SoylentNews is people
SoylentNews
Submitted via IRC for soylent_red
Zamna raises $5M to automate airport security checks between agencies using blockchain
When VChain-now-Zamna first appeared, I must admit I was confused. Using blockchain to verify passenger data seemed like a hammer to crack a nut. But it turns out to have some surprisingly useful applications.
The idea is to use it to verify and connect the passenger data sets which are currently silo-ed between airlines, governments and security agencies. By doing this, says Zamna, you can reduce the need for manual or other checks by up to 90 percent. If that's the case, then it's quite a leap in efficiency.
In theory, as more passenger identities are verified digitally over time and shared securely between parties, using a blockchain in the middle to maintain data security and passenger privacy, the airport security process could become virtually seamless and allow passengers to sail through airports without needing physical documentation or repeated ID checks. Sounds good to me.
Zamna says its proprietary Advance Passenger Information (API) validation platform for biographic and biometric data, is already being deployed by some airlines and immigration authorities. It recently started working with Emirates Airline and the UAE's General Directorate of Residency and Foreigners (GDRFA) to deliver check-in and transit checks.
Here's how it works: Zamna's platform is built on algorithms that check the accuracy of Advanced Passenger Information or biometric data, without having to share any of that data with third parties, because it attaches an anonymous token to the already verified data. Airlines, airports and governments can then access that secure, immutable and distributed network of validated tokens without having actually needing to ‘see’ the data an agency, or competing airline, holds. Zamna's technology can then be used by any of these parties to validate passengers’ biographic and biometric data, using cryptography to check you are who you say you are.
(Score: 2, Interesting) by Anonymous Coward on Monday October 28 2019, @01:07PM (3 children)
No, it's not a buzzword in this case. It's being used correctly. Replace the term "passenger" with "website" and imagine this being used to validate DNS records. It's essentially the same concept. You need to keep in mind that despite all the hooplah a blockchain is nothing more than a database with certain cryptographic guarantees as to data integrity. This is handy any time you need to federate with parties that you don't necessarily trust.
What makes a blockchain superior over a private DB in this case is that all the information is public and you can use multiple sources to verify integrity, furthermore cryptographic signature chains validate chain of custody and changes to data.
So how do you store private information in a public blockchain and yet maintain privacy?
You store the hash of the data + some seed.
For instance to validate your name is "John Doe" just have the notary hash "John Doe"+"your pubkey" and store it in a field called "passenger_name" when creating / inputting your record.
Now all you need to do to validate yourself is to supply your name and your pubkey, then sign the resulting hash (proving you have the corresponding private key). It becomes trivial to store any other information this way.
I use a similar technique in a trustless password manager I built. The owner doesn't even need to know their own information, it's all stored encrypted on the blockchain and they can access it any time they like.
Done correctly it's a good use for a blockchain.
The only issue I see here is that there would be a huge target for crackers to steal keys, but even this can mitigated by keeping the private key offline, perhaps inside the secure enclave of a smartcard. Since smartcards are already used for ID purposes, it shouldn't be much of a jump. Finding smartcards capable of ECDSA or EDDSA might be difficult though.
(Score: 2, Insightful) by Anonymous Coward on Monday October 28 2019, @01:13PM (1 child)
Yeah, I can just see my 84-year old father supplying his pubkey and signing the resulting hash.
(Score: 0) by Anonymous Coward on Monday October 28 2019, @04:54PM
Yeah I'm pretty sure your 84 year old grandfather could never use a tap to pay credit card, nor know how to insert his card into a card reader. amirite?
Because that's exactly how a system like this would likely work.
(Score: 4, Interesting) by Rosco P. Coltrane on Monday October 28 2019, @01:29PM
It might be a valid case of blockchains. But look at the context :
1/ An obscure company nobody have heard or cares about changes name...
2/ ... talks about applying blockchains...
3/ ... to sell airport security products
That's 3 good reasons to smell BS from a mile away.
Now if this is legit, this company has an uphill struggle to convince those in the know for those 3 reasons.