shocard use cases for digital identification security

ShoCard’s Use Cases

Use Case Scenarios These are the short descriptions of the main implementations for ShoCard. For each one, the implementations would be slightly different, depending on whether ShoCard is implementing the App, or if the client is integrating the API into an existing App.

Use Case Scenarios

These are the short descriptions of the main implementations for ShoCard. For each one, the implementations would be slightly different, depending on whether ShoCard is implementing the App, or if the client is integrating the API into an existing App.

Password-less Login

ShoCard Password-less Login provides the ability for a user to log into a website (that's enabled with the ShoCard platform), without the need to remember passwords. The first time the user visits a site, they would need to link their ShoCard ID with the website and register. Once the registration is completed, they would be able to interact as normal with the website. Any subsequent visit to the website can be completed by scanning the QR code for login, or by entering their username without a password and attempting a login. This would allow them to authorize the login via their ShoCard App.

  • User enters their username or scans a QR code.
  • The user then receives a notice to authenticate using Touch ID.
  • The user verifies login.
  • Secure authentication is completed.

ShoBadge SSO

ShoBadge is the enterprise-level Identity Provider (IdP) using ShoCard’s Identity Management System (IMS). ShoBadge provides enterprises with the most secure form of ID management, eliminating the need for large databases of usernames and passwords vulnerable to hacker breaches. Employee ID information is stored encrypted on the employees’ mobile devices, then verified through the blockchain, creating  user-centric identity storage, paving the way toward Bring Your Own Identity (BYOID).  ShoBadge seamlessly integrates into existing solutions, like Okta and Azure Active Directory for easy deployment.

  • Company Admin sends out an invite to an employee
  • Employee registers ID information on their device and accepts the invitation
  • To login, a unique SessionID is created in a secure QR Code, employee signs by clicking or scanning the QR code on their login screen (no usernames or passwords)
  • Employee receives a notice on their device to authenticate using Touch ID and/or facial recognition
  • Employee verifies login
  • Secure authentication is completed
  • All applications used by the employee (email, Salesforce, Amazon Web Services, etc.) can be accessed post verification

Financial Services Credentialing

In addition to know your customer (KYC) checks, financial services spend a lot of time and money on qualifying individuals for the variety of financial instruments that are available. Most instruments require qualification including credit cards, auto loans, HELOC, and every time that the individual is qualified, it requires a separate payment for the credit check.

  • With the use of the ShoCard credential framework, an institution could qualify an individual for a particular qualification (e.g., credit score > 700).
  • The user is given the credit score and it's saved locally on their phone and that individual's certification is hashed and then digitally signed by the banks private key and placed onto the blockchain.
  • Any other associated institution could then be passed that certification by the customer
  • Because the certification was done by a trusted certifier, a re-check of the qualification would be unnecessary, saving the financial institution time and money, and the transaction can be done real-time and meet the customers expectations.

Improving customer’s travelling experience at airports & hotels.

The travel experience has been fully implemented as a proof of concept (POC) with SITA, the world leader in information technology for the aeronautic industry. Here’s how it works:

  • A traveler that is embarking on a journey can obtain a single travel token for the entire duration of their trip.
  • The initial check occurs at the ticket counter, where the individual would be positively identified and issued the travel token. A photo/selfie is also taken for verification purposes.
  • The personally identifiable information, the travel token, and the photo are all stored secure on the individual’s mobile device.
  • When the traveler approaches any gate or checkpoint, they can present the travel token via a QR code on the SITA Traveler App.
  • The Agent or a kiosk would scan the code, validate the travel token and check that the individual matches the selfie. If the checks pass, the traveler is permitted through the checkpoint.
  • A travel token would be persistent for the entire duration of the journey. The traveler can use the same token through the airport to their destination, during their trip, and as well on their journey back to their point of departure.

Additional Features:

During the trip itself, the travel token could contain additional fields of information, allowing
travel to be encapsulated with preferences and service levels be shared from the airport, through baggage claim, to customized transportation, to tailored accommodation and hospitality.

This would extend traveler-identification to industries outside of air the transport without compromising user privacy yet enhancing the user experience.

Call Center Authentication

Call centers require KYC (know your customer) checks prior to being able to assist a customer with any issues that they may be experiencing. These checks can take a long time to perform, and often may be frustrating since they may have outdated/incorrect information. The ShoCard Call Center Login solution is simple and more robust in terms of validation than the current processes.

After a user has been verified as an individual, when a user goes to a website or calls a call center, rather than answering a string of questions, they are simply prompted by their mobile device to approve the interaction.

