The Yivi logo

More about Yivi

This page explains the ideas behind the identity platform Yivi. It also explains how the system works and has been designed. The following topics will be discussed.
  1. What is Yivi all about?
  2. Why would you wish to use attributes instead of identities?
  3. How do I obtain and use attributes?

1. What is Yivi all about?

In many countries, when you buy a bottle of whiskey, you are obliged to prove that you are older than 18. You don’t have to prove who you are. Just this personal property, that you are over 18, suffices for the whiskey purchase. Such personal properties will be called attributes.

Yivi is the name for a system that allows you to do precisely this. Yivi empowers you to disclose online, via your mobile phone, certain attributes of yourself (“over 18”), but at the same time hide other attributes (like your name, or phone number). Yivi protects your privacy in this way. This privacy-protection is intrinsic to the system, which is called privacy by design. In the most recent European data protection regulation such privacy by design is legally required for new ICT-systems.

Apart from intrinsic privacy-protection, Yivi also protects against identity fraud: if your name and date of birth are not revealed at all, they cannot be abused.

The list below gives several examples of attributes that may be useful, for instance for interaction with a webshop, with the government, with your bank, or at a web-forum, etc.

  • I’m a student (or a pensioner)
  • I’m older than 12 (or 16, or 18, or 21, or 65)
  • I’m younger than 12 (or …)
  • My nationality is …
  • My gender is …
  • My bank account number is …
  • My home address is …
  • My given/family name is …
  • My national registration number is …
  • My insurance number is …
  • My email address is …
  • My mobile phone number is …
  • My loyalty card of company X has status bronze / silver / gold
  • My rail subscription is first / second class
  • etc. etc.

Some of these attributes are uniquely identifying, like your bank account number: it is associated with a single person. But some other attributes can be used anonymously, without disclosing who is involved. These non-identifying attributes apply to multiple people.

Attributes form a natural mechanism for revealing certain aspects of yourself, while at the same time selectively disclosing other aspects. There are many scenarios where attributes provide precisely the relevant information that is required for a certain transaction:

  • If you wish to join an online chat-box for minors, you have to prove that you are younger than 15, for instance. Or if you want to participate in an online discussion group of people with a certain sensitive disease, this disease itself can be the attribute that gives you anonymous access to the group.
  • When you wish to buy a violent game/movie/book online, you have to prove that you are older than 16, or maybe even older than 18.
  • If you possess the “student” attribute you may be able to get a discount at a hairdresser; if you have the “handicapped” attribute of specific kind, you may be entitled to special transportation.
  • For a purchase online your home address attribute is needed for delivery. Discounts may be available via a loyalty attribute of the webshop. And possible an age limit attribute is required if the item that you purchase is not intended for minors.

In short, Yivi is about attribute-based authentication: it is not about who you are, but what you are. This is very natural and intuitive. When you visit a doctor in a hospital you may wish to know his/her name for communication, but a much more important attribute is that the relevant person is a qualified medical doctor indeed. In the non-digital world we rely very much on context: the person wears a white coat and receives you in an office in a building that says “hospital” above it entrance. But in the online world such context information is often missing (or is easy to fabricate), so that we have to use attributes like in Yivi for trusted interaction.

To the top

2. Why would you wish to use attributes instead of identities?

The short answer is: attributes protect you and empower you.

Via a unique personal number, like a passport number or a national registration number, people can be recognized in many different situations and all their actions can be linked. This has many advantages, for instance in public services. But it can also have serious disadvantages, especially when this unique personal number is abused by someone else. This is called identity fraud, and it is one of the biggest plagues of the digital era.

When you use anonymous attributes, instead of a unique personal number, for a transaction, then your identity does not play a role and cannot be stolen. In this sense, attributes protect you.

Usage of attributes, instead of identities, has additional advantages.

  • It is privacy-friendly because of 

    data minimization

    . Only those attributes which are relevant and necessary for a transaction need to be disclosed.

  • It provides the user, at least with Yivi, real control and transparency about who is requesting to see which attributes.

  • It is flexible and can be used in many situations.

  • It prevents linking of different transactions, as long as non-identifying attributes are being used. Hence it also prevents open or surreptitious surveillance and profiling, and everything that is associated with it, such as price-discrimination (the price that you have to pay depends on the profile that has been assembled about you).

In many digitization projects of the past decades attributes from daily life have been replaced by digital identities. An example is smart card based e-ticketing in public transport. Traditionally, having a (anonymous, untraceable) paper ticket was enough to get on a bus or train. These days one implicitly reveals one’s identity by using a (uniquely numbered) smart card. Via such cards individual movements can be traced and stored for many years, be used for marketing purposes, and possibly become public through a computer hack or through negligence. Anonymous cards, at least in the Netherlands, do not offer much privacy protection, since when an error needs to be corrected or when you want to receive any remaining balance on the card after its expiration, you need to disclose your identity. In this way a connection is made between you and and all your travels, which, you thought, were anonymous.

