Everest

From BitcoinWiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

Everest has built a decentralized platform made up of three components: EverID, a digital biometric identity system to store and confirm user identity data; EverWallet, a multi-currency digital wallet with built-in document storage, and EverChain, a blockchain-based transaction system. The platform is available to all human beings from birth until death. It does not require a mobile device to join, is encrypted to protect users’ privacy, and is interoperable with other systems.


Institutions, corporations, and government organizations can effectively, cheaply and quickly validate user identity, at scale. Value can then be transferred securely to the correct recipient with reduced transaction costs, lower losses from leakage, and innovations in service and value transfer.


Everest is a disruptive product with an existing prototype, a highly experienced team, and is working with a large Bretton Woods banking institution[1] and UN Agencies. It is building the biggest single opportunity for expanding financial inclusion amongst emerging markets and established financial institutions.

Sustainable Development[edit]

The current process for identity verification is forced to incorporate data storage, document verification, and conditional access. Right now, institutions, such as governments, banks, and hospitals can only validate a finite number of users without overloading and increasing costs to an unsustainable point.


Everest’s EverID makes user validation fast and cost-effective: it costs just a few USD cents per verification and EverChain can handle a volume of billions of transactions per month – with the ability to scale to trillions. The decentralized architecture of the platform also provides complete personal data ownership and higher levels of security compared with current centralized or public distributed databases.


For 40% of the world population, carrying out basic economic transfer is rife with fraud, leakage and friction – which is why it only makes up 26% of the global GDP, 15-20 trillion US Dollars. It is estimated that $6.6 trillion was lost to fraud and leakage in developing countries between 2003 and 2012[2]. By validating user identity with 100% certainty with EverID, verifying value delivery into the EverWallet, and tracking final consumption with EverChain, Everest is able to drastically reduce leakage, fraud, friction, verification, reporting, and data access costs.


Total Financial Inclusion[edit]

Creating a method of everyone to access existing financial services unlocks the ability for the countries in emerging markets to grow beyond their collective $20 trillion of GDP. Invigorating these emerging markets with modern economic processes – verifiable identities, per=person electronic value exchange mechanism, and transparent transaction accounting system - can potentially couple their output transforming them into a $40 trillion opportunity.


Through the use of digital identities, digital wallets, and document management, users will be able to validate their identity for public services and claim their social and economic rights. By leveraging the power, transparency, and security of blockchain technology, Everest will catalyze these dormant markets into a vibrant component of the global digital economy



Everest Delivers to Communities[edit]

Total Financial Inclusion[edit]

Everest, with EverID, has created a universal digital identity that will elevate all of humanity into the global market, thereby providing access to a robust set of services in order to enhance livelihoods and promote economic development.


Multiple types of biometric information for each identity are recorded and stored in the EverID Datagram. Legacy identity documents, including national ID cards, driver’s licenses, passports, voter ID cards, etc. are captured, as are 3rd party attestations by cryptographically signing those affirmations of claims.


The individual’s data is recorded in a manner that allows the individual (not a government, organization, or company) granular control of how it is shared, with whom, and for how long. This sharing mechanism is enforced by smart contracts per transaction, with automated resolutions.


If an individual does not possess the technology, an agent system will enable them to be enrolled via the Everest Agent DApp. Public Access Devices (PADs) will be used for EverID validation, EverWallet use, and data updating. PADs will use a Software Development Kit (SDK) to add identity validation and wallet services to devices for banking, government services, healthcare, and more.


Institutional Investment Through Transparency[edit]

Everest, through EverWallet, provides the ability to remotely verify the recipient of value transfer, at scale, combined with fast user verification, will propel institutional investment in the $20 trillion-dollar economy of countries in emerging markets. These emerging market countries currently account for $20 trillion of the global economy. When identity is fixed and modern value transfer is made possible, this economy should be able to at least double into a $40+ trillion opportunity. Promoting individual economic development through access to financial system such as credit and insurance, Everest will help drive these advances giving over half the world a new on-ramp to the global digital economy. Giving everyone an EverWallet is like giving each person their own permanent address to receive value, coupled with a secure safety-deposit-box-in-the-cloud to store important documentation.


