YourID’s DNA & Purpose
Considering the needs of the participants in the online world, YourID’s purpose has been drafted. It can be summarized as follows:
Protecting user privacy, personal data and digital identity in a transparent and independent way, promoting the control that users have over their personal data and digital identity (including with who they want to share [part of] their information) and over the use of their data and digital profiles.
YourID will be built around the user and give the power to the user over their data and the possibility to conveniently withdraw previously shared data and it will respect the user’s right to be forgotten (according to GDPR in Europe). Also, the user has the choice of sharing additional data, for which they receive additional benefits (“data enrichment by user consent”, this is possible since the user is in control).
All of this is done in a flexible, technology-agnostic way, with a wide variety of best-of-breed (technology) partners, to guarantee the highest level of security and user privacy on a global basis.
YourID brings together worldwide trust receivers (like websites and online platforms), trust providers (like identity verification suppliers, government entities, telco’s and banks), technology suppliers and other relevant stakeholders, including consumer representing organizations. This way, YourID offers and coordinates an identity solution for three main parties:
1. Users, who can securely identify themselves online, whilst their privacy is fully protected and having full control over their identity, while enjoying the best possible user experience.
2. Technology companies, uniting their efforts in one solution that is the best in the market and flexible, universal and global in scope, tackling one of the biggest hurdles in the industry, delivering a global solution and solving the adoption problem.
3. Online platforms and websites (including governmental institutions), who receive an access-solution for the lowest possible cost, with the highest form of security and flexibility. Enabling companies that work on different continents/countries to use a single solution instead of many different ones.
Core Values & Guiding Principles
To support YourID’s purpose, the following core values and guidelines have been established.
✓ Provide a solution that is developed around the user, guided by respect for user’s privacy and giving the user full ownership of, insight in and control over the user’s identity information. Put the user in control of what user data can be viewed and/or used by the parties that collaborate with YourID.
✓ Enable users to authenticate themselves through their biometric characteristic(s), and to conveniently access online platforms and websites on an international scale, through a secure and re-usable online identity, without passwords and usernames, and enable users to manage their different forms of identity in one single app and platform.
✓ Create a globally available, technology-agnostic, flexible and future-proof app and platform by joining carefully selected, proven technologies from best-of-breed global suppliers. If necessary, YourID can oversee the development of technology parts that do not exist yet.
✓ Provide users with multiple features and functions related to (online) identity management that can vary from biometric identification to trusted third-party verifications. Features and functions are based (as much as reasonably possible) on consumer market research and the requirements and wishes from the websites, platforms and other stakeholders that participate in YourID.
✓ Create the app and platform in such a way that it is technically virtually impossible for anybody except users to view user information or data regarding use.
✓ Promote interoperability between all kinds of companies, governments, institutions and industry sectors. Enable websites, CMS systems and online platforms to easily integrate YourID’s technology with their own technology and provide them with an attractive method to validate user identities, verify user information and make their validation processes more secure and efficient.
✓ Establish collaborations with a large variety of trusted participants, where online platforms, websites, technology providers and other stakeholders are invited to join, guided by the objective to create a global industry-wide collaboration for password-less and user-centric online access, that is supported by as many parties as possible.
✓ Not interfere in the business where users access through YourID, and not interfere in transactions and/or interactions between YourID users and collaborating partners. In addition, YourID will not track & trace user behavior within its services.
✓ Refrain from having any (commercial) benefit or interest in user identity information or other user information.
✓ Provide transparency to all main parties collaborating with YourID regarding how the user’s data is processed and secured.
✓ Provide transparency to all main parties collaborating with YourID regarding the structure of YourID’s foundation, its board-members, collaborators and stakeholders.
✓ Enable regular, independent audits based on YourID’s Core Values & Guiding Principles to guarantee that the YourID foundation fulfils its promises. Audits will be done by an internationally recognized body and the reports will be shared with the members of the main board, advisory board and supervisory board of the foundation, as well as with any consumer representing organization that requests it.
✓ Promote YourID’s independence regarding the way it is managed and supervised and create a (legal) structure in which no single party or small minority can have substantial control over any aspect of YourID that can be considered fundamental. Implement a structure that makes it impossible for a single party or small minority to control and/or change any relevant aspect of YourID’s platform, technology, governance structure and/or any of the elements described in YourID’s Core Values & Guiding Principles.
YourID Fundament & Differentiators
The many meetings held over the last few years and the in-depth analysis of the identity market have resulted in the creation of the fundament for YourID’s Foundation, consisting of the four unique elements as depicted below. This fundament follows from the need to protect users’ privacy, empower them with control over their identity information and deliver them a unique user experience on one side, and to offer a secure client relation plus identified users for the industry participants on the other side.
Based on this fundament, YourID has received the confirmation from a wide variety of different stakeholders in the identity industry that YourID’s solution is highly attractive and acceptable to be used as an additional method for users to log in and/or identify themselves. This includes the confirmation from many globally leading online players that a platform with these characteristics would fit their needs, and that they are therefore interested to participate in YourID.
The goal of the YourID foundation is to facilitate, support and orchestrate the delivery of such a platform and to strengthen the battle against ID theft and fraud.
The future operational cost of YourID will be shared by all participating platforms and websites that have a commercial purpose. This means that non-commercial websites and platforms that participate in YourID don’t share in the costs, but just pay an annual fee. In addition, YourID will be free for the end user.
