BlockTalks x Hypersign AMA Transcript!

Hello! BlockTalkers & Blockchain Enthusiastic!

We recently hosted an AMA with Hypersign, on June 1st at 12.00 PM UTC. Many of you might have participated or many of not. But we make sure no one missed out from the knowledge shared by Irfan Khan, Business & Strategy head of Hypersign & Vikram Bhushan, Product & Engineering lead of Hypersign. So here we are up with the AMA transcript, for those who missed the live session, this blog post will be a saver & feeder of knowledge for them.

Introduction Questions Asked By Team BlockTalks!

Q1. Could you please introduce Hypersign to our community in layman’s term?

Ans — In short Hypersign is an Identity management protocol which lets users not only login to websites/mobile apps without using passwords but also give users the opportunity to control their data as they want. We literally want to empower users to control their own data and end data silos where large amounts of user data is collected and eventually gets hacked.

We are basically creating a system where users like you and me will be able to have full control over our personal data and if anyone wants to access or see our personal information they will have to take permission from us to access our personal data.

In other words, you will never have to fill out another application form again, nor will KYC ever again. If you go to a bank and apply for a loan, they will ping you on your hypersign APP and ask you for your information and you will just click OK and they will be able to verify you WITHOUT revealing your personal information to them, basically the bank will know its you, without knowing your name and address and phone number.

I am giving you a slightly extreme example, but that is where we want to be. In the future, there will be no phone numbers, you will be able to CALL me without dialing any numbers, or through any chat app, you will connect with me directly, without knowing any of my personal information.

Q2. What are the advantages of Hypersign to other alternatives in the Blockchain field?

Ans — As a team, We come from an industry known as IAM [Identity and Access Management] . This is a 20+ year old industry that is worth 25B USD. It is very different from KYC, as we do not deal with legal documentation. We are mainly focused on security issues related to data exchange and endpoint point security such as user login, authentication, verification, authorization which is based on Public Key Encryption/Infrastructure. This is what makes us different.

I am not really sure which other blockchain projects are in this space at this point. However since we are in the identity space, we are also building DID Infrastrcuture. This is where we have the competition from KILT and mayb Litentry. But what makes is DIFFERENT is that we are hitting the core of Access Management with our solution.

Q3. What are the major milestones Hypersign achieved so far & what are in the future pipeline?

Ans — We started the Hypersign Project in 2018. We recieved our seed funding from Aerternity Blockchain in 2020 and this year we are launching our token.

Our biggest milestone is our Hypersign Protocol has been launched on now with our Data Defenders Program.

We are getting our first 1000 users.

https://twitter.com/hypersignchain/status/1399008657120051204

Questions Asked on Twitter For Hypersign Team!

Q1. How can Hyperspin compare with other verification systems such as Faccebook where it is known that the data provided by the user is not usually completely safe or protected under complete security and is stored in the Facebook network exposing it to be shared with third parties?

Ans — In our case data is stored in the user’s Wallet or Vault and it is never shared with Hypersign, or anyone else, unless authorized by the owner. But in case of Facebook you understand its in their control/centralised systems.

As a user you will have no difference than how you use login with facebook.

Once you register with Hypersign, your personal data is encrypted with your private key and the key remains with you. The personal data is in essentially only accssible to the owner of the data and the owner is the one who will allow others to access this data. over a certain period of time.

As you know, password is the weakest link, all global major data hacks, leaks and breaches are caused due to passwords, either users will write password on POST IT NOTE paper and stick on monitor, or even share passwords in email and chat, and this is the main cause for the password leak and eventually get hacked.

Since we completely eliminate the need for usernames and passwords, users cannot share passwords and we solve this issue for enterprises.

Adding on top of it. We indeed feel that in order to bring blockchain to everyone, the centralised and decntralised systems have to work together. which is why we are trying to bridge the gap between centralised and decentralised authentication systems by building adapters. For example we are working on plugins which can bring all wordpress users to blockchain and make them avail our decentralized passwordless authentication

is that most companies don’t integrate DATA PROTECTION and STRONG Authentication in their ecosystem. they use traditional database for verifying their users, over a period time the iusers increase and the data base also becomes bigger and they store USER NAME, PASSWORD maybe Phone number and other personal details, as the database grows, it becomes attractive to hackers, and eventually gets hacked.

Hypersign will end this DATA SILO problem, by storing the user data with the users and not the companies, so there will be no more data hacks.

Q2. I understand that with Hypersign and its identity wallet, it will not be necessary to use passwords, eliminating all vulnerability to being hacked, but will this data wallet be completely immune to any type of hacking attacks? or is it necessary to maintain some security measure?

Ans — Nothing is totally immune to hacks, everything is hackable. All depends on time and processing power.

So this wallet stops password related hacks. Like Server access by hackers annd brute force attack. But there is still chance that the hackers can attack each user’s device.

But you can understand hacking one server and stealing alll the passwords is easier than hacking each user’s device just to steal 1 password.

We have to always analyse Risk based on how much it will cost.

Q3. From what I read, they apply a mechanism based on W3C self-sovereignty, in fact it is the first time I read about this system. How does it work in such a way that it allows users to manage their data and how can this mechanism strengthen a bond of trust with the user?

Ans — We have three parties

1. Issuer ( Hypersign )
2. Holder ( you and me )
3. Verifier ( Website integrated Hypersign login )

The issuer issue a credentila with his signatore to holder.

Now when presenting this credential to Verifier, the Holder attaches its own signature to it.

The Verifier can verify this from blockchain and no need to call Issuer.

This wasy Privacy of holder is always maintained.

Meaning if you recieve Hypersign credential and you are login in to a website shop.com.

the website no need to call Hypersign , we don’t get to know where you are loggin in.

Q4. Hypersign offers four main tools for any enterprise to rapidly deploy a ‘decentralized passwordless authentication solution’ with a low TCO [Total Cost of Ownership]. Can you tell us what these tools are? and how does each of them work?

Ans — https://medium.com/hypersign/how-does-hypersign-work-600fb6a3fbfb

In short -

Passwordless SDK for Website
Identity Wallet for user
Hypersign Studio for Website to check the user login status etc
Hypersign Adapter For enterprise integration.

Q5. They have recently announced the launch of their new program: "Hypersing Data Defender" for the evolution of the exhaustive tests that the testing of its new beta requires. As an active community, what role can we take to contribute healthily without putting our data at risk?

Ans — If you are ethical Hacker then we are most welcome please come and try to DDOS our systems.

Spread the news to your folks who might be able to come and try the product

Provide feedback on the UX/UI

Shill in other groups how cool is this event unlike other new blockchains.

Questions Asked by our BlockTalks Community Members during live Session to Hypersign Team!!

Q1. I observed that hypersign does not require storage of individual private data during attempt to sign in, what is the reason ? In the case Hypersign not save private data, how does an individual get back their account in the case of a compromise or a lost password/login details?

Ans — We are building a back up data vault that will only be accessible by the owener, you can back up your data ther and retrieve when necessary.

Q2. Decentralised Identifiers (DID) Users give personal-data to issuers, which verify and issue cryptographically signed documents. How can issuers access to the data and verify it without revealing the identity and information of the user?

Ans — So first of all Issuer will always get user information o validate and send credential.

But if they are part of our platform then they will delete the personal info as soon as they validate and send you credential.

Take part in the "Data Defender Program" You will understand how it works.

Q3. One of the features that I liked about Hypersign is that it not only allows the web to authenticate users, but also to verify that the web where the data will be inserted will be secure, but could you tell us about how they will do it? How will they know that the web is safe and when not?

Ans — If you look at current way of authentication , you as a user never get to verify the authenticity of website hence all these phishing attacks are happening. But Hypersign ecosystem provide a way to issue identity to webapps/mobileapps also. Now when they request some data from user, a user get the opportunity to verify the identity of app before even sharing data with them. This is called Two-Way Verification (read more about it in whitepaper),

On hypersign network, it is not just the service providers (or apps) who verifies the user, the user also has the ability to verify the service provider before sharing the data with them. We call it “Two-Way authentication”. This will help to reduce the phishing attack to great extent.