Confidence Through Immutability[edit]

Everest, through EverChain, is able to deliver a robust transaction system designed to record all transactions and provide them to be reviewed forever. Built on top of the distributed ledger technology that powers the Ethereum smart contract system, EverChain benefits from the depth of development talent and the community that has made this the most accepted smart-contract system available. EverChain is a private, permissioned instance of the Ethereum Enterprise blockchain. Providing the ability to review transaction to the parties involved, and their respective organization and regulators, Everest ensures that there is minimal graft, leakage, fraud and there is tight adherence to standard-operating-procedures.


A Permanent Utility for Humanity[edit]

The Identity Network, the non-profit guardian of the Everest Platform, will be an autonomous, non-capturable, decentralized network, owned by no one, functioning in perpetuity and embodying the Principles of Identification for Sustainable Development Goals (SDGs)[3] in its software. It will be continually funded in order to exist and will provide identity verification and value transfer services to users indefinitely. The internal governance of the foundation provides a clear, standard operating procedure and a mechanism to evolve to remain relevant and secure.


Everest is A Complete Solution[edit]

Everest gives individuals the tools to manage, and protect, their own data through a decentralized identity platform (EverID), a value transfer/storage solution (EverWallet), and a robust transaction system (EverChain). Everest also gives tools to those organizations to help manage the communities of individual - to transact value with the verified individuals, conform to all applicable regulations, and transparently record and prove that a transaction occurred.



Everest Principles[edit]

The principles guiding the technical and governance design of Everest reflect the Principles for Identification for Sustainable Development, as set out by the Center for Global Development and the World Bank


These principles are: that privacy is a human right and that individuals should have control over and effectively own their own database of identity elements, including their biometrics. Information should only be shared with the express consent of the user and there should be recourse if a user’s rights are violated.


Users should be informed and compensated for access to their identity information and able to share data with another party or deny access selectively. We propose to fund a network of identity verification nodes which will be governed as a stand- alone foundation to ensure longevity, security, and transparency.


Everest operates under the following unanimous, unchanging beliefs and principles about identity information:


· All individuals should be included


· If an individual does not have access to technology, they should still be able to participate


· The system should be available forever


· All individuals should be specifically identifiable


· All information about an individual should be stored in the most secure manner possible


· The individual should possess and control their identity


· The individual should be able to selectively share their identity information per interaction


· The individual’s information should not be owned or controlled by anyone other than the user


· The system should be resilient against attack


· The system should be able to bridge to other systems



Project Architecture[edit]

Everest is a for-profit organization that will fund the non-profit Identity Network (IN) foundation. The IN foundation is designed to ensure transparency, neutrality, security and longevity of the Identity Network.


This economic model will sustain this organization by earning market rates for identity verification from organizations such as government institutions and commercial organizations. The IN foundation will have an independent board of directors, drawn from internationally and regionally recognized global organizations, NGOs, IGOs, and philanthropic organizations that share the same principles surrounding the right of identity as Everest.


The management of the IN foundation and the Everest operating company are mostly different as their primary focus is different. The IN foundation is governed by a board of caretakers, the criteria for selection of which is that the organization must be a not-for-profit organization or an economic development focused organization and show at least 10 years in serving the public good. The Everest operating company will then be managed by a CEO, CTO, and management team.


Everest Platform[edit]

Everest combines EverID, a user-centric self-sovereign identity solution, with EverWallet, a value transfer and document storage solution, and EverChain, a robust transaction system to create and record all system transactions. This product suite is based on blockchain technology and the cryptographic underpinnings of that system. The core focus of the Everest operating company is to create economic and social value.


Everest facilitates verification of users by multiple third-parties and allows the secure transfer of value between members of the system.


