TrueProfile.io® is the new standard of document verification for diplomas, employers references, licenses and other trust-based objects from its issuing source. It puts the individual in control of safe-guarding their data and allowing it to be shared in a variety of ways with whomever they choose.
As one major element, TrueProfile.io stores this verification on the Ethereum Blockchain so that customers can access proof of their verification independently of the service - even if TrueProfile.io should cease to exist. In essence, this concept similarly supports identity services both in a traditional sense and in a self-sovereign one.
In a nutshell, the validated data belongs to the user and not to the company validating it.
The basic concept of TrueProfile.io
TrueProfile.io is the industry leader for the verification of applicant qualifications such as diplomas or employers references. TrueProfile. io, powered by the DataFlow Group (founded 2006), conducts Primary Source Verification (PSV) for every submitted document by reaching out to the Issuing Authority (IA) like a university, an employer or a licensing body to verify the authenticity of the document. All healthcare professionals in the GCC will be particularly familiar with the process of verifying their credentials as part of pre-employment background screening.
Furthermore, during verification, the DataFlow Group manually checks that the Authority is accredited and legitimate. If these conditions are met, TrueProfile.io issues a so-called TrueProof® - the basic building block of its service which is a single positively verified document. TrueProfile.io uses Blockchain technology to store a TrueProof so that customers can access their TrueProof independently of TrueProfile.io and even if at some point in time TrueProfile.io should no longer be in operation.
An introduction to Blockchain
In 2009, the Bitcoin white paper was published by a person or group called Satoshi Nakamoto. Bitcoin is a decentralized transaction system based on Blockchain technology. It is decentralized in a way which means that no central third party has control over the transactions written on the Blockchain.
Furthermore, transactions accepted by the network are immutable as the network protects them from manipulation. To achieve this, all transactions need to be ordered in relation to the time they occurred. These transactions are bundled in blocks that are chained one after another; the following blocks secure the previous blocks and this process secures the integrity of the system. For all TrueProfile.io users, this means they can be safe in the knowledge that validated TrueProofs cannot be edited or amended in any way.
In Bitcoin, one block is written in approximately ten minutes.. Ordering transactions by time and chaining them together is perfectly usable for timestamping and is a method already implemented by Satoshi Nakamoto. For example, the following text is written in the first block of Bitcoin (Genesis block): “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks”. This data is stored forever and can not be changed without changing all blocks which are built on the Genesis block. That’s why a Blockchain is the perfect way to carbonate data forever.
At the end of 2013, Vitalik Buterin took the idea of Bitcoin and introduced the concept of smart contracts. For Bitcoin, the software code that is executed for one transaction is defined in a limited set of codes, known as OPcodes. Each of these OPcodes performs a specific command or function on the Bitcoin Blockchain. Buterin suggested to use a ‘Turing complete’ programming language instead of the limited set of Bitcoin OPcodes. This makes it possible to bind any arbitrary software code to an Ethereum address - now known as a smart contract.
In contrast to Bitcoin, this leads to more flexibility as smart contracts can be added over time without any changes to the underlying Blockchain software structure.
The strength of data on a blockchain
As the Blockchain is replicated across many thousands of computers, it would be a waste of storage to store the full documents on all replicated nodes. It would also become critical for privacy if CV data was stored on a publicly accessible Blockchain like Ethereum. That is why TrueProfile.io proves the authenticity of a document by storing the documents fingerprint, but not the document itself on the Blockchain.
The fingerprint is comparable to the human fingerprint. If a fingerprint is found, it ensures that the fingerprint came exactly from this document as no other document can create the same fingerprint. Fingerprints also solve the privacy concerns, as the fingerprint of a document does not reveal any information about the document’s content. For example, in the same way that a human fingerprint does not give any information about the owner’s hair colour. In computer science those fingerprints are called hashes.
Pragmatic standard with a hybrid approach
Blockchain purists, obviously, will argue that the sheer existence of a centralized unit like TrueProfile.io/the DataFlow Group makes a travesty out of a radically decentralized set-up without any mediator whatsoever. On a theoretical level, they might be right. Yet, TrueProfile.io has purposefully chosen this path as it sees the world in pragmatic terms as what it is today and how it can serve users who intend to present themselves as trusted candidates - especially in an international, professional context. Instead of trying to onboard every university, every employer and every licensing body around the world to hold and safeguard their private keys for signature, TrueProfile.io is completely technology agnostic.
