Home Overview Distributed Ledgers Future Potential FAQ Test Contact License
The Worldwide Distributed Ledger for Credential Providers will be the corner stone of a system that will provide secure identity for everyone on the planet and protect privacy.
>>> page 1 - page 2 - page 3 -
The Worldwide Distributed Ledger for Credential Providers
A digital credential, signed by a credential provider, can be trusted as long as you have a trusted reference to the credential provider's public key.  This trusted reference will be provide by The Worldwide Distributed Ledger for Credential Providers.
Surprisingly, there is no need to store user credentials or identity data in any type of worldwide data structure.  The integrity of a user's digital credential is determined by the hash codes and signatures that are contained within the credential.  As long as the user keeps his/her private key secure, the user's digital signature provides assurance of the association to user's public key in the credential and the validity of the credential can be established.
There is also no need for a "Trust Authority" to bind a user to his/her identity attributes (and require the "Trust Authority" to manage billions of identities and keys worldwide).  The binding process of a user to his/her identity occurs during the valid institutional process when a credential provider issues a credential.  Identity is completely contextual to the institutional process (i.e, if your banker knows you, your credential will be valid).
This means that the The Worldwide Distributed Ledger for Credential Providers will contain at most a few million entries for credential providers worldwide (banks, other financial institutions, insurance companies, national governments for passports, other government agencies for government programs, state/provincial governments for driver's licenses, educational institutions, etc.).  In terms of data structures, a few million records is an incredibly small data structure.
Remember, an organization can maintain complete control of its authentication process under the Trust Nexus.  Our infrastructure technology can exist as an insulated microcosm within corporations or government agencies.  The Worldwide Distributed Ledger for Credential Providers is only necessary when there is a requirement for third party validation of credentials.
A credential provider's entry into The Worldwide Distributed Ledger for Credential Providers will be a JSON object that will look very similar to a user's digital credential:
credentialProvider =  {
"type":  "CredentialProvider",
"credentialUuid":  "1489328835187-292BA924-EE35-47E0-8AFA-A4C1D418D190",
"activationTimestamp":  "2017-4-24T16:00:00.888Z",
"expirationTimestamp":  "2027-4-24T16:00:00.888Z",
"publicKeyAlgorithm":  "RSA",
"publicKeyModulus":  "4096",
"publicKey":  "30820222300D06092A864886F70D01010105000382020F003082020A0282020100AE5E2380EA50B
5C65FE6EBC136CC8F2AF50B83C21D5236296F7E83EC4BD0F4B083EE1B64E71603F3E8F3FB160FEE5
6F0558ADD63E857263331F38EC6E4CB4554860A83FBC1DFD2CF93E054B898019F670DFB6726F3222
1E5637AA73A4FD193FFDBD6EBC0F054167A5B069899DD7D028B9EDCE35107FF281F00BBC0F258DC6
BA391DB8296FF664A8A30A820D4DE9109CC32602D5374D18F96C52F62FCFAD1A64CFDB67F814F42B
9CCDF0C10F58D2A553E78F4C4EC9DC42E1EBDF1D7B86CEC85111D8FA6E5DCF5913220E8D4BC99A34
F1400882C87EAD9AF06106EC2E57F73306F89BB1EA4F471F02DF6D16BB72123F9D0B7FD4A95E342B
B9113BAF6A13CABABF382B90AD58C3514811FA18F552A7CC05D39BB6CE98392BD34DD7E9AD360287
5F0B75C43F61A49EB999788AB35495C91EEBA3BD026EA6E4ADD26B00C8E83DDD603E0018AD71AFA0
4E04155977BC196C08061134CE2F886A0722751F4BCF7956EFDD707978EEFF575BBE81C689C6E9DF
C856545E578F45A4D272E3A6527A53F5AC4F3E7B37E5652C1CB483E8BBC98F01CE0395B1B0186211
10D0CEB54C1D3F37E5D97EB35769702CD20122904E3A1323D44A388F6A647D0E4337EEF0E0203422
9A9CEDFBFFEEA6733DDCAD38A340B9792CDDD4D7DCBCAFD525C66C91BA1A578619B4FCE4A306A3DE
3212AEA35508807EE65831E418840563A1189A7438A15FDEC50203010001E",
"credentialData":  [{
"name":  "World Community Bank",
"infoUrl":  "https://www.worldcommunitybank.com/retrieveCredentialProviderInfo.action",
"restServicesUrl":  "https://www.worldcommunitybank.com/retrieveCredentialProviderRestServ.action",
}],
"credentialAuthority":  "1489341266952-D9C70201-F8FC-4B46-A3F6-02F2E0CA6990",
"credentialAuthoritySignatureAlgorithm":  "SHA512withRSA",
"credentialAuthoritySecureHashAlgorithm":  "SHA-512",
"credentialAuthorityHash":  "97F5CD6108296C390584F15CC56CBE0A9B029054732001B8AB7F6D6C7270954AEFD8DAFE2710E15
87899ED12433C40713B1899F030D8CD9939BB3507D68A414D",
"credentialAuthoritySignedHash":  "400B36889911224B5EB53D4F73A1701C314C1A80402AA99EA39F0E21389B5C78ACDACD6FCB9A29D
A2349F1CBE26DCAEAF53B3FCF514D2192D1268640B47B50EABE65A904E4DEAA2A2E7F26604A1C9BE
BD7B87681286AC44009256D0B4182E678565A0F1639437D2611A9834BCDB86E49622136102251C34
09E79176F89486E599CEEB3BD9CECB20F6759748BE0769D2539DA0E8D087F3EE1B71B312FAFA76E2
AB716F462243EC1FA00809FB8C7A0DA5F1CA8B677711843169D6307BD711D64D058F11256729160C
62C865D28A3A3A2335349DBFE31A6ACBB21C1FCC08B9EF47AF1290600E771FB9C7602CBF603D60CE
CD8D5703BE94F8B68D925EEF31AAC629D45203E667AF849A6E464C85C40C38187FE32905D3EFC639
5E17A104F0F9BBAD937475235CD0CE0BBC8F94BC32D05017E66533296BA85E8932D4865CFB8A5499
D6284B8D0484469FB71D7208FF42038C5E5CA4155A21943F5162AB93AD1315725F12504EBE41E07D
70C92FB50FFEB119A876691F3A7A3D95FA63CC232A9D1DE0EEB78CAB4D635EB4BEA2F2582B27DC45
CF30F02C662295ECCD1A021AA44AD339B99A717D4ED98EE8B04B0E9EDB9864F3D61938285E6B0D31
23DB94E4E67E9282B225013D87A82A51F74446FD832953EC74FD239CCDE39110493126036062FF8B
9DF4744E988C4B1C6CF2FCBDAE6570956F145DB12B79BFB991E8389FC92347A97"
"infrastrucutureProvider":  "1485015615033-DBE0D9E5-5473-4CF3-9FE6-EC22BF8162A2",
"infrastrucutureProviderSignatureAlgorithm":  "SHA512withRSA",
"infrastrucutureProviderSecureHashAlgorithm":  "SHA-512",
"infrastrucutureProviderHash":  "F12DDE54D3F1D1DE3E137666A1B61B4ACB199E9181A5B1CF984D02019EBBEE5DD36BC7ECB5805A3
C5E114E31E926D13A352770DF3DB6558E9F6A7AA0C36838DF",
"infrastrucutureProviderSignedHash":  "4787AF41ACBA4217DA821759C67D2862804FDAE44AEEE3BE4B514449B8A074A2680A0D33A4D71E5
D0583BC9F4BC15A46122E0B677322DF4188C8EE9D2E6CE4E5905A128342A251B669B7F0E0DD0386C
6CF44EEDB63116A6BA2633C0B20257B2775F8080BD9DE19E4EF6A3C2D69BEAE7E145C668429E1765
E10619E878D825F4F807D289A971C62C98DF73B9BBA61920D96EDC32A86CEBC2B43528313DF5259E
EE0908E1FB5A351D511940DCC7F026E2B3064BB365857B20C417EF9AE6E8ADFC0A42C5B5FDDFE495
60721269864E3463A1B56032FB9A8E190A939DF25939CE6577BA8E307F22B61A25DF7D079BB346C8
7906C102CDA66E028BCFE2A10F218345E278EF9B6A9E618658246CADF5876E2AD50E02302D8CCEE7
B2F49E6457C8E7399B5759892E9CFA4032A98F522BA65A26652B14F6815AA014C03EA08CE18305E2
FE8A74452515E77CAA13C6A97C27425F3136DB2FCC2C9B539E8F1CE3F83B2466E0E5BF832B4E8B07
E0DF087267E8F07D1EF44304F33C99B6F920EE52F27374FED21A71E82BF99C0D9DC564BD48208E4E
5B3D662706859F6857041AA3E52E1558D2FC1582C868BAEDFC484F59C0E7B6161D0B73C8C8C0F48E
A72E989D4A1344C26ADEFA4A6904066CAB4EB0D48DFD1CB67E77AA1E7174927287FEB59C2DEEE7DF
04E0F16161D02D63B94BE7D9F080344B2E7AEE7DAE129C0B5FB711BFE08F9D7FB"}
A credentialAuthority is a specific regulatory body that has power over credentialProviders and can verify the legitimacy of credentialProviders.  For example, The Federal Reserve Board would be the credentialAuthority for most banks in the United States.  The European Banking Authority would be the credentialAuthority for most banks in the European Union.
In The Worldwide Distributed Ledger for Credential Providers the Trust Nexus will verify the legitimacy of credentialAuthorities and governmental agencies (e.g., federal agencies for digital passports, state/provincial agencies for digital driver's licenses, etc.).  If a credentialProvider receives a stamp of approval from a credentialAuthority and that stamp is verified by the infrastrucutureProvider (i.e., the Trust Nexus) everyone on the planet will be able to trust the digital credentials issued by the credentialProvider.
A credential authority's entry into The Worldwide Distributed Ledger for Credential Providers will be a JSON object that will look very similar to a user's digital credential:
credentialAuthority =  {
"type":  "CredentialAuthority",
"credentialUuid":  "1489341266952-D9C70201-F8FC-4B46-A3F6-02F2E0CA6990",
"activationTimestamp":  "2017-2-24T16:00:00.888Z",
"expirationTimestamp":  "2027-2-24T16:00:00.888Z",
"publicKeyAlgorithm":  "RSA",
"publicKeyModulus":  "4096",
"publicKey":  "30820222300D06092A864886F70D01010105000382020F003082020A0282020100A7289F64C41F69
C46EB5C48F44935975AC1B29455556CF584A807A210E11917D1FA57300CA6F4134A3523F3FB341725
210443BDF5FBF5161C5B51AA058DE0310E89D562465254C42685144E72A9AD7FCE069774F69465428
095412F742B60811EE05E1BB8A577FD8E4C76DC3D320D5A2A0B7270C62BAB7C60E825FEA297CB8167
A731EA51014D2E8D5A29A71BC238304455102F4793D470A96F933DE4D27A98797DCCA10CCED5802FD
2177C947B548B68616457C1CB1E23DC39BA485F69BD6B8A2AA5B8BB7FEEB31525E1D00CA9B260C91E
5C17F679975C1B8BB8E21AAA9DD2118CD243F42CB71D7E9781DE2B3D6B6EA498B87C12CBD3DBE7EFE
A616F1CA00AA2194A8A1EDD962245246DEB321CDCDCB9292DCFAE9F15167F3BC43C5B7DD8CD5CDE15
7E379619FBCD31F357E260A4203317440A8438B6A8954A992A21EBB3FFA9CC31AB96BE43CF3FD429A
FECB40621F20139067EFE15CF82CAAFB0EAAD3C37F87AFE6AF93B6E36C44D19049A4B8D4842083081
E5EC42C57F7D39A2D2C7216A37A9932775F2A44A93A6CEFCC665FFBC9C0AFA089485A228257E13414
8B60F1BCEB6FBF785DF86CA3A59074D505B6040427F39646FC7C8F22CE326F8DDFDFF268DDAC8B375
2BADFE2F2A759AD82F8B70AD688D348ACCCBBCFB827B8B9CE0E57C522068DC11D201F75A3456BC96F
25AEDE324B26B47599C65EF3473BE7233F95490203010001",
"credentialData":  [{
"name":  "European Banking Authority",
"infoUrl":  "https://www.eba.europa.eu/retrieveCredentialAuthorityInfo.action",
"restServicesUrl":  "https://www.eba.europa.eu/retrieveCredentialAuthorityRestServices.action",
}],
"infrastrucutureProvider":  "1485015615033-DBE0D9E5-5473-4CF3-9FE6-EC22BF8162A2",
"infrastrucutureProviderSignatureAlgorithm":  "SHA512withRSA",
"infrastrucutureProviderSecureHashAlgorithm":  "SHA-512",
"infrastrucutureProviderHash":  "BA67D56B9CC104E8D3DCF6EEA18F8B81FD93A56F1F2C9FE8E730924EDE98BB479C8FA859F93D2EB0
2579909A516CEA5A814F2AF9CADAC228929BC82D98C40B83",
"infrastrucutureProviderSignedHash":  "7EF84FE815912BD70087659D71110B739DDFD06A80527FF2C84CA6A04663D73CBB390573F832FCA6
B363A08C68D38525F8420D1ECE73D2EF96D8787D26EB66917E6397FB25D0E0C7ED235E191B6026161
CB59B6B148A9B944042FE046757182BF08C48D98AB6CEA25E3172ED22F2D62F31D4ABFDACE0E19BEB
5C791500C5F7ACA3F389EAB0A51B7CB5610C1C282919A728B871FA0B3BB63F6A3666EB9D18E29D8FF
3A29D898D39621B2BAF07E305B033DC8FDEE9FE3AE66F60ACE073E3E23D509CDEAD291E558F329568
051DE1E49AED208D0AE7F05AE4699C53E38845551DCA868C1F48F317115FA7DC55D1EC86E59D2CE21
018D417F5E1073096D3810982F1E0992AB4230D4FAEA7FD0D86CC369D02B859FADF77A3C9CD5C7ADE
876B07F8F6DD3A78B00F86C45AABBD549B32CEF782487AAC14FC506F632EE2CF55FF6AAD224DBA5E4
CE486EF531D87A0BD9095020CD27BD156CF1B2DC87776F86BAF06B4BFEAECE285C58955F7EE64DA60
3C840CFB586EC017CF5A07477CCA410A58EEF05FE269094921EDEC5AE2A8461D2CBBA5E2280732C22
7BB5895D329204A9ACD105FCF6AFAE7F84BC78F7722D1CB8364FFDBB91401D3B97E42B1FC8744F3D6
92A691384B6EA48D608DE4E3CC73EA39EC6D223C50D7B7BE784BC5B6DEF1526E3D8D957F874CBAC5C
F5BE8C8AAFCFA9306A09E6B32DA6B71964579BE607E920C1775F0"}
There will be a single infrastrucutureProvider (i.e., the Trust Nexus) within the system.  The infrastrucutureProvider's credential will be "self-signed" similar to the root authority in a PKI system.
