Full Code is Available On the Github:
A few months back, I have developed this code on the subject of “Decentralized Personally Identifiable Information (PII) Verification for Third-Party websites using blockchain technology”. Now Publishing as an open-source project.
Government authority can authorize a user’s PII individual data, whereas a user will have his keys to prove its authenticity on any third-party web application. The PII is stored on the public blockchain with irreversible data (No central DB). User needs to pay verification fees for any individual PII data.
Project is divided as below:
Authority’s APP: Java / Web3J
Third-Party’s DAPP: JS/Nodejs
Ethereum Smart Contracts: Solidity
Blockchain enthusiasts, developers, architects, and companies are all welcome to use this free code or if interested you can contribute too for the open-source world.
This project demonstrates that how a government or any super authority can utilize the ethereum blockchain for the attestation of citizen’s PII data. In the current world, it is not possible that a 3rd-party website can verify a user’s PII data from a trustworthy resource online. Therefore, there is considerable data that lives in several databases, which can be termed as fake or wrong. Simply because, till now, we did not have any facility exist which could be used to verify user data from a governance authority within a few minutes or seconds. Though, there were some attempts where a government entity or authority can provide APIs to selected departments or 3rd-parties for the same purpose.
However, this can be called a bad idea because of the following points:
a – Entity can choose special departments or selected 3rd parties who could utilize their verification services. Which means not all can take this attestation benefit.
b – Secondly, a centralized attack on the government or authority’s server would be a considerable loss.
c – An authority would not trust on all 3rd party websites to provide their services. So how a user can obtain attestation on any site without going to the old tedious manual paper process.
This project addresses these issues and solves it by simulating the “Authority,” “User,” and ” a 3rd Party”‘s use cases for PII data attestation.
Now imagine, An authority decided to receive the user’s wallet address information and bind it with the authentic user data, for instance, Full Name, Age, and home address. So all those citizens who wanted to use this service will send their wallet information along with their data.
1 – An administrator of the authority has access to the authority’s smart contract — he logins to the blockchain Application, which allows him to enter the required user’s data.
2 – The administrator only enters a name, age, home address, and photo with the user’s wallet address.
3 – Once he publishes this data on the Ethereum’s smart contract, the relevant user would able to verify from any 3rd party application.
4 – The administrator has the only right to make this user data entry. Therefore, no other user can submit such data on the smart contract.
5 – The administrator can also transfer this ownership by himself to any other address.
6 – Now, this data is available to everyone, but this data is not free. This means any 3rd party who would like to attest PII data can enforce the relevant user to pay for the attestation to the authority. Therefore, the 3rd party obtains assurance from the authority regarding the user’s full name, age, photo, and address.
7 – The 3rd party website can be any website where they take formal user information through their form, but they want few attributes to attest from the authority. So if 3rd party needs only user name attestation, then the user has to attest his name on the same form rather than all other PII data.
6 – When the user clicks the “verify button” then MetaMask gets open, and then the user has to pay 1 ether of single PII data verification.
7 – Therefore, the user must choose his relevant account address, which is registered by the authority against his PII data.
8 – If the user chooses the wrong account or someone else account, then PII data gets rejected, and his fees never return. No user can verify someone else data this check and balance make sure to avoid any fraud in the attestation.
9 – If all data gets verified, then the user can submit his form to the 3rd party who can now, without any hesitation, save the real data.
10 – Any 3rd party application can use web3/IPFS plugin in their DAPP for their user verification. They need to incorporate ethereum name service resolution to get Authority address which is piiauthority.eth.
Full Code and more detail are available On the Github: