South China Morning Post
Advertisement
Advertisement
Blockchain
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
A new project in China uses real-name verification and public keys published on a blockchain to create a digital ID that citizens can use across platforms without revealing personal information. Photo: Shutterstock
TechPolicy

Blockchain-managed IDs arrive in China with new government-backed scheme aiming to reduce data leaks

  • A new system from China’s Blockchain-based Service Network and the Ministry of Public Security uses real-name verification for cryptographic keys
  • The RealDID system, meant to keep identifying information only in the hands of the government, is expected to issue 5 million IDs through 2024
Blockchain
Xinmei Shen
Matt Haldane
Xinmei ShenandMatt Haldane
Why you can trust SCMP

China is set to start experimenting with a real-name verification system based on blockchain, which authorities say will allow internet users to log into online platforms without using their personal information such as phone numbers.

China’s state-backed Blockchain-based Service Network (BSN) and the Ministry of Public Security’s First Research Institute together launched the Real-Name Decentralised Identifier (RealDID) system on Tuesday. The event was also attended by officials from the National Development and Reform Commission and the National Data Administration.

Anicert, a subsidiary of the research institute, will be responsible for issuing, managing and verifying user identities through its Cyber Trusted Identity (CTID), which is already used by banks and other institutions to verify Chinese identities.

Red Date Technology CEO He Yifan introduces how RealDID works with the Blockchain-based Service Network during the launch event for the digital identification system on December 12, 2023. Photo: YouTube / BSN Base

The new project aims to eventually cover all 1.4 billion Chinese citizens, but BSN has acknowledged that ramping up will be slow. It expects to issue 5 million RealDIDs over the next year across different pilot projects, BSN said in a blog post on Wednesday.

While public keys are managed and accessible on BSN China’s blockchain Yanan Chain, RealDID operates solely within China, similar to the bifurcated approach that BSN has taken with other projects. It is not accessible to internet protocol (IP) addresses outside the mainland, according to BSN.

BSN China operates separately from the international organisation and is a collaboration with state-owned enterprises China Mobile and China UnionPay. Red Date, the technological architect of the BSN, also keeps operations between the mainland and Hong Kong separate.

Red Date Hong Kong and the recently announced BSN Foundation, based in Singapore, have sought to distance themselves from China. BSN and Red Date were recently targeted by name in US legislation seeking block government use of China-linked blockchains.

The new system works by using public key infrastructure (PKI), allowing users to store public cryptographic keys in a RealDID document published on Yanan Chain after real-name verification by the CTID system. This involves a “three-factor verification process” that checks a user’s government ID, legal name and facial recognition, according to the BSN website.

Once verified, users can create as many public-private key pairs as they would like to be used across separate platforms, where they log in with an anonymised DID address. Keys can also be used to sign files, leaving a watermark that proves the file’s origin, according to BSN.

Since personal information is stored by the “national regulatory organisation”, the government has access to user identities if needed, but companies will not see that information. Chinese law requires that online accounts be tied to some form of real-name identification, typically a phone number today. Using public encryption would obviate the need to give out even that bit of personal information to platform operators.

Another common practice of asking users to sign in with a social media account such as WeChat – which is itself tied to a phone number – “leads to a high degree of monopolisation of data traffic resources by large internet platforms, resulting in more severe data leaks”, Yang Lin, an official at the security ministry’s research institute, said at the launch event.

“Privacy breaches have increasingly contributed to profitable activities such as online scams and cybercrime,” she added.

“In the digital era, a vast amount of personal privacy data, including identity information, location information, and communication information, is stored in various applications on the internet,” BSN said in Wednesday’s blog post. “Establishing a robust mechanism for protecting personal privacy data is a fundamental requirement and an inevitable trend for the next step of internet development.”

He Yifan, founder and CEO of Red Date, said during the launch event that “encryption methods will be provided to individuals, allowing them to have control over their data and decide who can access it”.

Anticipating criticism of government access to personal data, He said authenticating users is a government function by necessity. “Whether you are in the US, Europe or anywhere else … you need a government-issued ID with a photo to board a plane,” he said in his speech.

While the project has no ties to government efforts to commercialise data through exchanges on the mainland, comments from officials suggested it could be used to protect user data in such a use case.

“[RealDID] mainly provides compliant circulation of personal data between institutions, enabling secure and compliant release of the value of our data elements,” the security ministry’s Yang said. “This can promote business collaboration, data sharing, and compliant authorised use of personal data.”

2