infrastructureProvider =  {
"type":  "InfrastructureProvider",
"credentialUuid":  "1489341266952-D9C70201-F8FC-4B46-A3F6-02F2E0CA6990",
"activationTimestamp":  "2017-2-24T16:00:00.888Z",
"expirationTimestamp":  "2027-2-24T16:00:00.888Z",
"publicKeyAlgorithm":  "RSA",
"publicKeyModulus":  "4096",
"publicKey":  "30820222300D06092A864886F70D01010105000382020F003082020A0282020100A7289F64C41F69
C46EB5C48F44935975AC1B29455556CF584A807A210E11917D1FA57300CA6F4134A3523F3FB341725
210443BDF5FBF5161C5B51AA058DE0310E89D562465254C42685144E72A9AD7FCE069774F69465428
095412F742B60811EE05E1BB8A577FD8E4C76DC3D320D5A2A0B7270C62BAB7C60E825FEA297CB8167
A731EA51014D2E8D5A29A71BC238304455102F4793D470A96F933DE4D27A98797DCCA10CCED5802FD
2177C947B548B68616457C1CB1E23DC39BA485F69BD6B8A2AA5B8BB7FEEB31525E1D00CA9B260C91E
5C17F679975C1B8BB8E21AAA9DD2118CD243F42CB71D7E9781DE2B3D6B6EA498B87C12CBD3DBE7EFE
A616F1CA00AA2194A8A1EDD962245246DEB321CDCDCB9292DCFAE9F15167F3BC43C5B7DD8CD5CDE15
7E379619FBCD31F357E260A4203317440A8438B6A8954A992A21EBB3FFA9CC31AB96BE43CF3FD429A
FECB40621F20139067EFE15CF82CAAFB0EAAD3C37F87AFE6AF93B6E36C44D19049A4B8D4842083081
E5EC42C57F7D39A2D2C7216A37A9932775F2A44A93A6CEFCC665FFBC9C0AFA089485A228257E13414
8B60F1BCEB6FBF785DF86CA3A59074D505B6040427F39646FC7C8F22CE326F8DDFDFF268DDAC8B375
2BADFE2F2A759AD82F8B70AD688D348ACCCBBCFB827B8B9CE0E57C522068DC11D201F75A3456BC96F
25AEDE324B26B47599C65EF3473BE7233F95490203010001",
"credentialData":  [{
"name":  "Trust Nexus",
"infoUrl":  "https://www.tnxsecure.com/retrieveInfrastructureProviderInfo.action",
"restServicesUrl":  "https://www.tnxsecure.com/retrieveInfrastructureProviderRestServices.action",
}],
"infrastrucutureProvider":  "1489341266952-D9C70201-F8FC-4B46-A3F6-02F2E0CA6990",
"infrastrucutureProviderSignatureAlgorithm":  "SHA512withRSA",
"infrastrucutureProviderSecureHashAlgorithm":  "SHA-512",
"infrastrucutureProviderHash":  "BA67D56B9CC104E8D3DCF6EEA18F8B81FD93A56F1F2C9FE8E730924EDE98BB479C8FA859F93D2EB0
2579909A516CEA5A814F2AF9CADAC228929BC82D98C40B83",
"infrastrucutureProviderSignedHash":  "7EF84FE815912BD70087659D71110B739DDFD06A80527FF2C84CA6A04663D73CBB390573F832FCA6
B363A08C68D38525F8420D1ECE73D2EF96D8787D26EB66917E6397FB25D0E0C7ED235E191B6026161
CB59B6B148A9B944042FE046757182BF08C48D98AB6CEA25E3172ED22F2D62F31D4ABFDACE0E19BEB
5C791500C5F7ACA3F389EAB0A51B7CB5610C1C282919A728B871FA0B3BB63F6A3666EB9D18E29D8FF
3A29D898D39621B2BAF07E305B033DC8FDEE9FE3AE66F60ACE073E3E23D509CDEAD291E558F329568
051DE1E49AED208D0AE7F05AE4699C53E38845551DCA868C1F48F317115FA7DC55D1EC86E59D2CE21
018D417F5E1073096D3810982F1E0992AB4230D4FAEA7FD0D86CC369D02B859FADF77A3C9CD5C7ADE
876B07F8F6DD3A78B00F86C45AABBD549B32CEF782487AAC14FC506F632EE2CF55FF6AAD224DBA5E4
CE486EF531D87A0BD9095020CD27BD156CF1B2DC87776F86BAF06B4BFEAECE285C58955F7EE64DA60
3C840CFB586EC017CF5A07477CCA410A58EEF05FE269094921EDEC5AE2A8461D2CBBA5E2280732C22
7BB5895D329204A9ACD105FCF6AFAE7F84BC78F7722D1CB8364FFDBB91401D3B97E42B1FC8744F3D6
92A691384B6EA48D608DE4E3CC73EA39EC6D223C50D7B7BE784BC5B6DEF1526E3D8D957F874CBAC5C
F5BE8C8AAFCFA9306A09E6B32DA6B71964579BE607E920C1775F0"}
The Worldwide Distributed Ledger for Credential Providers will be distributed to all interested parties with immediate incremental updates and a complete ledger will be distributed on a daily basis.  Our expectation is that every major cloud based infrastructure will run services based on The Worldwide Distributed Ledger for Credential Providers.
