NoLeak Global ID

A behavioral and biometric identification platform for no literacy people and low connectivity areas.

PROBLEM
Identification systems in Developing countries need to tackle several challenges, including lack of numeracy and literacy, lack of countrywide ICT infrastructure, lack of internet connectivity, legal, cultural and other issues that prevent these systems from reaching their full potential. Some times, the cost to access the identification cards can be expensive for part of the population and thus make it difficult and costly to be implemented.

VISION
We believe that you are your best passport, so you don't need any smartcard, tokens, or any other identification item besides being yourself. Imagine a world in which you don't need a passport to enter a country, just being yourself and giving consent to the authorities to access your data will be enough. A global unified and seamless platform that can authenticate you based on your unique behaviors and biometric characteristics and retrieve all the data the authority need to accept or deny your entry. Now, imagine a person in the middle of Africa with no internet connectivity at all and no literacy signing a digital marriage agreement. With our open-source Digitally Signed Contract technology it will be possible. A person can interact with the government by sending a voice/video message using a long-distance radio, and our technology will then authenticate its voice/video using the stored user's profile and machine learning techniques. We intend to use DeepAuth not to replace current solutions, but rather to add as an additional method to ease the access to identification systems for

TECHNOLOGY & SOLUTION
To do this, we plan to combine several existing and proved technologies with newly developed ones, to address the following points:

(1) X-Road for secure data transfer;
(2) Linked timestamping blockchains for integrity, secure and instant auditing;
(3) DeepAuth Challenge technology (behavioral/biometric machine learning authentication modules);
(4) Semantic Data technology to secure and dynamically find the services that contain the desired data;
(5) Video/Audio Based Consent technology for a user to create a consent transaction for an organization to access his personal data;
(6) Digitally Signed Message technology that creates a audio/video that is digitally signed by the user's behavioral and biometric characteristics;
(7) Shared Secret technologies - for privacy-aware big data analysis, being able to infer and make computations on data without having access to the current data;
(8) Zero-Knowledge proof - To infer information from data without revealing the data, such as: knowing if a person is under-age without having access to his age;

TEAM
Our team is composed of researchers/engineers with experience in behavioral and biometric authentication, machine learning, distributed computing, blockchain, semantic computing, cybersecurity and cryptography with awards from SC Magazine, Visa, Global Defense Security, Royal Academy of Engineering, IEEE and Institution of Engineering and Technology (IET). Our team also has experience in raising funding through grants and venture capital.

TRACTION
At the moment, some modules of this platform are already deployed by the Brazilian government at the Identification Institute. Others are in the development/prototype phase. The DeepAuth solution was selected as one of the most innovative identity solutions of the world at the KNOW Identity Conference 2019.

We are combining scientific-proven and field-tested technologies using a novel process and architecture for creating a global identification platform. For some modules (data exchange layer, blockchain, shared secret, zero knowledge) we will use existing technologies, but for a few modules, we will use our technology (DeepAuth, SemanticData, Audio/Video-Based Consent, NLP). Due to the deep learning technology, we were able to reach very high accuracy when combining the behavioral/biometric authentication algorithms for user authentication. The government's Identity Institute currently uses parts of this project, so the accuracy is high.

Purpose: the "Regulatory Module" will specify the scope and rules (minimal data principle) of the country; X-Road for data exchange among authorized parties.

Collection: require the minimal amount of information for ID issuance (country-based), and also the "only once" principle.

Data minimization: Random-IDs with tokenization and consent. Biometric data will never leave the gov's servers. The transaction will only contain the required data and will be logged on the blockchain. Data analytics will use anonymization and/or secret sharing/zero-knowledge techniques.

Use, retention and disclosure: all requests will go through our regulatory module and will follow the country's laws and require user consent. Every request will be logged.

Security: data is encrypted and signed when being exchanged; transaction logs will be hash chained (pseudonymized) on a blockchain. Deep Auth will manage multi-factor biometric authentication.

Accountability: Every request/transaction will be logged on the blockchain. Alerts to the user per request/transaction/authentication.

Openness: Every request is auditable in the hash-chained blockchain. Only the user and legal authorities can de-pseudonymize the data. Personal Data Usage Monitor is compatible.

Consent: Consent required for every transaction by our DeepAuth authentication challenges.

Accuracy: Users can view/update their data; real-time data-sharing will ensure consistencies.

Access: The user can access the transactions on the portal.

Compliance: Tamper proof transaction logs.

Incorporating our solutions will be as easy as importing a few APIs and studying the platform documentation. We will provide all the biometric/behavior algorithms along with out-of-the-box SDKs based on the open source data exchange X-Road protocol to integrate any solution within our platform. Also, although we will start as an additional ID method, our goal is to eliminate the need for smartcards/tokens which are one of the biggest costs to implement digital identification systems. After the government fully integrates with our platform, basic user registration will be as easy as asking a user to upload a video/audio saying (or gesticulating in case of deafs) his personal data that he wants to be stored in his Global ID. Current existing identifications numbers can be used to combine data from several existing sources by integrating our platform with their existing databases. After integrating our semantic data layer with each database, the government will automatically solve the problem of non-unified databases (which is enormous in LATAM and will find several frauds and inconsistencies). For the DeepAuth platform, we also want to have a marketplace for other vendors to sell their other products (KYC solutions, anti-fraud, credit score rating, onboarding solutions, and others).

