“With the spread of smart cities and an increasing number of digitized systems which require user authentication, it is essential to think about systems that can, on the one hand, facilitate the person’s recognition, but on the other, can guarantee the security of the operation. VEMINI, thanks also to the Blockchain technology, responds to this urgent need with a solution which received a special mention in the 2019 edition of the Marzotto Award”: Edoardo Zorzetto, co-founder of the VEMINI startup thus explains the system developed for handling digital identities.
What drove you to create a project precisely in a field such as Digital Identity?
“We believe that developing innovation primarily means being guided and inspired by the desire to improve the system in which we live. Today we talk a lot about digital transformation: bringing innovation to a world where a personal digital presence will be increasingly necessary and used, and really changing the rules of the game. If we talk about some data, we see that violations of reserved digital spaces are constantly growing, surpassing 1,800 breaches in 2018 alone. Furthermore, it is impressive that about 81% of these breaches have as their main cause the theft, identification or abuse of confidential access credentials (password, PIN,…).
In addition, Microsoft has estimated that a breach of a database containing 10,000 confidential profiles can result in damages of approximately $3.79 million, while the use of Proof of Knowledge protocols results in a productivity loss of $420 per year for each employee involved. In light of these few data alone, it is evident that there are many inefficiencies within the current models for authentication and access management processes. The solution which manages to change the current paradigm will therefore win”.
What is the limit of the current authentication systems and what is the innovative character of the solution you presented for digitally managing authentication?
“Current Identity & Access Management systems are based on Proof of Knowledge mechanisms, i.e. passwords, codes, badges or OTPs. Credentials are stored in centralized and encrypted databases, structured to block unauthorized access. However, the refinement of hacking techniques and the increasingly effective phishing attempts periodically bring such structures to their knees, making the statement “centralized is safer” no longer factually provable. Vulnerability is, in fact, tied to the risk of a Single Point of Compromise, that is, to the possibility for malicious attackers to attack a single point in order to gain access to all users’ data, with serious repercussions in the case of information which refers to people’s digital identity. VEMINI is committed to creating a new paradigm in the world of authentication: the definitive identity management system, more performing than the current 2FA tools, resilient to centralized hacker attacks and to any social engineering attempt, interoperable and easy to use.
Our authentication system is decentralized, password-free and based on biometric digital identities, i.e. which refer to the physical characteristics of people, specifically, which refer to the last frontier of Biometrics: the geometry of the veins of the hand. We have created a recognition protocol in which a single digital identity can be used horizontally on any access system supported by the protocol, without the need to resubmit personal information and to expose it to the knowledge of third parties, during multiple registration processes.”
How does the VEMINI authentication protocol work?
“The architecture is based on aspects of computer security which are still little used today by technological multinationals, or in some cases still ignored. VEMINI is Privacy by design, in fact our vision of Identity as a Service has always put user protection first, enhancing quality aspects such as data integrity, legitimacy and unassailability. The other keyword for VEMINI is decentralization: our security protocol is in fact the first Italian decentralized authentication system, structured on biometric digital identities based on hands veins patterns.
Once it is recorded by a special trusted hardware IoT, the biometric data is fragmented into multiple shares protected whilst handled by two pairs of public and private keys. The three shares are finally distributed and recorded on 3 independent layers, which guarantee that the user controls his/her VEMINI ID. The Blockchain is not used to record part of the biometric identity since an immutable and public ledger such as a standard Blockchain would not be a suitable place for this purpose. By contrast, we exploit the potential of a specific Distributed Ledger to generate, during the initial collection of biometric data, an opaque alphanumeric identifier which can always and only be traced to the biometric identity of the subject, thus promoting interoperability between any access system, without the need for the user to have previously registered with that specific hub”.
Very interesting indeed, so what are your future goals?
“In the near future, we are determined to bring to the market a technology which will actually open the door to a new identity paradigm. A single digital identity for every individual, which can be used horizontally in many areas: from access to confidential spaces or data, to POS payments and digital signatures, for use in stadiums and airports or for generating irrefutable digital certificates. These are all use cases on which we are already working and building strong partnerships.
For us it is a great success and honor to have obtained approval and support from TIM and Engineering, through the acknowledgments won at the 2019 Marzotto Award. However, there is still a long way to go. We know that transferring new paradigms to people and implementing them through new technologies is a very difficult challenge both in practical and regulatory terms, but we are determined and aware that we can transfer security, privacy and great usability without compromise thanks to VEMINI”.