Identity Network[edit]

Everest will fund the non-profit Identity Network foundation that will oversee elements of the shared systems in the Everest Supernodes. If $10M USD is raised from the initial token sale then 5% will be allocated to establish the Identity Network foundation and for every USD$ 1.00 above $10M, 2% will be allocated to the Identity Network foundation.


The governance of the Identity Network foundation will be to safeguard the independence, and transparency of the network so that it exists for humanity forever.


Everest will donate a percentage of capital raise per the above, plus a percentage of identity verification earnings on an on-going basis, thus creating a self-funding, autonomous network.


The responsibilities of this governing board will be to ensure the network cannot be taken over and transactions are transparent and to maintain at least 50% authority. In a “proof of authority” network, this prevents any organization, including Everest, from ever changing the base code. They will also be required to establish independent observer nodes and ensure that two board members are signatories on all code releases.



Blockchain Technology[edit]

Technological Principles[edit]

The Everest infrastructure is operated on a series of supernodes in the network. These supernodes are the host of the blockchains. They also host the per-user IPFS storage locations, the Conduit System to integrate other systems and data, the Bridge Service to allow individuals to transfer their data to an Everest app and the API Server to enable transactions from SDK-enabled devices.


The data on the supernodes are secured with the user’s public/private keypair, biometry, as well as a password/PIN. There is no ability to DDOS the Everest infrastructure as it is decentralized, has a financial disincentive in fees charged for transactions, and API requests are funneled through a queueing regulator. This ensures equal access to the services and mitigates potentially negatively-impacting usage or load.


The Everest DApp and Everest Agent DApp are both based upon a cryptocurrency wallet for the Ethereum blockchain. The DApps in the Everest system are also secured with the user’s biometrics and a password/PIN, as is the Bridge Service.


The Everest API and SDK are secured by a per-partner API key and per-partner SDK implementation key. These two keys are enrolled in the Everest system. The SDK requires that the SDK implementation key is embedded in the software of the Public Access Device (PAD), however, the API key can be refreshed, enabling the prevention of key hijack compromising the system. In the case of a key hijack, a new API key is issued to the partner organization, and through the SDK, updated on uncompromised devices. Their SDK implementations when trying to access the supernodes are then challenged to provide the correct API key, and if the API key hasn’t been updated, the host device has been compromised and can be blacklisted.


The storage array of the user’s identity information is known as an EverID Datagram. It consists of a nested series of information locked behind biometric locks and knowledge locks (password, PIN) designed to bootstrap the unlocking of the next section of the datagram. Each individual has an EverID Datagram stored in IPFS on the supernodes, referenced by the smart contract which recorded their identity to the EverID Blockchain.


Through the API and SDK, the EverID and EverWallet components of the Everest System can be integrated into other applications and other devices not addressed by Everest’s product offering.


Through the Conduit System, disparate sources of information can be integrated into the user space allowing the individuals to incorporate data from existing systems into their EverID.


This technological system ensures users remain in control of their data with secure and anonymous transfer, even when working with multiple third-parties.


Everest Technology Stack[edit]

The infrastructure that supports identity ownership, secure value transfer and third-party integrations.


Architecture Diagram[edit]

This is the conceptual model of the behavior of the Everest system.


Biometrics[edit]

EverID uses biometry, or the specific unique physical or behavioral characteristics of individuals, to identify users.


Biometric capture capabilities have been added to mobile phones, and those capabilities have evolved over time. Everest will continue to include sources of biometry into EverID as they become commercially available in new devices. The user’s biometric samples will be refreshed over time as frequency rules, biometric sample types, and system requirements change. Currently, EverID leverages both facial and fingerprint scanning, both of which achieve very high accuracy and are sourced from industry leaders that regularly supply such services to banks, nations and large organizations. By including two sources of biometry, EverID achieves a higher level of security than most in the market. As biometric advances are made, Everest will incorporate additional sources of biometry into EverID, including iris, pulse, voice, and DNA. Each biometric lock is accompanied by a user knowledge proof to ensure user consent to the transaction.


