Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday October 28 2019, @12:13PM   Printer-friendly
from the chained-up dept.

Submitted via IRC for soylent_red

Zamna raises $5M to automate airport security checks between agencies using blockchain

When VChain-now-Zamna first appeared, I must admit I was confused. Using blockchain to verify passenger data seemed like a hammer to crack a nut. But it turns out to have some surprisingly useful applications.

The idea is to use it to verify and connect the passenger data sets which are currently silo-ed between airlines, governments and security agencies. By doing this, says Zamna, you can reduce the need for manual or other checks by up to 90 percent. If that's the case, then it's quite a leap in efficiency.

In theory, as more passenger identities are verified digitally over time and shared securely between parties, using a blockchain in the middle to maintain data security and passenger privacy, the airport security process could become virtually seamless and allow passengers to sail through airports without needing physical documentation or repeated ID checks. Sounds good to me.

Zamna says its proprietary Advance Passenger Information (API) validation platform for biographic and biometric data, is already being deployed by some airlines and immigration authorities. It recently started working with Emirates Airline and the UAE's General Directorate of Residency and Foreigners (GDRFA) to deliver check-in and transit checks.

Here's how it works: Zamna's platform is built on algorithms that check the accuracy of Advanced Passenger Information or biometric data, without having to share any of that data with third parties, because it attaches an anonymous token to the already verified data. Airlines, airports and governments can then access that secure, immutable and distributed network of validated tokens without having actually needing to ‘see’ the data an agency, or competing airline, holds. Zamna's technology can then be used by any of these parties to validate passengers’ biographic and biometric data, using cryptography to check you are who you say you are.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Runaway1956 on Monday October 28 2019, @12:26PM (7 children)

    by Runaway1956 (2926) Subscriber Badge on Monday October 28 2019, @12:26PM (#912752) Journal

    Another buzzword used to sell another hare-brained scheme?

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2, Interesting) by Anonymous Coward on Monday October 28 2019, @01:07PM (3 children)

    by Anonymous Coward on Monday October 28 2019, @01:07PM (#912765)

    No, it's not a buzzword in this case. It's being used correctly. Replace the term "passenger" with "website" and imagine this being used to validate DNS records. It's essentially the same concept. You need to keep in mind that despite all the hooplah a blockchain is nothing more than a database with certain cryptographic guarantees as to data integrity. This is handy any time you need to federate with parties that you don't necessarily trust.

    What makes a blockchain superior over a private DB in this case is that all the information is public and you can use multiple sources to verify integrity, furthermore cryptographic signature chains validate chain of custody and changes to data.

    So how do you store private information in a public blockchain and yet maintain privacy?
    You store the hash of the data + some seed.

    For instance to validate your name is "John Doe" just have the notary hash "John Doe"+"your pubkey" and store it in a field called "passenger_name" when creating / inputting your record.

    Now all you need to do to validate yourself is to supply your name and your pubkey, then sign the resulting hash (proving you have the corresponding private key). It becomes trivial to store any other information this way.

    I use a similar technique in a trustless password manager I built. The owner doesn't even need to know their own information, it's all stored encrypted on the blockchain and they can access it any time they like.

    Done correctly it's a good use for a blockchain.

    The only issue I see here is that there would be a huge target for crackers to steal keys, but even this can mitigated by keeping the private key offline, perhaps inside the secure enclave of a smartcard. Since smartcards are already used for ID purposes, it shouldn't be much of a jump. Finding smartcards capable of ECDSA or EDDSA might be difficult though.

    • (Score: 2, Insightful) by Anonymous Coward on Monday October 28 2019, @01:13PM (1 child)

      by Anonymous Coward on Monday October 28 2019, @01:13PM (#912766)

      Yeah, I can just see my 84-year old father supplying his pubkey and signing the resulting hash.

      • (Score: 0) by Anonymous Coward on Monday October 28 2019, @04:54PM

        by Anonymous Coward on Monday October 28 2019, @04:54PM (#912885)

        Yeah I'm pretty sure your 84 year old grandfather could never use a tap to pay credit card, nor know how to insert his card into a card reader. amirite?
        Because that's exactly how a system like this would likely work.

    • (Score: 4, Interesting) by Rosco P. Coltrane on Monday October 28 2019, @01:29PM

      by Rosco P. Coltrane (4757) on Monday October 28 2019, @01:29PM (#912779)

      It might be a valid case of blockchains. But look at the context :

      1/ An obscure company nobody have heard or cares about changes name...
      2/ ... talks about applying blockchains...
      3/ ... to sell airport security products

      That's 3 good reasons to smell BS from a mile away.

      Now if this is legit, this company has an uphill struggle to convince those in the know for those 3 reasons.

  • (Score: 2) by JoeMerchant on Monday October 28 2019, @01:14PM

    by JoeMerchant (3937) on Monday October 28 2019, @01:14PM (#912767)

    True:

    Zamna's technology can then be used by any of these parties to validate passengers’ biographic and biometric data

    True until somebody leaks something, then false forever:

    without having to share any of that data with third parties, because it attaches an anonymous token to the already verified data. Airlines, airports and governments can then access that secure, immutable and distributed network of validated tokens without having actually needing to ‘see’ the data an agency, or competing airline, holds.

    --
    🌻🌻 [google.com]
  • (Score: 0) by Anonymous Coward on Monday October 28 2019, @01:18PM (1 child)

    by Anonymous Coward on Monday October 28 2019, @01:18PM (#912771)

    Chain of Trust for authentication. This provides what should be immutable end to end validation of a use, and an audit trail for when someone 'illegal' makes it through so they can do a postmortem and discover who dropped the ball. If everything, including the source identity data is on WORM hardware, then this will ensure perfect recordkeeping outside of source material/clerical error.

    • (Score: 3, Interesting) by aiwarrior on Monday October 28 2019, @01:26PM

      by aiwarrior (1812) on Monday October 28 2019, @01:26PM (#912777) Journal

      Exactly. You can replace a clerical one time error, with a clerical error that can affect all the database or validity of the data gathered up to then. More, you ensure that there is one single target to hit if you want free passage.

      How is there a chain of trust if the algorithms that validate the token are all sourced from one single place? From what i see the trust is basically running a counter on every time the person was real, but the source of that counter is always the same. This is no chain of trust, unless airlines/borders could have their own independent validation being fed into the system. But then if you need to run verification yourself you might as well not need the system. That is my understanding at least.