In the first of our series of upcoming member spotlights we interviewed PassiveBolt’s co-founder Kabir Maiga. His company is an Associate Member of DIF and he shares some of PassiveBolt’s work in advancing decentralized access as a Tier1 supplier.
Kabir: Thanks for having me.
Limari: What I always like to ask people just in the decentralized space is really what's your journey, because decentralized identity, it is relatively new and people have all sorts of interesting stories about how they came into this space. So I just wanted to maybe get your background and how you came to work on what you are developing at this moment?
Kabir: Yeah. Oh, absolutely. So I started out as an engineer, gosh I guess I'm getting old, I graduated almost 14 years ago now. Wow. And yeah, electrical engineer, worked in the automotive industry, worked in investment banking, as a software engineer, went and got a master's degree in business from Ross at the University of Michigan, and really ended up going back into the automotive industry where I got into access control. That's basically keyless entry systems for cars. You're probably familiar with some of the tech that I used to work on, which is touching the vehicle door handle to unlock, not using your phone to control access to your car, things like that. It was a great experience, great team. We worked on tech that eventually has gotten deployed in over 120 million vehicles globally. So a really exciting project. But it's really working on that project I think I had an epiphany or idea which is, the automotive industry at the time, this was the 2016-18 timeframe, seemed to be ahead of the rest in access control, in terms of its technology stack. I think one of the reasons why that was the case is because it had an entire Tier 1 class of companies that basically innovated and supplied OEMs. (Original Equipment Manufacturers) So OEMs never had to worry about designing the latest closure systems, they would just source it from innovative suppliers. So really bringing that type enabling class of company to the rest of access control was what I set out to do, and worked to spin off with my core team out of continental automotive, where I used to work, which is a 50 billion euro automotive Tier 1 one of the leading Tier 1s. I was able to get the blessing to really spin off and start PassiveBolt as a separate company with the express intent of really looking at how do we enable companies that make products and solutions, security solutions for controlling how people get in and out of secure spaces?
One opportunity that we saw is really providing that tier one base to security industry companies that design access control solutions across the board. In doing that, we quickly realize how fragmented it all is. A lot of it had to do with systems being siloed. Each system is behind its own login. I don't care if you bought a smart safe, to unlock it you need an app, or to unlock your smart lock you added on some door. It doesn't matter what you do. If I sat down and said what would it all look like in five, ten or twenty years down the line, I can imagine owning 100 apps just to access physical spaces. Because as hotels, car rentals, you know all physical spaces became smart, I will just be onboarding and creating digital identities in several different silos and my data living on all of those systems. That's really what got us into decentralized identity, because that clearly was not a future that I wanted to live in. So we really transformed PassiveBolt into a web3 focused company that's really pioneering access control by leveraging an identity meta system. We're creating and establishing basically the identity layer, the missing identity layer in physical space network communications. That's for the security industry more specifically. In other words, we basically want to enable identity wallets, SSI or decentralized identity based wallets to unlock any and all physical spaces. One obvious application of digital identity is in machine to machine interactions, you know, password-less login or supply chain or provenance, etc. IoT is a great opportunity as well, in the sense that we do live in a physical world and access in physical spaces, it means that if I'm leveraging my digital identity to do so, I need protocols in place to allow me or my wallet to talk to physical spaces, right to be able to convey a verifiable credential that shows that I have access to a specific space.
Limari: Yeah that's very interesting. I think for a lot of people, the issue of identity, it's kind of front and center for them. I think just the general populace are confronted with the problems of that. It's interesting just imagining a world where you need 100 different apps to access everything that you own, all spaces that you own and just how unsustainable that is. I think that some people may be wondering, “How is this different from my keyless entry I already have, or is what you're doing better than what I have. You highlight a very important point in that, as you keep growing this centralized model, it becomes very unsustainable. But I would be interested, I mean, our audience, a lot of them are involved with deep tech. If you did want to go a little bit more in depth on the decentralized aspect of PassiveBolt, feel free to fill some of that in some more, and then maybe, what are some of the interests you have in the decentralized identity community and how it intersects that?
Kabir: Yeah so we've basically created a technology stack from the root, meaning the blockchain layer all the way up to physical devices for physical spaces. So you know the bottom layer is obviously the identity meta system itself so the root of trust. We created a blockchain that is purpose built for digital identity. So really it's effectively a registry, a verifiable data registry for digital identifiers, but specifically addresses the needs of the security industry. We could have gone with an existing platform, or an existing blockchain, I should say. But we wanted a blockchain that's built for and by the security industry, that all manufacturers of physical security systems can leverage. So consider that a common public registry for the security industry. The second layer, and I should say that, first, the bottom layer, was obviously put in, in the public domain, it's a public utility for the security industry. So PassiveBolt obviously conceived of it, built it, but again, it is intended to be governed and maintained by the security industry itself as a whole. To clarify maybe for some of our viewers, by security industry I'm referring specifically to manufacturers of access control systems hardware like locks, etc, or software solutions like physical access control software for issuing key cards to people or mobile keys to people, things like that. The second layer, obviously once you have a registry is now you have to have the software stack to go with it. So there's the identity wallet, and you have the attestation infrastructure, or to use the W3C language, the verifiable credential layer. So we have those two layers above where we basically created protocols that allow the use of verifiable credentials, digital agents and, or wallets, containing wallets, to be able to communicate with physical devices. So in essence, any lock that can do cryptography can be made into a web3 device.