Furthermore, the cost of YourID will always be calculated in an open and transparent way, so all participants will have full insight and confidence in its functioning. The cost for the participant depends on 2 factors: the level of security required by the participating website/platform and the number of online locations where the user deploys it.
How this works
Let’s assume that a user deploys YourID at 10 different online places, just to log in without usernames and passwords. The same user also deploys YourID at 5 other online places to log in with a verified identity. We assume that YourID’s annual cost per user for password-less login is EUR 3 and that the additional cost per user for the verified identity service is EUR 2.
This works out as follows: 15 online places together share the cost of the basic service to have users log in without passwords and usernames. Since this is EUR 3, the result is that the price per participant is EUR 0,20. The participants that required the verified identity service on top, pay the additional cost of EUR 2 shared by the 5 of them, resulting in an extra cost of EUR 0,40 for the participants that requested the verified identity service. Therefore, those 5 participants each pay a total of EUR 0,60.
Costs are not depending on the number of times an individual uses YourID every year, which results in enormous cost savings for the participants. However, equally important is that YourID makes the technology also available for smaller websites and e-commerce platforms, thereby delivering significant support in the battle against ID theft and fraud.
YourID will be managed by a foundation to guarantee the highest level of user privacy. The foundation will have a management team, a general board and a supervisory board. It might be extended with an advisory board.
The general board will consist of 20-30 leading online websites and platforms that together have full control over YourID. It will be supervised by governmental institutions protecting the rights of consumers, and by consumer representing non-governmental organizations.
The technology will be provided by a wide range of best-of-breed, proven suppliers worldwide, managed and orchestrated by the YourID foundation.
The Governance through the foundation makes YourID an independent and transparent cross-industry initiative, that is fully controlled by a wide variety of industry leading companies.
YourID’s suggested solution incorporates the following distinguishing characteristics in its platform, app and infrastructure:
✓ Users are in control of their data. With an easy and intuitive interface, users know who has what kind of information from them and they can conveniently revoke access to their information at any time.
✓ Ultimate security, fulfilling or even superseding all international security standards and the highest level of certifications. This applies to YourID’s software, infrastructure and organization.
✓ Highly secure storage of personal data, due to the meticulous design of the system, and the rigorous safety tests and protocols, based on ISO/IEC 27001:2013.
✓ Easy integration (OpenID & SAML), encouraging collaboration with many parties that can easily integrate their existing system, website or identity server with YourID’s app.
✓ Identity Verification Service, provided by external parties. With YourID users can have all their verified identity documents – like their ID card, passport, driver license, social security documents and much more – in a single place (based on distributed identity).
✓ Fast enrolment. With just their name, email address and phone number, users can start their account. In addition, YourID allows to enrol by logging in through a user’s existing account of Google, Facebook, Amazon or LinkedIn.
✓ Importing user data from other platforms. Users can easily manage all online data that they own. In a single place, they have access to all information that they generated on social networks and other platforms.
✓ Importing existing KYC. YourID can be integrated with trusted banks and institutions, from where users will be able to import their existing verifications and history, and use it with other companies.
✓ Fast response, by using the biometric authentication feature inside the user’s device. This differentiates YourID from other systems that are based on one to manymatching and need to search an entire database.
✓ Many different uses in a single solution for all kinds of online and physical access.
✓ Available to everyone, it can be used by consumers, companies and governments.
✓ Highly scalable. YourID’s service can scale to hundreds of millions of users.
In addition to the unique characteristics that the app can enjoy by being part of YourID’s platform, the app that YourID suggests could provide several other specific advantages, when compared to other apps that offer online and physical access control:
✓ Password-less authentication, which is very convenient since it eliminates the need for usernames, passwords, tokens, SMS codes, etc.
✓ Frictionless authorization, allowing users to access any online place or physical premise without tedious process.
✓ Very versatile, since it can be used for many different access situations.
✓ High security level, as shown by its design that enables certification according to the U.S. Government Approved Protection Profile for mobile apps, and EAL1+.
YourID’s suggested solution includes an API to be integrated into existing apps, allowing to use YourID’s platform right away.
Furthermore, the app can offer the following identification functions:
✓ The biometric sensors of the user’s device will be used to unlock user certificates to identify for YourID’s platform. The different types of sensors include fingerprint (Touch ID or Android), face recognition (Face ID), retina sensor and voice recognition among others (a secure encryption environment to store keys is required).
✓ Biometric multifactor ID, enrolling different types of biometrics (Fingerprints, Face, Voice and Signature) by using the device’s camera and sensors. YourID will allow for a reliable and highly secure way to identify the user, and provide maximum privacy, as this biometric information will be stored securely inside the user’s device.
✓ The app can show the details of a transaction performed by the user, who chooses whether to provide authorization by accepting and signing it.
✓ By using the app together with a PC, the user’s mobile phone can act as an identification and authorization device. The app can connect with any website using QR codes and the phone’s camera.
✓ The enrolment procedure can include an identity scan and verification, performed by an external Identity Verification Service Provider. The identity can be verified against various databases of information.
✓ The app can identify users through a selfie, that will be compared with the ID that has been provided.
✓ The app allows users to digitally sign transactions, by using advanced signatures through digital certificates.
✓ The app can detect and connect with a nearby certified hardware receiver and can transmit a user’s identification to provide access. If the mobile phone supports NFC, it is also possible to connect with NFC.
YourID’s suggested solution is based on a technology infrastructure as depicted below.