When it comes to obtaining its verification from the issuing source, the methods can range from writing, calls or even personal visits to the site. Based on this (positive) input, TrueProfile.io will issue a TrueProof. All the TrueProofs belonging to a user will be collected on their myTrueProfile page on TrueProfile.io.
This hybrid approach extends even further: TrueProfile.io puts the user in control of their verified data and enables them to expose this information to third parties of their choice:
User-triggered as a TrueProfile.io Member
- Members can choose to send a TrueProof PDF - which is stored as a hash on blockchain - to any 3rd party who can then check its validity against the Blockchain.
- TrueProof JSON (pure data object) brings the idea of hashing the PDF to the next level and store the hash of the plain data object on the Blockchain which is forever accessible to the individual.
- Members can make the entire myTrueProfile public on a randomized link and share it with 3rd parties of the user’s choice - such as authorities and regulators.
Employer-induced
A Business Partner sends pre-paid voucher codes to an applicant who in turn signs up, redeems the voucher and conducts PSV. Via their log in, the Business Partner is presented with the TrueProofs and the myTrueProfile of the applicant while the member safeguards their TrueProofs on their myTrueProfile for future utilization.
Platform-driven
Bringing trust to 3rd party profile-based services by integrating the attribute “verified” using the TrueProof JSON.
Through all of these means, centralized and decentralized, TrueProfile.io aims to further the aspiration of becoming the standard for document verification. But what does that “standard” mean and how do we get there? Let’s first declare what it will not be or rather how it will not be achieved: It is very unlikely that any supra-national body like the United Nations, The Hague Convention or any similar consortium will all of a sudden and solemnly declare something to be “The Standard for Document Verification”.
By contrast, the standard will be achieved initially through adoption from a few key actors, ideally in one geography - and/or industry cluster, before spreading out further horizontally and vertically until it will accelerate momentum towards broad usage and acceptance.
In order to reach this place, is TrueProfile.io not subject to the archetypical chicken-and-egg problem where individuals will want to have a verification only if it’s sufficiently accepted by employers, immigration authorities, regulators and vice versa, employers, immigration authorities and regulators will only accept individuals with TrueProofs if there is a critical mass of them? Yes, indeed, therefore TrueProfile.io strives to drive both utilization and acceptance of TrueProfile.io from both sides of the market starting with present and past applicants from the DataFlow Group. From there it extends to the “outer world” of individuals who need to present trusted documents through efforts in sales, business development and partnerships.
Once a certain critical mass is reached, TrueProfile.io will start engaging strongly via lobbying and direct conversations with governmental bodies, universities and employers to seek acceptance for its standard. Narrating these points of acceptance back to the B2C side of document owners will let them be safely convinced that TrueProofs are being broadly accepted and hence will embark upon utilizing them.
The extension of TrueProfile.io
In a subsequent step, once creating and administering cryptographic keys has evolved further into mainstream, the Issuing Authority of documents would require a profile (aka identity on the Blockchain) themselves. In this scenario, a service like TrueProfile.io would sign initially whereas the Issuing Authority would cosign the data as well. In a final stage of full decentralization, Issuing Authorities could be enabled to sign the TrueProofs directly. Another direction where TrueProfile.io is perfectly lending itself towards is a hybrid approach of building a digital identity of users who possess the property of being portable.
Combining an “Identity TrueProof” based on banking KYC-robust online verification of government issued documents (ID or passport) with one or several self-sovereign identity initiatives like uPort (which integrates with the TrueProfile.io platform) would establish an interoperable framework for further network distribution. Looking from another perspective, opening up the export and inclusion of document TrueProofs into these self-sovereign identities under the full control of the individual should be made available.
By choosing Ethereum blockchain to store hashes of our Members information, we have taken the necessary steps to assure our Members that their data is safe, secure and forever accessible - meaning that they will always be able to access their TrueProofs at any stage in their career. Even if TrueProfile.io should cease to exist, users are empowered to own their data and choose on a very granular level who they wish to share access with.
For the full whitepaper and additional technical commentary around the ways that TrueProfile.io uses Ethereum blockchain for the management of blockchain data, please visit: https://www.trueprofile.io/blockchain-whitepaper.pdf.
