consumer can give them permission through a public key to confirm that he or she has enough credit or annual income without revealing an exact dollar amount. So, for example, if the car dealer wants to ensure a consumer earns more than $50,000 a year, that’s all the blockchain ledger will confirm (not that they actually earn $72,587).

The confidentiality technique is known as zero knowledge proof (ZKP), a cryptography technology that allows a user to prove that funds, assets or identifying information exist without revealing the information behind it. Ernst & Young has created a public blockchain prototype it plans to launch in 2019 that lets companies use ZKPs to complete business transactions confidentially.

Sovereign IDs in the enterprise

CULedger is also working with the Sovrin Foundation, a new nonprofit that has created the blockchain-based Sovrin Network; it enables anyone to globally exchange pre-verified data with any entity also on the distributed ledger.

The online credentials issued via the Sovrin Network are akin to a physical ID you might carry in your wallet, such as a driver’s license, a company ID or a bank debit card. The virtual encrypted wallet (or crypto wallet) would link back to the institutions that created them, such as a bank, a government agency or even an employer, which, through the blockchain, would automatically verify the needed information to a requestor.

“Our market strategy involves working with enterprise partners to solve their ID problems rather than trying to go direct to end users, so yeah, we’re working hard in that area and have a number of partners who are doing things there. Three who come to mind are Government of British Columbia, CULedger and IBM/ATB Financial,” said Phil Windley, chair and co-founder of the Sovrin Foundation.

The Government of British Columbia and the Government of Ontario have already rolled out a production system using the Sovrin Network for business registration and licensing; together they’ve issued over 6 million credentials, according to Windley.

Sovrin development partners IBM, Workday and ATB Financial (a bank in Alberta) have also started pilot tests of the Sovrin Network.

The partners are demonstrating how digital credentials could work for IBM employees. ATB Financial issues a digital credential, which can be used for both logging into the bank and IBM’s user network. Along with validating the employees’ financial information, the distributed ledger application eliminates the need for employees to have a username or password, Windley said.

“Because it’s cryptographically based, it has a public key associated with them, and you [the employee] own the private key,” Windley said.

Gartner’s Farahmand said self-sovereign identities based on blockchain distributed ledgers are being eyed for all kinds of enterprises uses, including onboard new hires.

Each time a new employee is hired, a new decentralized identifier is generated by the that employee and passed to the enterprise. That identifier can then be propagated within the internal systems for user authentication to the enterprise network and applications, Farahmand said.

“This can be a powerful proposition as it speeds up the onboarding process and subsequent identity life cycle management activities, as well as enabling password-less authentication. It also helps with converging multiple personas a person can have relevant to the organization,” Farahmand said, explaining that the digital IDs can be used to access multiple systems within a company based on organization-based permissions.

A popular design pattern for decentralized identity is comprised of a core identifier and a set of “pairwise” identifiers, each for a relationship the user has with an organization. Pairwise identifiers are cryptographically derived from the core identifier. The pairwise identifier enables an enterprise system to uniquely verify a user identity for each relationship and potentially prevent correlation of user activity across different relationships, enabling privacy-by-design principles at the protocol level, Farahmand said.

For example, a bank employee can be a bank customer at the same time while using the same self-sovereign ID. The two personas are typically represented by two digital identities in two siloed systems – one as an employee and one as a customer of the bank.

“In case of a decentralized identity model, the same person can have two sets of identifiers … mapped to the same core digital identity, which can potentially simplify reconciliation of user activities,” Farahmand said.

Another benefit to a self-sovereign ID is the ability to streamline B2B scenarios where an employee of one organization can have access to systems in another. For example, Farahmand said, if the host organization trusts the decentralized identity that is attested by the guest organization, then a new pair-wise decentralized identifier can be generated to authenticate the user; that simplifies the onboarding and access governance for business customers or other partners.

Significant hurdles remain

While self-sovereign IDs based on blockchain hold significant promise for increasing privacy and efficiency, there are also significant technology hurdles that have yet to be vaulted. For one, trust in blockchain.

A 2018 Gartner CIO survey revealed on average that only 3.3% of companies worldwide had actually deployed blockchain in a production environment.

In a blog post, Avivah Litan, a Gartner vice president and distinguished analyst, listed eight hurdles blockchain needs to surmount before it can become a cure-all for virtually any international, transactional network need – from fee-less, cross-border payments to supply chain tracking.

One significant challenge is integrating DLT systems with legacy databases, the current repositories for corporate employee identities. A decentralized identity system also requires a vibrant ecosystem, a roust identity trust fabric built on a distributed ledger or blockchain, tools to support user-friendly functionality and good developer experience to support broad adoption.

“While we encourage our clients to watch this space and do some limited experimentation or even proof-of-concept projects,” Farahmand said, “we also caution them to make sure these products are battle tested, hardened and ready to withstand different types of attacks.”

Source link http://bit.ly/2Sw4gra