ShoCard is the one identity verification system that works the way consumers and businesses need it to for security, privacy, and always-on fraud protection. Armin Ebrahimi, CEO & Founder of ShoCard.
Peter Lee: Tell us a little about yourself and ShoCard?
Armin Ebrahimi: I started my career as a software developer and to date remain technical. I spent 10 years at Yahoo! from 1998 to 2008 where I was the SVP for Platform Engineering at Yahoo!. We built some of the largest scale systems and as part of the platform team, I managed the identity group at Yahoo! where we managed over 500 million registered users. I’ve also been the CEO of two other startups that were acquired – one by Compaq Computers in 1997 and the other by AOL in 2012.
In February of 2015, I started ShoCard to solve the problem with the existing identity solutions that are all centered around usernames and passwords. ShoCard provides a mobile identity where the user’s personal information and authentication keys are encrypted and kept on the mobile App. For each of their identity fields, a one-way hash of the data that is digitally signed by their private key is placed on the blockchain. Other third parties, such as a bank, that validates the users identity through a KYC or other methods can also add a similar digital signature of a hash of the user’s data – in this case singed with the bank’s private key.
With this process, a user can present only the pieces of their identity that they choose and with only entities that they choose to. The receiving entity can then verify the authenticity of the user’s claims by checking the blockchain. Only the user can unlock the data with proof of ownership given their private-key in their App.
ShoCard is more than a username/password replacement. It is a comprehensive identity of a real person that goes beyond a Google or Facebook ID. A user’s identity can include their driver license, passport, employment ID, and even their facial image.
Peter: Armin, given that you have a PhD, I’m going to give you a real challenge! For our non-technical members, summarize the explanation of your ShoCard platform again but without any references to ‘technical’ terms such as hash or private key.
Armin: ShoCard is a mobile digital identification that is as easy as using your driver license, but secure enough for banks to rely on it. With ShoCard, users own and manage their own data and share only what they need with those that they choose to share them with. No one else can access their data without their permission. Yet, with using the blockchain, the data shared can securely identify a unique person.
Peter: Who benefits from ShoCard and how?
Armin: There are multiple benefits to having a highly distributed identity where each user owns and controls their own identity and data. The goal is to increase security, protect user privacy and reduce friction.
First and foremost, our distributed identity management increases security and makes it as difficult as possible for a hacker to impersonate a user. The verification codes on the blockchain carry no PII data while providing definitive authentication. The blockchain is an immutable ledger where records written to it cannot be modified or deleted, preventing hackers from altering them. They also carry no recognizable value without the user owning the data.
There is no central database of authentication codes (such as a username and password) to be hacked. Each user maintains their authentication codes on their mobile device. While we’ve seen large scale hacks such the recent Equifax theft of 140 million users through a single attack, hackers would have to have physical access and know-how for 140 million users and phones in order to have the same impact. This is ineffective with too much cost and inefficient for hackers.
By using cryptography as used in ShoCard, user’s private information can’t be stolen so easily and even if someone has already stolen different users social security number, phone number, home address and other information, they can’t use that to impersonate a user.
User privacy will continue to be a high priority and users can be in control of their information. When sharing data with others, a user can select only the fields they need to share. For example, when going to a bar, there’s no reason to provide every detail of one’s driver license – with ShoCard, a user can simply share their age and facial image.
Lastly, today’s identity management in both the digital as well as the physical world requires extensive proof and often manual engagement. Everything from calling a bank customer-service to service provider who needs to reset one’s password, people are required to answer a stream of questions. This can be easily hacked and is expensive for both the service providers as well as the users. Even walking through airports where passengers have to stand in line to show physical documentation that is manually checked by airline agents and security officers can become streamlined where people are digitally and biometrically validated at near walking speed. These are only a few examples of how ShoCard helps remove friction in identity authentication.
Peter: Given the Equifax debacle and other high visibility thefts of user data, how has this affected the overall adoption of ShoCard? What are the challenges preventing even faster adoption?