Q4. Could you explain what is the step by step to be able to monetize our digital data? What is the cost of this? Can anyone do this?

Ans — On Hypersign platform, credential will be issued to by many issuers. A credentials are nothing but digitallly signed documents which you collects from various issuers and use them to avail some service. A user if want, they can convert their credentials NFT and sell on the Hypersign Data Marketplace. There are many orgs who need CLEAN dataset for various purposes. They will come to Hypersign Data Marketplace can buy those data from You. Hypersign ensures that the data available on data marketts is in adherence to W3C standards.

Q5. How do you take care of physical identity? Do you have anything to do with KYC?

Ans — No, We are not in KYC, we dont touch the identity, infact hypersign is the infrastructure layer that enables KYC providers to carry out the verification.

Q6. I understand that its platform and its identity protocol products are not yet fully developed, but are there really platforms and projects that have partnered with Hypersign and are looking forward to their protocol to protect their users?

Ans — Please take some time out and go through our medium blog https://medium.com/hypersign, we have published multiple deep-dive posts about how Hypersign will be adding value to our partners namely Elrond, Ontology, Aeternity, Unido, SpiderDao and more.

We are currently building aDID infrastructure on some of the L1s like Harmony, Aeternity and Elrond and for other DAPPS partners we are offering them enterprise grade decentralized security services, like Authentication, verification, and authorization at a very reasonable cost, we are basically securing their users data and simplifying access to applications.

Q7. Hypersign says on it website that operates with Polkadot and Ethereum networks, but as you know the expansion never stops, so will you adapt other EVM compatible networks?

Ans — Hypersign is essentially an OMNI- Chain solution, since we have to provide DID Infrastructure for all L1s and and also application layer tools like Passwordless Auth Connectors for enterprise grade SSO and other consumer based tools that will be used for masses, and we MUAT connect to every network out there so that we can provide security and Identity Services for everyone.

Look at this way, Hypersign will be the underlying security layer providing secure access to DAOs and Hardware and Autonomous cars and providing secure authentication to all sorts of Artificial Intelligence Bots needed to run smart cities to interact with decentralized network will be the future for hypersign.

Q8. In the event that a user does not have their usual mobile device, or their PC, how could they regain lost access to Hypersign or any service that implements it?

Ans — The next version we will have Data vault’s. User can recoved lost credentials via these data vaults.

Q9. As i see, $ HID is the Native Token of Hypersign. But Could you explain what’s the main Use & Advantages of Holding $ HID Tokens? Which types of Services are offered by Hypersign to Hypersign Holders?

Ans — Please do go through our blog

https://medium.com/hypersign/hid-token-utility-a89273cbb969

Q10. OTP Logins are abused by platforms from time to time. What precautions does HyperSign take against OTP risks? There are issues such as data tracking. How does HyperSign solve these problems?

Ans — We Eliminate the need for SMS OTP Completely.

Q11. I realized that Hypersign depends of the Identity providers to offer the "no username and no password service" so can you tell us how do you guarantee that this user will act honestly? Also what happen if all IDP are offline?

Ans — Hypersign Removes the dependency of IDP to provide "no username and no password service"

So even if all the IDP get’s offline including Hypersign, User can still login to websites.

Because websites can verify user’s from Blockchain.

Q12. When I tokenize my digital information in a NFT does the protection that Hypersign gives me stay the same? Or after a company acquires it through the purchase of my NFT do I lose my privacy?

Ans — So look at it this way, once you Mint your NFT and sell it on the open market, this would typically mean that large marketing companies like Nike or Cocoacola would be able to send you promotional messages wihtout knowing who you are and where you live and son on. They would know that you are a person living in a certain city with in an age group and like to recieve promotional messages from certain companies like cocacola.

Hypersign is consent based.

Here are some important links of Hypersign👇

🌎 Website: hypersign.id
📱 Twitter: twitter.com/hypersignchain
📢 Telegram: t.me/hypersignchain
📚 Medium: medium.com/hypersign