Due to our behavioral/biometric authentication, for the final user interacting with our solution will be as easy as talking to a friend. We will have several portals for the user to manage his data, such as chatbots (free phone line, facebook, WhatsApp, radio, telegram), website, mobile app, USSD; making it transparent, user-friendly and accessible, even at low connectivity places and for low literacy/numeracy users. We believe that everyone should have the power to control his personal data and even monetize it, so empowering these people on the control of their data is our mission.

We will use the established open-source X-Road data exchange layer software, that is being used in several countries without any significant issue for years. So there will be no risks of data portability and vendor lock-in, as every person in the world can contribute and modify the source code. It will also be able to audit for vulnerabilities/backdoors. Our Semantic Data Layer will integrate with several existing database technologies and will be able to understand and index their stored data. We will also study integrations with other standards, such as LDS2, ISO SC17 WG10,  IATA mobile ID, and others.

Our key concept of Digitally Signed Video/Audio Messages, which will use behavioral and biometrics to authenticate a user's video/audio and digitally sign her message, consent, interaction with his data. For the user, interacting with her data will be just like talking with a friend, which will empower people with low literacy and numeracy levels to interact with their data equally. For very remote locations (radio-only), we are improving machine learning models for authentication/interaction using the user's voice through the radio/phone. Because our voice/face are unique, this will also help to stop ID frauds on these countries.

We want to be a personal trusted private data storage, so the user's data will be accessible through our platform following the required regulations and laws. This will empower the individuals to have greater control and even have the option to monetize their data. One option is to integrate into the existing government's identification systems and databases, so it can benefit from having a centralized data platform and identify frauds. 

However, we will also have the option of independent registration, so any person can have her Global ID, even if her government does not integrate with us.

Research Centers: Data-H (leading brazilian AI company) - 2years, Federal University of Goias (deep learning research institute) - 2years, University of Leicester (distributed semantic data management) - 4months, FAPESP (research agency) - 4years, SENAI (research institute) - 6months, Royal Academy of Engineering (UK) 2years. They offer support on our R&D, mainly the deep learning algorithms.

Government: Brazilian Police (facial recognition) 2years, Ministry of Justice (Brazil) 3months, Institute of Identification (Brazil) 2,5years. They are supporting us on integrations and field tests.

Technological: Oracle (Global Scaleup Program), Nvidia (Inception Program), Google (Cloud Startup). They give us support on IT infrastructure and technical training.

Currently, our team has researchers/engineers with the following skills: behavioral and biometric authentication, machine learning, distributed computing and blockchain, semantic computing, cybersecurity, cryptography, NLP, national government political influence. We were also able to raise initial funding/grants.

We still need the following resources to succeed in this project: political influence at international organizations/persons to raise more funding and win projects to integrate the Global ID with the government. With the visibility and support for organizations such as the World Bank, EU and Singularity University we hope to attract these resources and also partnerships with other companies.

For long-term, we will be a trusted personal data storage, so companies will pay us to handle their personal data ensuring all the compliance/privacy rules. Considering the fines from the privacy laws around the world, it will be cheaper for them to transfer this cyber-privacy risk to a trusted third-party to avoid being hacked (and fined). So because we have access to the user (for his consent) and his data, we will be this trusted data provider. 

Main Revenue Streams: 
1-Personal data storage fee + pay per data request (paid by enterprises, free for users); 
2-DeepAuth for biometric/behavior auth (pay per authentication);
3-Marketplace of other auth/security solutions;
4-Pay-for-your-data (users will be paid to give consent for enterprises to access their data for research; we will have a margin)
5-Consultancy services;

For short-term, during the Global ID development, we will sell the DeepAuth (biometric/behavior identification system) platform for companies, which will reduce identification frauds; and raise philanthropy/grants. Due to our expansion strategy, the Global ID platform will be offered for free (or a PPP, depending on the country) for governments. For our expansion plan, we will partner with a strong organization with worldwide access to governments (such as World Bank, big banks, or big consultancies).

We strongly believe we are bulding the future of identification, authentication and personal data management. We have joined forces with great researchers, with experience in machine learning, fraud, behavioral authentication, cybersecurity, privacy and applications of semantic web. Participating in this challenge will bring more visibility for this project, which will ease access to grants, fundings and partners that will help to deploy this innovation worldwide. The exposure of the project will also help raise the debate with individuals which is a first step to social acceptance of the proposed solution.

Although we have technological barriers, the key barriers are cultural and political. To overcome this, we need strong support from global institutions (such as World Bank) and political influence, creating an international political advisory board that will help us to overcome these challenges. Another issue that will rise is social acceptance, so we need to ensure a strong conscientization program that informs the user of his personal data rights and that he needs to have greater control of his data to avoid fraud and misuse, which he will have with our solution. We will never deploy our solution on dictatorships.