Identity Management
Baseledger’s identity layer provides a compliance-centric balance between anonymity and accountability. A user’s identity is anonymous on-chain, but this anonymity can be revoked and their real-world identity can be revealed in response to a valid request from an authority via established legal channels.
From the user’s perspective, anonymity with respect to the general public is maintained and the identity layer can accommodate identity providers and anonymity revokers based in different jurisdictions around the world. As such, the Baseledger network offers a global, multi-jurisdictional solution to the adoption of blockchain technologies across regulatory regimes.
Baseledger includes a solution for providing transactional privacy for users, while maintaining accountability against local regulations. This means that transactions are processed without exposing the identity of the sender or receiver. In case of encrypted transfers, the sender and receiver are the only parties that can see the actual amount of a transaction. If a suspicious transaction or set of transactions is detected or in case of a legal conflict, the real-world identity of the users can be revealed to qualified authorities with the help of anonymity revokers and identity providers. Moreover, if a specific real-world identity is suspected of malicious behavior, anonymity revokers and identity providers can help trace the accounts of that user.
The elements of Baseledger’s Identity architecture include users, identity providers, and anonymity revokers.
A user is an entity that holds an account on Baseledger. These can be individuals or legal entities, such as businesses, and they require a valid form of identification to facilitate the off-chain identification process.
An identity provider is a person or organization that performs off-chain identification of users. For each identity issued for a user the identity provider stores a record off-chain called an identity object. The primary functions of an identity provider are to:
  • Verify the identity of users
  • Issue user identity certificates to users
  • Create and store identity objects and relevant attributes for record keeping purposes
  • Participate in the anonymity revocation process
Information about the organizations that act as identity providers, such as their name, location or public key, is found in an on-chain registry. Initially, the registration of identity providers will be managed by the Baseledger Council. Users are required to obtain an identity object from an identity provider in order to open and operate an account on the network.
An anonymity revoker is a person or organization that is trusted by the council to help identify a user that owns an account should the need arise. All accounts on the are associated with a real-world identity, which is linked to an identity object stored by an identity provider. Identity objects are also linked to a set of anonymity revokers. Anonymity revokers play a critical role in revealing the real-world identity of a suspicious user by decrypting the unique user identifier that is stored on-chain for each account. When a unique user identifier has been decrypted in response to an official order, it can be combined with information stored by the relevant identity provider to allow the qualified authorities to reveal the real-world identity of the user.
From a big picture perspective, this approach allows Baseledger to offer a well-balanced compromise between (pseudo-)anonymity and a compliant way to revoke anonymity if needed (e.g., in case of legal fillings). This is another vital building block in offering an enterprise-grade, compliant solution for companies to build on DLT promises.
Copy link