By recording biometric characteristics into EverID, the Everest system is able to identify specific individuals and ensure that each user has one and only one EverID record, preventing Sybil attacks.


EverID Datagram[edit]

The EverID Datagram is the proprietary storage file of the user’s identity information. The EverID Datagram is resident on the user’s mobile device and in the EverestSupernode. Any updates to the Datagram are mirrored/ synchronized with the other copies of that individual’s Datagram on their devices or in the Everest Supernode as soon as the devices come online. An Everest DApp, Agent DApp, or Everest-enabled device can create an EverID Datagram. However, external access to the EverID Datagram is only possible through the Everest API.


The EverID Datagram, and its storage are in the control of the user at all times, allowing them to decide who has access to what information, and how that information is stored in the long-term. If the user wishes to delete their EverID, the anonymous biometric identifier used during enrollment persists. This prevents the user from attempting to create a different identity in the system.


The smart contract which records the user’s EverID will be closed in a special manner which marks the EverID as inactive preventing future use, removes the pointers associated with the storage of the user’s EverID Datagram, and encrypts and seals the storage with a special user key created by a mnemonic. For the user to recover their EverID they would need the mnemonic for the special user key, their biometrics, their PIN and password. This conforms to the privacy requirements to allow the user to control, modify, or disable their identity information from being used. The special “delete EverID” logic conforms with the “right to be forgotten” and “right to erasure” requirements of the Data Protection Directive (Directive 95/46/ EC) and General Data Protection Regulation (GDPR EU 2016/679) respectively, as the information is neither indexed by an external entity, nor available on the public Internet. Note that the user that has marked their EverID as inactive also loses access to their EverWallet as the EverID is the security mechanism authorizing access to the EverWallet.


EverID Datagram Features:[edit]

• Layers of the onion nested dataset requiring individual locks to access components.


• The individual components are only queried when the transaction requires it - getting reward points for a movie ticket does not require anything other than the user’s public key to validate enrollment in program, however, a user may need to scan their biometrics to check into a medical office.


• For SDK transactions, the majority of the time the individual’s Biometric Token Array and Demographic Data will be the only pieces of the EverID Datagram queried.


• Enables the individual who owns technology to have and control their data on their devices and on SDK-enabled device, as well as archived on the EverChain blockchain. The EverID Datagram provides for portability of the user data enabling a user’s EverID and EverWallet to be accessible on any device.


• Enables the individual who does NOT own technology to use their EverID Datagram through Agents devices, SDK-enabled devices, from the archived version on the EverChain blockchain.


Institutional Investment Through Transparency[edit]

• Validate User ID - 1 Biometric Capture + PIN = user identity is valid


• Unlock User ID - 2 Biometric Captures + PIN = user identity is valid and access to user demographic data is given


• Medical - 2 Biometric Captures + PIN + Password = user identity is valid and access to user Personal data is given


• Change National ID - 2 Biometric Captures concatenated = user identity is valid and access to user Private data is given


Everest DApps[edit]

The Everest DApp and Everest Agent DApp are both based upon code commonly used to create cryptocurrency wallets for the Ethereum blockchain. Users with their own technology will use the Everest DApp to self-enroll, store and control their EverID directly. The EverID Datagram will be stored locally, with a backup copy in the Everest Supernode IPFS storage array


For those individuals who do not own their own technology, they can become enrolled into Everest by an agent who has a device running the Everest Agent DApp. The user inputs all of the same information as if they were self-enrolling on the Everest DApp, however, they have the assistance of the agent to help them with the scanning and data entry, thus solving technological familiarity and illiteracy challenges. The agent will also teach them how to use their EverID and EverWallet. Everest agents are compensated per-transaction for both validated new enrollments, and the on- going validations against those individuals enrolled.