Armin: The interest in non-centralized solutions for identity from prominent businesses has increased significantly since the Equifax attack. Yet, prominent businesses are large enterprises with many processes, departments and people in place and a change approach to identity undergoes slow transition. Changes require both companies that provide services to change, but also for their customers to adopt those changes.
Peter: Could you quickly explain the difference between ShoCard and ShowBadge?
Armin: ShoCard is an embedded system where customers implement the platform into their existing servers and mobile applications using our SDKs. They usually present their brand to the customers. This is a tight integration and requires these service providers to write code. However, they have extensive flexibility to use ShoCard for KYC, authentication, transaction authorization, attestation of user attributes and credentials and sharing of these with other service providers.
ShoBadge on the other hand is a full suite product with a mobile App and supporting services. It can be adopted by an enterprise with simple configuration. However, ShoBadge primarily focuses on user authentication and ID management with pre-defined capabilities.
Peter: What’s the one biggest thing people don’t know about ShoCard that you wish they did?
Armin: Implementing and using ShoCard is easier than many think. By using open standards such as SAML and OpenID Connect, to comprehensive SDKs that can be integrated into our customers servers and mobile apps, the complexity of the blockchain is removed while the benefits made available.
Peter: What has surprised you most about your journey with ShoCard?
Armin: While at Yahoo!, I was aware of the importance of identity. But, in the recent years, the attention paid to identity protection has increased significantly. This has opened up a lot more opportunities for us than I had initially imagined. The second thing that has surprised me is the rate of change in acceptance and interest in blockchain as a platform to address previously unsolvable problems with identity. Just two years ago, this was an uphill battle. I am very surprised how fast things have come along.
Peter: Tell me about the future? What does your ShoCard look like 5 or 10 years from now?
Armin: I don’t like doing predictions 🙂
Peter: This is not directly related to ShoCard but how can we save the earth, this world and humanity? Name one person, company or organization you feel is really having an impact in this area and why?
Armin: It’s hard to call out any one thing that changes humanity. Perhaps, it’s the collective ability of individuals above their institutions that is the savor. In the 1990’s, the internet connected the world and with its evolution, individuals became empowered. This ultimately limited state-control over many parts of the world. We have witnessed many uprisings against oppressive regimes only because of access to social media such as Twitter or Telegram that has helped give them a unified voice. Even news is no longer the broadcast of the prominent news-entities, rather every individual is at one time or the other recording and reporting news that can become viral and cumulative with others.
We are seeing a continuation of this individualism with the democratization of information and assets. We are in this revolution today as we witness distributed blockchain companies distributing power even further to individuals. Perhaps the simplest example is cryptocurrencies where they create efficiencies (e.g., Ripple’s low-friction international fund transfer) and create separate asset classes that are not owned or operated by any central government or entity – for example Bitcoin.
The reason I believe such individual distribution can be an incredible change agent for the better is that the power is distributed to the masses creating a form of organized chaos. Think about the efficiency of a bee or an ant colony where each member works independently and their input to the whole colony is equally important and together highly effective. Yet, it is not managed centrally by any master.
Peter: What do you think about National ID cards like the biometric one in India? What role do you think a blockchain platform like ShoCard could or should play in such a national or global identification card?
Armin: National IDs are a great way for including large population of people to use common services. A government, such as the Indian government, is the certifying authority in this case of each individual. However, even the Aadhaar in India requires access to a central database where all user data is stored in order to authenticate individuals. This central database poses similar problems as any other centralized authentication system (https://www.engadget.com/2018/01/04/india-citizen-aadhaar-database-breached/). A blockchain identity approach, such as ShoCard, can help provide secure authentication without the risk of large database breach.
Peter: What can you tell us about yourself that our audience probably doesn’t know?
Armin: Outside of my professional life, I have spent the past 38 years practicing martial arts and hold a 5th degree black belt in Tae Kwon Do and Mixed Martial Arts. This background and competition over the years has helped build many skills that have helped my professional life and in particular my affinity for alternative thinking.
CEO & Founder