Experian Case Study

Zero Knowledge, Government and Financial Services

Experian chooses zero-knowledge proof to power its product for Gov.UK Verify.

To ensure that UK citizens using Gov.UK Verify have secure access to their online accounts, Experian is using distributed cryptography technology from MIRACL to provide highly secure authentication to millions of UK citizens.

Experian is a certified identity assurance provider for GOV.UK Verify, the new way for UK citizens to use government services online like renewing your driving license or filling out your tax safely, securely and straightforwardly.

Experian is one of nine independent identity assurance providers supporting the government’s Gov.UK Verify identity assurance service, which is one of the government’s biggest digital projects. Verify is run by the Government Digital Service (GDS) and is intended to be the standard way for people accessing online government services to prove who they are and to log in to complete transactions.

Experian Logos

The zero knowledge m-pin proof is an enabling technology that Experian has selected to provide a high level of assurance, delivering two-factor authentication to secure people’s identities. UK citizens using the GOV.UK Verify service will have completely secure access to their online accounts using MIRACL’s patented two-factor Authentication Protocol. This involves a user-selected 5 digit PIN (something they know) alongside a software token which automatically installs in their mobile or desktop browser (something they have) when registering. Both factors must be present in order to create a key that drives a “zero knowledge proof authentication protocol” against MIRACL’s Server. The server stores no passwords, PINs or authentication credentials of any kind.

Using a zero-knowledge proof means that no information of valie is never used or stored in a vulnerable database, which makes the password breach a thing of the past.

Experian’s selection of the zero knowledge technology greatly reduces the risk for GOV.UK Verify and its users. It protects UK citizens using the service from identity fraud and the associated costs that result from cybercriminals stealing and abusing passwords. This increased security will also speed up government-delivered processes by allowing more services to be delivered securely online.

MIRACL is a pioneer in the development of pairing-based cryptography, and its open source and commercial cryptographic libraries are used in internet of things (IoT) devices and applications from technology leaders such as Google, Microsoft, Intel, Gemalto and ARM.

The technology was developed by a renowned academic in the field of cryptography, Michael Scott. In January 2015, the company was selected to accompany prime minister David Cameron on a trip to Washington, as part of a special UK cyber security delegation to the US.

Read more about Experian and the GOV.UK Verify programme

“Protecting the person online and giving them a good user experience of the services they are using is a key goal for us as a business. MIRACL is a pioneering company that helps us achieve that”. Nick Mothershaw, UK&I Director of Identity and Fraud, Experian.

To see how zero knowledge and MIRACL Trust®, can secure your users and business take an online tour today.

Read more on MIRACL Trust