Attribute-based identity management (re)introduces more protection and flexibility for users. Additionally, attributes offer some protection for service providers against possible disadvantages of total anonymity, because they can demand that participants do reveal some minimal level of relevant data about themselves, for instance that they are female, or under 12, in special online discussion groups for women or for children.

To the top

3. How do I obtain and use attributes?

In the Yivi identity platform your personal attributes are securely stored in the Yivi app on your own phone (or tablet) — and nowhere else. The app is protected via your own PIN code. This personal PIN ensures that no-one else can use your attributes in your Yivi app, and thus steal your identity. Of course, it is important that, in addition, your phone has its own login pattern or code. But on top of that, the Yivi app has its own PIN, just like various apps from mobile banking have their own PIN.

Attributes that hold for you can be downloaded to your Yivi app on your phone. Typically this is done via the web, but it is also possible to do this in a face-to-face scenario at a counter. An organization that provides attributes is called an attribute issuer, or simply an issuer. There may be several issuers of attributes, such as:

  • national or local (government) authorities, for attributes like: name, address, date of birth, national citizen numbers, categories of income, etc.
  • banks and insurance companies, for attributes like: bank and/or insurance account numbers, type of insurance, etc.
  • internet service providers and telecom operators, for: email addresses, phone numbers, IP-addresses
  • the Facebooks / Googles / Apples / Amazons / Microsofts of this world for login data
  • big or small web-shops, with loyalty cards and custom numbers, with associated status, coupons, etc.
  • companies and other organizations, for attributes as a basis for fine-grained role-based access management
  • hospitals and other healthcare organizations, for regulating access via attributes, not only for healthcare professionals, but also for patients
  • blockchain initiatives, for authentication of users and their roles
  • military organizations, for all their different ranks and (security) compartmentalizations and clearances, and for members of special forces whose identifying data are typically not revealed
  • etc.

Yivi attributes are available from many sources – but not from all of the ones listed above. The Privacy by Design foundation keeps a public register of all available Yivi credentials (sets of attributes).

If you wish to obtain certain attributes from such an issuer you first have to authenticate (prove who you are) to this issuer. Subsequently, this issuer can look up in its own database which attributes it knows about you, and you can choose from the available attributes which ones to download to your Yivi app on your phone, digitally signed by the issuer. Concretely, in order to obtain attributes from your bank, you have to log into your bank first. This is precisely what happens with iDIN.

Once your Yivi app contains a collection of attributes, you can start using them in various transactions. In such transactions the other side (think of a webshop) may ask you, for instance, what your home address (attribute) is. After you have explicitly agreed to such a request, and typed in your PIN code, this attribute is revealed by the Yivi app to the webshop. By performing some cryptographic checks, the webshop can verify that the attribute is genuine, has not expired, has not been manipulated, has been issued by a specific issuer, and also that it really belongs to you (actually: to your phone). This requesting party, who wants to see some of your attributes, is called a verifier, or sometimes a relying party. There is a special verifier page explaining what this role amounts to.

It is built into the Yivi system that these verifiers must make very clear to you which attributes they request to see. You, as an Yivi user, have to explicitly agree to the release of those attributes. In this way it is clear and transparent who wants to know what about you. The Yivi app keeps its own log, so that you can see later which verifier has requested which attributes (at what time), and what you have revealed. If there are verifiers who request disproportionately much information from users, you can file a complaint, based on these logs, for instance with your (national) data protection authority.

(The Privacy by Design foundation also keeps a minimal log of all your transactions, in order to enable you to detect possible abuse, see the MyYivi explanation. This log gives you no information about the attributes that have been requested and/or shown, and can not be used for complaints.)

Attributes in Yivi carry a digital signature of the issuer. Via this signature the verifier can check the origin and the integrity of attributes. Attributes have an expiry date, which can also be checked by the verifier. If attributes have expired, they need to be refreshed by the user, by returning to the original issuer. This works just like for passports, identity cards, or driver’s licenses: at some stage they expire, and you need to get it re-issued. Refreshing of Yivi attributes is much simpler, however, since it can be done online.

The three pictures (still involving the old name IRMA for Yivi) below give a schematic overview, first of downloading attributes at an issuer, and subsequently, of using attributes at two different web-shops.

This downloading of attributes is a natural form of modern identity management. It allows you to assemble and maintain your own personal digital passport in your Yivi app. Such personal data management is a bit like installing and removing apps on your phone or tablet.

To the top