Mobile identity verified on the blockchain is great. I don’t need to remember usernames and passwords for the services I want to access. Services and places become accessible just because I have my mobile device. I share only the parts of my identity and credentials that I want to share with whom I want to share them. Easy access. More secure. Pretty powerful.
But what happens if I lose my phone? Will I be able to get my mobile identity back?
With ShoCard, your mobile identity is kept encrypted under your device’s private key. If you lose your phone, you have lost your private key, which means you would no longer be able to identify yourself or access your records on the blockchain. So, it’s a serious, valid question that I get often. And the answer is:
If you have a backup of your App/phone, then you can likely restore you App and data and immediately regain access to your private key and records on the blockchain. However, if you don’t have a backup, then we give you the option of restoring your mobile identity through our patent-pending Account Recovery process.
Concealing Recoverable Information
We designed our Account Recovery process so that your service providers can maintain your private key recovery information, but not read or hijack it. Since passwords can be hacked or forgotten, we don’t require a password on top of other factors for recovery. This is a critical aspect of our design, because if the service provider was able to provide a forgot-password mechanism to reset a password, it would also mean that they had the ability to maliciously reset the password on your behalf and access your data. Instead, we obfuscate the recoverable information in a way that only you are able to retrieve it.
In order to recover your private key (and hence, your mobile identity), ShoCard requires you to have access to multiple assets. Typically, this is your phone number, email, an ID, a scanned document, or a phrase. ShoCard uses a split-key mechanism requiring at least three factors for recovery, but no password. Once the user has proven access to these assets, the service provider retrieves the forth factor, which is a unique Salt (a long unique value). This gives your mobile device, and only your device, the information it needs to retrieve your private key.
Through this mechanism, we are able to encrypt your data in a manner that even the service provider is unable to decrypt, and you can sleep at night because you never have to worry about losing your mobile identity.
For more information on ShoCard
- How ShoCard Works…
- Request a demo of ShoCard products
- Request our whitepaper by contacting [email protected]