Report: Demonstration of Concordium Wallet Recovery Using Hitachi’s Public Biometric Infrastructure (PBI) and Visit to the Project Team
Concordium visited Hitachi Ltd.’s research facilities to receive a report on the demonstration (Proof of Technology or PoT) of the Concordium Wallet collaborating with Hitachi Solutions and using Hitachi’s Public Biometric Infrastructure (PBI). At the research facility, employees were actually utilizing PBI in their office life. Biometric authentication by PBI is used to restore private keys and match them with registered public keys for personal authentication.
At the research facility, two types of cashless payments using PBI were demonstrated. One is the use at a manned café where payments can be made with a pre-registered credit card by simply presenting a finger to the finger vein authentication device.
The other is an unmanned store called “CO-URIBA” which also utilizes IoT. At the entrance, personal verification is conducted using PBI’s facial recognition, and when a product is picked up, a 3D LiDAR and a weight sensor on the shelf identify the product, and product information is displayed on digital signage. CO-URIBA also seems capable of displaying digital signage tailored to the user. Payments are made using the credit card registered with facial recognition.
Interview with the PBI Team Leading the Concordium Wallet Project Dr. Kenta Takahashi, Senior Researcher leading the PBI Team
Concordium: Please tell us about the PBI used in the technical demonstration with the Concordium Wallet.
Dr. Takahashi: Simply put, the problem that PBI is trying to solve is authenticating whether users are truly the right people in online pseudo-face-to-face situations. This challenge has been unresolved since the internet began to spread in the 1980s and 1990s. In the digital world, all information including authentication data exists as data, and digitalized items can be duplicated.
There are mainly three methods of user authentication: knowledge-based, possession-based, and biometric. The current practice is to perform personal authentication either singly or in combination, but each method has its challenges. Authentication ultimately is based on data, necessitating the storage of passwords, private keys, and biometric information, the leakage of which can lead to identity theft and risks of human rights and privacy violations.
The FIDO (First Identity Online) technology used in current online banking stores private keys in a secure area of the user’s smartphone and registers the corresponding public key with the authentication server, encrypting internet communication through public key authentication. However, FIDO has weaknesses; if the device is lost or stolen, authentication becomes impossible.
PBI offers security and convenience independent of devices, uses public key authentication online, and biometric authentication between the user and device. The device does not retain any confidential information, generating the private key directly from biometric information and completely erasing this information from the device after authentication. This method allows for authentication by storing only the one-way converted public key without retaining biometric authentication. Moreover, PBI solves the key management issue prevalent in traditional cryptographic systems and is suitable for managing keys in Web3 wallets.
Concordium: Japanese companies are also working on Web3, identity, and Verifiable Credentials. How compatible is PBI with Web3 identity and Verifiable Credentials?
Dr. Takahashi: Globally, there is a trend toward shifting to a self-sovereign identity (SSI) management model. Personal identity is defined as a collection of attributes that describe who a person is, and it is something that inherently belongs to everyone in the world. The concept of SSI is that individuals should control and safely and freely use their identity without being dominated by specific large corporations or centralized systems. Currently, most SSI implementations manage their identity data through wallets provided on smartphone apps or PC browsers. However, we believe there are two major problems with the current implementation of SSI.
The first issue is that of inclusion. The rights that SSI advocates for users must be guaranteed regardless of whether users own a smartphone or can use a PC. We believe that a mechanism that allows one to prove their identity with just their body, without needing a smartphone, is necessary for true self-sovereign identity.
The second issue is security. The essence of self-sovereign identity is to allow users to manage their identity on their own terms while securely protecting that authority from being infringed upon by anyone else. There are services that manage user identity data issued as electronic certificates called Verifiable Credentials on cloud-based wallets. However, due to the architecture of the system, if the service provider or cloud operator wishes, they can access the data, which does not align with the original concept of SSI. To realize a secure SSI that is independent of central authority, it is necessary to cryptographically securely integrate strong user authentication with authorization of access and disclosure rights, eliminating any gaps for interference. By doing this, we ensure user authority at the code level. We believe that restoring the control of identity to the user’s physical body, without being controlled by devices or the cloud, is a new value that can be uniquely realized by PBI.
Ms. Non Kawano, Researcher, from the Research & Development Group. In this technical demonstration, she was responsible for the system integration with the Concordium Wallet.
Concordium: Could you please describe your role in this technical demonstration with Concordium wallet?
Ms. Kawana: I was responsible for the system architecture, technical components, and the demonstration, along with my team.
Concordium: Were there any deviations from the initial expectations or goals? Also, how do you foresee the potential use of PBI with the Concordium Wallet in the future?
Ms. Kawana: Initially, we were exploring various potential applications for PBI, but we decided to proceed with generating seed phrases after agreeing with the Concordium team. Moving forward, there are opportunities for collaboration between the Concordium Wallet and PBI, such as encrypting and decrypting seed phrases for storage, or integrating PBI into the passcode settings during wallet setup.
Experience a demonstration of the technical proof of generating and restoring seed phrases in the Concordium Wallet using PBI
Generating a seed phrase using a finger vein authentication device and PBI technology:
- Register your name.
- You will be prompted to place your finger on the finger vein authentication device.
- Place your finger on the finger vein authentication device.
- The seed phrase is generated.
Create a new Concordium Wallet and account using the seed phrase generated by PBI and obtain testnet tokens:
- Install the Concordium Wallet.
- Set up a passcode.
- Enter the seed phrase generated by PBI.
- Create an account (on the testnet) and obtain test tokens.
Restore the wallet and account using PBI and biometric authentication:
*Delete the Concordium Wallet from the PC.
- Reinstall the Concordium Wallet.
- Generate the same seed phrase using the finger vein authentication device and PBI.
- Restore the wallet and account with that seed phrase.
- Check the balance of the testnet tokens.
The results of the technical demonstration indicate that the combination of biometric authentication and blockchain technology significantly enhances the security and convenience of restoring the Concordium Wallet. In particular, generating seed phrases based on biometric data may offer a new solution for wallet protection and privacy preservation. Additionally, the adoption of zero-knowledge proofs enables authentication while protecting user’s personal information, thus expecting secure management of digital identities.
Follow Concordium on Twitter to stay updated on future developments!