What Could Go Wrong?
Given the regulatory process for establishing a bank, it is unlikely that a completely fraudulent company would be able to gain regulatory approval and establish themselves as a bank and a legitimate credentialProvider within the The Worldwide Distributed Ledger for Credential Providers.  Trust and established regulatory processes that maintain that trust are the reasons why banks will always be the focal point of financial processes.
Once you have established a digital credential with a trusted bank within the Trust Nexus, even if a bad actor can gain access to all your personal identity information (SSAN, DOB, financial account number, etc.) they would not be able to create a false digital credential and gain access to your account.  Unless they have your private key and your bank's private key bad actors cannot replicate your digital credential.
The only legitimate attack vector against a digital credential within the Trust Nexus occurs when a bad actor looks over your shoulder, steals your six digit hex pin and then steals and utilizes your mobile device before you can report it lost or stolen.
But what if someone got an email list of all the members in your local Rotary Club, created a website and established themselves as a credentialProvider within the The Worldwide Distributed Ledger for Credential Providers and then solicited your members to join their fraudulent version of your organization, perhaps to solicit donations.  All fraudulent schemes eventually unwind and the perpetrators are exposed.  If this actually did happen to your local Rotary Club, the leadership of your club would establish a better process for issuing legitimate credentials in the future.  Perhaps a credentialAuthority will emerge that will verify the legitimacy of non-profit organizations.
At one time, malware that can read into the memory space of another application was becoming a major issue for mobile applications.  Both Google and Apple have made significant strides in preventing malware from being installed on your mobile device, especially if you download your apps from Google Play or the Apple App Store.  If you click on an e-mail link for a free copy of Angry Birds from an Elbonian website, you will get what you deserve.
The Future is now.
Once The Worldwide Distributed Ledger for Credential Providers has been established, shared distributed ledgers running on trusted permission networks will become elegant and efficient.  With the understanding that the structure of the digital ledger will vary depending on the purpose being served, the Trust Nexus has created a template for a "Foundation Digital Ledger" and the associated server code to manage secure interactions with the ledger.
Shared distributed ledgers may truly become a transformational technology that will exceed all initial expectations.  It is possible to create a, cryptographically secure shared source of truth where all participants are trusted, privacy is maintained and all participants are instantaneously notified of changes.  While there is a great deal of hype surrounding blockchains and distributed ledgers, it would be unwise for anyone to underestimate the potential.
"The telephone is so named by its inventor A.G. Bell. He believes that one day they will be installed in every residence and place of business.  Bell's profession is that of a voice teacher.  Yet he claims to have discovered an instrument of great practical value in communication which has been overlooked by thousands of workers who have spent years in the field."
"Bell's proposals to place his instrument in almost every home and business place is fantastic.  The central exchange alone would represent a huge outlay in real estate and buildings, to say nothing of the electrical equipment.  In conclusion, the committee feels that it must advise against any investments in Bell's scheme.  We do not doubt that it will find users in special circumstances, but any development of the kind and scale which Bell so fondly imagines is utterly out of the question."
~ From the minutes of the 1876 meeting in which Western Union considered a proposal by Bell to sell all rights to the telephone for a mere $100,000.[ref] ~
>>> page 1 - page 2 - page 3 -
© Copyright 2017 ~ Trust Nexus, Inc.
All technologies described here in are "Patent Pending".