Violet is building customizable identity management infrastructure – in service of our broader mission to evolve trust in web3. Our first product is on-chain compliance rails for DeFi. We work at the nexus of web3 identity, and today we are excited to introduce a new identity primitive: Humanbound Tokens (HBT).
HBTs are tokens that are connected to a unique identity. In this primitive, identity properties are available off-chain and continuity is guaranteed through robust Humanbound authentication. This interpretation of web3 identity combines individuality and context, producing a composable yet unique primitive capable of use across a wide ecosystem.
Debates on identity are routine, specifically “Soulbound Tokens” (SBT) have been a recent center of attention. SBTs are an important innovation, yet they fall short by being tied only to an account as opposed to an identity. More on how we think HBTs improve on SBTs here.
Head here for Humanbound Docs to read up on implementation details, and how data is encrypted, processed and stored.
The HBT design is simple: we mint tokens bound to an account upon identity verification and make sure that the account remains bound to this identity. The second step is critical – it introduces the concept of authenticated transactions to ensure continuity of identity.
Identity data is encrypted and stored securely off-chain. Moreover, it is expressed in verifiable credentials (VC), ensuring composability with other applications built using the same standard. This makes HBT the first simple, privacy preserving off-chain identity representation for web3, and we hope it can evolve into the first widespread usage of VCs.
There are many reasons to be excited about HBTs:
Proof of personhood to build sybil resistant governance mechanisms or airdrops
Secure DAO contributor payments
NFT artist verification to increase buyer safety
Compliant identities in DeFi to grow regulatory trust and engage institutional liquidity
To achieve their purpose, HBTs must be tied to strong authentication. Generally, strong authentication is considered to require at least two out of three categories: 1) knowledge - something you know such as a password, 2) inherence - something you are such as your fingerprints, or 3) possession - something you own such as your mobile phone. Hence the process of getting an HBT is as follows:
Successful wallet authentication and subsequent identity verification actives minting of an ERC721 into a user wallet
Enrolment of second factor authentication ensures identity continuity and going forward is required to e.g. make changes to the identity data. Initially, this is an SMS OTP
Here is how you can get your Humanbound Token:
Authenticate wallet ownership on Humanbound.xyz
Verify your phone number to enroll as your second factor authentication method, tying your authenticated wallet to your identity
Verify your identity by validating your identification documents and completing liveness detection with our identity verification partner Persona
Mint HBT on the network of your choice. We cover gas fees. This token is the on-chain representation of your identity; importantly it does not hold or reveal any personal data
Data collected in the initial identity verification is only processed and not stored by Persona (including audit logs). Instead, Violet takes custody of the data, which is stored off-chain via Privy. Balancing data reusability and privacy is core to Violet and Privy handles data storage, encryption and access control. Using Privy enables a third party to ensure that user data handled by Violet is always encrypted end to end and only available to permissioned parties. We take data privacy very seriously. Head here for a simple explanation of how we process and store data.
Note that this is an early release and we are excited to hear in what direction you all would like to take Humanbound. A few more details on how we imagine the future of Humanbound:
Multi-address and multi-chain support
Support for additional (decentralized) authentication methods
Adding support for Verifiable Presentations to allow for more easy export of user VCs
Integration with decentralized storage technologies like IPFS to store identity data
Client side identity data encryption using user keys
Robust APIs for auth and data access
ZKP import and export