The system automatically policies rogue Everest agents by analyzing patterns of behavior and flagging unusual behavior. Once alerted, the system will introduce additional checks on that transaction and subsequent transactions. Examples include multiple agents (who don’t know each other) verifying a suspect transaction, introducing a secondary verification by another agent on a suspect agent’s transactions, and finally removing a suspect agent from the system.


Institutional Investment Through Transparency[edit]

Through the Everest API and SDK, the Everest system can integrate with other applications and devices not directly addressed by Everest’s product offering. Hosted in the Everest Supernode is a server instance hosting a RESTful API to the Everest distributed computer.


The Everest Client API is a RESTful interface for building client applications. The capabilities of the API include the following:


• Search for EverID


• Validate, and retrieve EverID


• Create, retrieve, update, and close transactions in EverWallet


The Everest API and SDK are secured by a per-implementation API key and per-partner SDK key.


These two types of keys have a hierarchy, SDK keys have API keys. The SDK requires that the SDK implementation key is embedded in the software of the Public Access Device (PAD) or software application. The API key can be refreshed which enables the prevention of a key hijacking from compromising the system. In the case of a key hijack, a new API key is issued to the partner organization, and through the API Management Portal, updated on uncompromised devices.


SDK implementations, when trying to access the supernodes, are always challenged to provide the correct key pair (SDK and API), and if the API key isn’t correct, or hasn’t been updated, then the node device has been compromised and is automatically blacklisted from the platform. Blacklisted devices will need to be reinitialized with the appropriate SDK key and API key to regain access to the Everest Platform.


The Everest API is secured through a HMAC (hash-based message authentication code) system. Instead of sending over the SDK Implementation Key and API Key, we actually send a hashed version of the keys, together with more session information. In this manner, we are able to secure the API, validate that the message body has not been tampered with, and control the access of disparate devices to the EverID Platform.


Through the API, users are able to interact with their EverID and EverWallet on devices that they don’t own, like, fingerprint-sensor enabled ATMs, or facial-recognition enabled medical tablets. They are also able to use their EverID or EverWallet in apps not provided by Everest for services like biometric unlocking, simple user onboarding (automated KYC/ AML checks), and medical form auto-fill.


Everest Core Smart-contracts[edit]

Using the Solidity smart-contract framework for Ethereum blockchains, Everest is built on top of five main core smart-contracts:


• EverID Creation and Management


• Everest API Validation


• EverChain Transaction


• Everest Remote Management


• Organizational EverID


EverID Creation and Management - the smart contract used to create and evolve an EverID on the platform. This smart contract requires the user’s public key, user’s EverID datagram, the user’s UserName, the user’s Password, and the user’s PIN. This smart contract is written to the EverID ID Blockchain and includes a pointer to the IPFS Storage Array URIs where the user’s EverID Datagram has been stored, a hash of the EverID Datagram for integrity checks, and the creation time as a shared secret.


EverID Validation - the smart contract used to validate EverIDs. Validation requests can come from the Everest DApp, Everest Agent DApp, or Everest API enabled app or device. Validation requests are written to the EverChain Blockchain and requires the user’s public key, a biometric sample, the user’s UserName, and the user’s PIN.


EverChain Transaction - the smart contract used to track identity information use, document sharing and ongoing transactions against a user’s EverID or EverWallet. Transaction requests for sharing medical information from a user’s EverWallet, for example, would record the user’s grant of specific information to another public key address of an individual associated with the user’s medical clinic. Transaction requests are written to the EverChain transaction Blockchain and require the user’s public key, a biometric sample, the user’s PIN and user’s UserName. The information shared, the recipient of the information (through their public key), the length of availability, and the enforcement of that availability are all recorded.


Everest Remote Management - the smart contract used by individuals who do not own their own technology, and are using Agent terminals to manage and update their EverID Datagram or EverWallet. Remote Management requests are written to the EverChain Blockchain and require the user’s public key, two different biometric samples, the user’s PIN, the user’s UserName, and user’s Password.