One thing that was important to us is not imagining every manager of physical space having to rip out their hardware. That might be counterproductive, and the investment would be significant to be able to deploy decentralized identity in terms of physical access. So our solution is really to create an offline way of being able to utilize a verifiable credential to unlock physical spaces and that's what we did. So that layer protocol that we've created at PassiveBolt really allows any and all digital agents to be able to achieve that. Our identity wallet that we created is just one first implementation on top of that blockchain that I mentioned. It allows you to set up your PII to be able to receive verifiable credentials and be able to share them. PII being personally identifiable information. But what's great about this is there was a time where if you wanted access to physical spaces, your only option was to surrender PII somewhere in exchange for a keycard. So here's who I am, put it in a database that you get to store and I get a key card and I can badge into that hotel room or office or whatever. Then we switched to doing it over mobile using mobile keys, but then we never really did fix that identity piece of it. Now I'm logging, I'm registering, I'm surrendering PII to create an account number which is effectively a digital identity into that siloed system. Then I can receive a digital key. In this paradigm, leveraging decentralized identity, you don't have to log into anything of course with your identity while you're self sovereign. Using just your identifier, we have protocol, where you can basically be assigned access to a space, without sharing any PII, without the access provider needing to store any personal information about you. It makes it interoperable. So you can get into, with your identity wallet, you can get into any and all web3 capable physical spaces.
Limari: That's amazing. Maybe you can give us just kind of a brief idea, maybe a vision for people someday using this technology, this is how you're going to be able to go through spaces, maybe kind of like a real life use case.
Kabir: Here's what I want you to be able to do. I want you a couple years down the road, to be able to grab your identity wallet, and book a vacation somewhere using your identity wallet. You publish your need. So looking for a hotel, let's say you're going to New York City, looking for a hotel and a car rental in New York City for these days. You get offers, private offers from hotels and travel service providers, generally speaking, so that they are now able to give you a direct offer via DID to DID communication, which means they're not giving you a rate that's public. So they can be more aggressive to get your business to improve their occupancy rate. You're able to book seamlessly and deal with a direct relationship with a service provider. Then you show up at the airport, I want you to be able to just tap your device and prove your identity. You are who you say you are, and it's verified. Obviously, for government purposes, let's throw in two factor authentication or facial recognition. You get to the plane, you've got your plane ticket that was delivered in that booking that you did with one click and you're able to just tap again, to just prove that you are who you are, and you walk onto the plane with your seat. You land in New York City. I want you to just be able to walk onto the Hertz parking lot or company alpha and just go straight to spot seven B where they told you your vehicle is parked and you tap and it unlocks. You go in, you push a button, it starts, no key exchange no need to interact with anyone perhaps. You drive to hotel beta, at that hotel beta, you walk in, you go to room 402, no stops needed, unless you want to say hello to somebody. If you tap your identity wallet again, the room unlocks and you go in. All of this is possible because from when you did your booking, be it through the wallet or through an aggregator, doesn't have to be through the wallet, you were delivered verifiable credentials through that device, through that wallet. Those verifiable credentials have allowed you to unlock all of those physical spaces along the way. I really emphasize access to physical spaces, because there's a tendency to always focus on virtual spaces like apps, websites and the like. I think there's significant value as we build decentralized identity ecosystems to really capture physical spaces, because that's where we live. This whole journey that I described, your trip from California to New York is you needing to get into all the physical spaces in between to get to your hotel room, and then to maybe that concert later that evening. It's all physical spaces. That's really what we want to help shape and build.
Limari: That's really really amazing and I know that for a lot of people not working within this space, on this technology, some of this is very hard to grasp because we are so shaped by just the centralized system that we are living in today. The fact that we are able to do that without giving away all of this personally identifiable information, it's just amazing that we can have that capability. So one last thing I'm curious to hear your thoughts about is just in terms of the community at DIF, if there's been any work items, like maybe you've had your eye on that you find are interesting here in this space that you think might contribute to what you're doing at PassiveBolt?
Kabir: I think many of the working groups are phenomenal, messaging is one that comes to mind. I think the group that I've been particularly interested in and really participated in every week is the Travel SIG within DIF. The Travel SIG is currently working on travel profiles, which is really a way to simplify how you communicate information data to travel providers. So that experience I had described between California and in New York your ability to do it with a single click, just give them the information they need, authorized access to information, they need to provide you of service, but in a way that preserves PII and preserves privacy, that's key. The work that DIF is doing, I think is to come up with a standard. We have a way we're doing it at PassiveBolt, but working through DIF we’re hoping to have a standardized way of doing it. I think all the great minds you have there, you know people with significant industry experience, travel experience, that we're able to work together with. As technologists, there's nothing better than to really hear direct input from people who've been in the industry for 30, 40 years to make sure that the systems we're designing are taking into account all the different dynamics in the space. So I think that SIG is particularly interesting and work product of a traveler profile schema that will come out of it will be very beneficial, not just to PassiveBolt, but all companies and all entities looking to help us or help everyone really design the traveler experience of the future.
Limari: Just to clarify for our audience who may not be familiar with our open groups at DIF, Kabir is referring to the Hospitality and Travel Special Interest group. It's one of the groups that we have at DIF that anybody can just hop on, and you can join in the discussion there. So awesome. Well, thank you so much. It's been such an interesting conversation. I truly enjoyed learning more about PassiveBolt, what you're doing and how this technology will be applied to travel and to going between spaces, accessing our homes, hotels, etc. So, truly enlightening. Also, maybe if you like to let people know how they can learn more about PassiveBolt.
Kabir: Go to PassiveBolt.com or you can reach out to me if you want to connect Kabir [at] passivebolt.com
Limari: Thank you so much. Once again, I appreciate you taking the time. And thank you everyone who decided to join us today and watch and we'll have many more interviews to come very soon. So thanks.
Kabir: Thank you
You can learn more at https://passivebolt.com/
If you would like to become a member of the Decentralized Identity Foundation join us at https://identity.foundation/