  • The call center rep initiates the authentication by entering the customer's account number, email, or some form of User ID.
  • The customer then receives a notice to authenticate using Touch ID.
  • The customer verifies login.
  • Secure authentication is completed, and the agent is able to look at the customers' data and address the customers' need.

Identity Verification

Identity verification can be an initial step in a know your customer (KYC) process for Financial Institutions, Airlines, or Health Providers. These checks are safer and more robust than the standard offline methods, since physical documents may be forged or have become outdated but have not been physically rescinded.

With ShoCard, the true state of the data can be verified and even compared with the biometrics of the individual to ensure the person presenting the data is the real-individual who owns the data.

  • With ShoCard, identity verification is a simple and straightforward process. Depending on what pieces of information needs to be checked, the individual selects the appropriate fields in the ShoCard App (an image, name, address, age, or any other combination of personally identifiable information.
  • Other cards may be added to the ShoCard App, such as Social Security Cards, Health Cards, Green Cards, Employment IDs, etc.
  • The actual card images, as well as select information on each card, can be shared to the Agent that is performing the check.
  • For each field or card being verified, each piece of data is hashed and compared to the signed hash of the same information that is on the Blockchain, as well as any related certifications shared that authenticate the data.
  • All the pieces of information that pass the certification process will be displayed as being certified, and all the non-certified pieces of information will be highlighted as uncertified on the Agent’s device.

Automated Registration

Online registration is often studied due to the high level of drop off that occurs in a sign-up process. Website registration can be assisted greatly using the ShoCard system, with the automated pre-fill and user-controlled passing of information directly to the website being registered. One-click registration could possibly be one of the most effective ways of improving the user experience and allowing users to immediately participate as a registered member to these websites.

  • The process for registration would start at the login screen for the website. The individual would scan a QR code that appears on that screen, or click on a “Register now” button. The following setup screen would have another QR code, which could be scanned.
  • The user would receive a prompt on their mobile device to confirm that a specific set of information is being requested to complete the login request.
  • If the individual confirms, then the form is automatically filled out, and the user only needs to hit “Submit” to become a registered user.

This process also works for waivers and sign-ups at places like a sports club or a climbing gym. A QR code on the device being used to collect waivers is scanned, the individual’s mobile device is prompted to provide a signature and other pertinent information, and if the user accepts, the process is complete.

Proof of Age

When individuals need to prove that they are of age in the current paradigm, they typically must provide a physical driver’s license to the agent that is checking that information. There are some issues that people don’t typically consider with this – namely the driver’s license contains a lot of information that you may not necessarily want to share with the agent. For example, a single lady at a bar may not want to share her name or her current address to a shady bartender. The ShoCard platform allows users to only share the pertinent information, and keep all other personally identifiable information (PII) hidden and safe with the individual.

There are many use cases for proof of age – buying alcohol, going out to a club, entering an R-rated movie, buying cigarettes, etc. For each instance, the ShoCard implementation is relatively simple.

  • On the ShoCard App, the individual selects that they want to share the fact that they are over 18, 21, or 55 (for senior citizens), and selects “Share”.
  • A QR code is generated on the individual’s phone, which is then scanned by the Agent’s device.
  • The Agent then gets a verification (green check) or a denial of verification (red X) that the individual being checked is over the appropriate age.

Road Stop

Mobile driver’s licenses (mDL) and digital identity (dID) has been receiving a lot of attention from the standards organizations ANSI and ISO as well as the American Association of Motor Vehicle Administrators (AAMVA). ShoCard is actively participating with these organizations. There are many uses of a typical driver’s license outside of the original purpose of conveying the rights and privileges of driving. These include

  • Proof of address
  • Proof of age
  • Visual identity checking.

These same attributes are true for mDL and dID, and there are many benefits of having these forms of identification on a mobile device. Information on a mobile device is more secure than a physical ID – if you show your driver’s license, you may be passing information that you don’t want to be shared. With a mDL, only the information that is pertinent would be shared, depending on the situation. Verification is more robust with a mDL – the trust system that exists with the certification network, and the nature of the blockchain allow for a robust environment for identity management. Also with a mDL, certifications and privileges are immediately changeable and revocable.

  • The driver initiates an information sharing session and selects the information to be shared with the Peace Officer. This would typically include the photo of the driver’s license, all fields in the license, as well as a higher resolution photo of the individual.
  • The officer would scan the QR code that the App generates with his Agent App, and the information would be verified against the blockchain as being certified data points, and visually inspect the photo as an additional verification step.
  • The officer would then continue with the interaction knowing that the individual has been certified as the individual that they are claiming to be.
  • Road stops and public safety enforcement would take place similar to the Age Verification or Identity Verification examples above. Some differences might be what additional fields would be passed – the privilege of driving a motorcycle, a commercial vehicle, etc.