Organizational EverID - the nature of society is that individuals belong to various organizational entities. They are citizens of a nation-state, they are residents of a city, they are members of a soccer team. All of these organizations may play a role in the Everest system. To provide the ability for these entities to exist in the Everest system, there is a special kind of EverID called an Organizational EverID. organizational EverIDs are created with an Organization EverID smart contract template entered into by at least two EverIDs. This Organizational EverID smart contract has the ability to create an Organizational EverID, which is able to participate in the EverID system as any other EverID.


Additional smart contracts will be added to the system as the need for additional capabilities arise.


Ethereum Permissiond and Layer 2 Blockchains[edit]

The Everest decentralized identity and transaction platforms are both captured and stored in a set of private, permissioned instances of the Enterprise Ethereum blockchain. The Enterprise Ethereum blockchain is an evolution of the shared ledger system underneath the Bitcoin cryptocurrency


These permissioned Enterprise Ethereum blockchains run on a Proof-of-Authority mechanism, consensus of transactions rely on pre-approved “sealer” authority nodes to seal new blocks in the blockchain. More information about the Ethereum Proof-of-Authority protocol, “Clique”, can be found here.


Everest Supernodes[edit]

The Everest platform is decentralized, meaning that it is a distributed system that relies on certain centralized services for coordination and bootstrapping. The Everest infrastructure is operated on a series of supernodes in the Internet network. These supernodes are the host of the centralized services used for coordination of the Everest platform. These centralized services include: private Ethereum blockchains, the IPFS storage array for per-user storage, the Bridge Service to allow individuals to transfer their data from blockchain to Everest DApp instance, the Conduit System to integrate other systems and data, and the API Server to enable transactions from API and SDK-enabled devices.


There is no ability to DDOS the Everest platform as it is decentralized and hosted on private infrastructure. All requests are funneled through queueing regulators to ensure that there is equal access to services and to mitigate any potentially negatively impacting usage or load. Additionally, the ID Token required for most transactions on the platform — discussed in depth later — creates an additional financial disincentive to attempts to flood the network with spurious traffic.


The Filer service takes care of creating EverIDs in the system and creates a mapping between the individual’s UserName, Public Key and PIN. The Filer’s mapping is relied upon for Agents to locate an individual’s EverID Datagram and download it for use. The EverID Validator service takes care of validation requests to the system and is the first step in nearly all transactions on the platform.


Portals[edit]

To enable the control of the Everest platform and allow for access to specific services, three portals will be operated in the Everest Supernode: API Management Portal, Individual Management Portal, and Agent Management Portal. The API Management Portal enables Everest to issue SDK License Keys and API License Keys to participating organizations. It also enables the sharing of development resources to include Everest tools like EverID or EverWallet into software applications or embedded devices.


The Individual Management Portal enables Everest users to access the Bridge System to recover their EverID, in the case of disaster or accident.


The Agent Management Portal enables Everest to issue Agent Keys (similar to an API License Key) which belongs to a hierarchy under an organization’s Master Agent Key


Bridge System[edit]

The bridge system is a special authentication system which, through a series of challenges and biometric checks, ensures that an individual is the owner of their EverID or EverWallet, and should be allowed access to save them to a new Everest DApp instance. This is similar in concept to a “restore from backup” service.


Conduit System[edit]

Through the conduit system, disparate sources of information can be integrated into the EverID user space: allowing individuals to incorporate data from existing systems into their personal EverID. Examples of this inbound information would be national identity registers, healthcare systems, online services, refugee databases, etc.

See Also on BitcoinWiki[edit]

  • http://www.brettonwoods.org/page/about-the-bretton-woods-institutions
  • http://www.europarl.europa.eu/meetdocs/2014_2019/documents/acp/dv/stu549042/stu549042en.pdf
  • https://www.cgdev.org/blog/ten-principles-identification-sustainable-development