Go Back ↗
Guides
Start typing to search…

Identity Bridge

Bridge Different Digital Identities for the Modern Financial Ecosystem

Knova’s optional component is the Identity Bridge to help complement the baseline system.

Identity is often proven today via either physical ownership of credentials (e.g., a driver’s license or passport) or online via a list of usernames and passwords on centralized services over the internet. These solutions lack privacy, with both methods exposing more data than is necessary to the parties in a transaction.

For example, age verification might require the showing of a driver’s license, which includes additional personal information like date of birth, address, and name. In reality, the only thing that must be proven is a verifiable way of knowing the answer to the binary question, “Is this user over 21?” While showing whole credentials may be acceptable to a person who may not remember, this exposure is not a best practice over the internet.

With traditional identity systems, users store usernames and passwords on external centralized servers that are easy to forget and get reused in dozens of systems, such that a single security breach exposes access to the rest of the victim’s associated systems.

Knova provides a secure white-labeled identity solution that integrates with financial and government institutions’ existing identity solutions to work with Digital Twins. The pseudonymity of this system preserves the privacy of the users, while still making sender and recipient information available when required for financial regulatory compliance.

Knova's Digital Identity Bridge was created to solve the following problems within industry:

  • Identity systems are incompatible with PKI-based payment networks and compliance/screening
  • Financial institutions have different identity systems - Hard to onboard and extend services
  • Transactions involve sharing significant amounts of PII/commercially sensitive information.

To solve these problems, Knova has created a solution that can:

  • Bridge any existing systems to W3C standard Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs)
  • Interoperate with standardized IDs and cryptographic credentials for harmonized verification and onboarding
  • Protect sensitive data with verification and compliance checks via privacy-enhancing technologies (PETs)

Identity Bridge & Wallet SDK

  • Keep existing systems and KYC, add on bridge microservices
  • Privacy & Security - Data held & controlled in user wallet enclave, cryptographically shared only as required
  • Standards-based interoperability among all networks

Standards-Based Identity

W3C Decentralized Identifiers (DID) - https://www.w3.org/TR/did-core/

  • Identify user wallets by Public Key Infrastructure (PKI) based cryptography
  • No sensitive data stored, vendor-agnostic

W3C Verifiable Credentials (VC) - https://www.w3.org/TR/vc-data-model/

  • Digital form of physical credentials (e.g., Bank Account, Accredited Investor Profile)
  • Contains cryptographic proofs, has tamper resistance through digital signatures/hashes
  • Zero Knowledge Proofs - for providing derived data without compromising on privacy (e.g., is this user over 21?)

Digital Identity via Knova Using Verifiable Credentials and Decentralized Identifiers

Privacy-Enhancing Techniques (PETs)

Knova can support a variety of different Privacy-Enhancing Techniques (PETs) in the system, including:

  • Zero-Knowledge Proofs
  • Homomorphic Encryption
  • Confidential Screening (shown below)
  • and others

The Identity Bridge integrates into existing identity systems, providing integrations for backend services, websites, and mobile apps in various programming languages.

Sample Verifiable Credential for an Accredited Investor Check

As financial and government institutions already provide identity services for their customers, the Identity Bridge can easily integrate into the existing identity systems over standards such as OpenID Connect (OIDC)/Security Assertion Markup Language (SAML), or any other integration methods in order to set up the customers’ wallets. After this one-time setup process, users can transact Digital Twins via VCs while still leveraging the financial institution or government institution’s existing KYC process for AML/Sanctions checks against financial regulations. VCs can also be used to simplify the process of initially onboarding users in a cryptographically secure manner.

For example, the wallet can be a part of the financial institution’s mobile app, leveraging the SDKs and an example app provided by Knova. With the mobile wallet, users can simply authenticate to the phone app locally through biometrics or a password (data does not leave the device) and then simply scan QR codes to process the verification, authorization, storage, and transaction of the Digital Twins in the system.

Additionally, Knova provides the server-side Custodial Wallet Service to be hosted by the financial institution on behalf of the customer. Access can remain the same with the financial institution username and password login, and financial institutions can simply use their existing websites and integrate with Knova wallet services over backend SDKs and APIs.

Knova Digital Identity Benefits

  • Security and Privacy First: Contains security features to ensure that the data is protected and accessible only by those with the appropriate authority
    • Enables new modes of privacy-preserving identity that allow many forms of credentials to be concurrently issued and for efficient verification
    • Provides a trusted solution to manage private keys and the exchange of credentials
    • Allows the use of Hardware security modules (HSMs) to enable password-less access
  • Ease of Use: Built to enable easy use across an enterprise environment
    • Ability to use digital certificates to authenticate and sign transactions, documents, and messages
    • Eliminates the need for custom tokens as identity is managed in mobile and custodial wallets that use secure enclaves
  • Capture Critical Information: Provides the ability to run regulatory-compliant programs, including onboarding, “Know Your Customer” (KYC), and other Anti-Money Laundering (AML) services programs
  • Flexible: Enables straightforward and efficient implementations even though every enterprise has different requirements depending on the use case and applicable regulatory regime.
    • The system can accommodate different levels of identification. It can be configured to allow users to provide certain information necessary for a particular transaction (e.g., more details for a larger transaction, including enhanced due diligence information)
    • Access rights, privacy management, and other key features are set by the enterprise based on its own requirements
  • Traceable: Easy auditing of transactions, including storing pseudonymous information in the history of each transaction.

Walkthrough: Linking an Institution's Existing Users to DIDs and VCs

Sample Identity Bridge Interaction Between Users and Financial Institutions

Project Integration:

  • Knova Service integrates with the existing Institution A identity system over OIDC/SAML, or other existing APIs.
  • Knova provides infrastructure & deployment scripts to have its services installed in the institution's network.

First Time User Login- INITIAL SETUP ONLY:

  1. User is a customer of Institution A and logs in using existing bank login credentials, proxied through Knova Services
  2. Knova Service creates a user wallet, its Decentralized Identifier (DID), and its DID Document pushed to the registry
  3. The wallet is linked to the logged-in user, and a Verifiable Credential (VC) is issued to store the user's account details.
  4. The user now has the Institution A VC with its information. This data can be shared going forward by the user for verification, and the user can obtain more VCs (e.g., Accredited Investor VC)

Updated 16 days ago

What’s Next