THEKEY MVP/Testnet Technical Report

Of
Blockchain based Dynamic Multi-Dimension Identification

THEKEY Project Team, May 2018, Beijing, China

1
Table of Content

1、Project Background .......................................................................................................... 3

2、Business Scenarios ............................................................................................................. 3
3、Technical Implementation ................................................................................................ 5
4、Business Flowchart .......................................................................................................... 13
5、Conclusion ........................................................................................................................ 15
Appendix: List of Delivery Codes ........................................................................................ 16

2
1、Project Background

Back in November 2017, we released our White Paper “A Decentralized Ecosystem

of An Identity Verification Tool Using National Big-data and Blockchain,” and in late
December of the same year, we followed with the release of our “MVP Development
Plan.” These two documents outlined our plan where we proposed the development of
a Blockchain based Dynamic Multi-Dimension Identification (BDMI) technology in
order to solve a fundamental issue of the digital world by providing “undeniable”
and ”unalterable” identity verification (IDV) services. As we indicated in previous
months, THEKEY project team would work to complete the feasibility study for
BDMI in order to build a solid foundation for its future application and promotion
through the development of a minimum viable product (MVP) by the end of June
2018, I am very pleased to announce the MVP was completed by April 30, 2018,
which is significantly ahead of schedule, and we hereby release below a technical
report for the MVP.

Two smart contracts (certification contract and payment contract) have been
developed in the MVP phase, which have been released on the NEO testnet.
Check certification contract scrip harsh value:
0x33ee36c712b37df8acfbda4a1beb165e100ed3e0
Check payment contract scrip hasvalue:
0x2e05dc2c1d5780b3b7698944d0a59b3dc51efde3

2、Business Scenarios

BDMI stands for “Blockchain based Dynamic Multi-dimension Identification”

technology, a perfect match solution for identity verification in digital world, which
is ‘The Key’ to move people from the real to digtal world, literally, it synergistically
combines "Dynamic Multi-dimension Identification" (DMI) and blockchain
technology.

The application scenario for the development is the mobile medical insurance
payment in Kaifeng, China. Study on technical feasibility will be conducted on core

3
technologies of BDMI and key links of the THEKEY ecosystem, according to the
White Paper.The eight working steps set by the BDMI technology application in this
MVP development work are:

• The hospital, as the service provider, triggers an IDV request for certain aspects of
a given individual user’s medical history as requested by the medical insurance
agency.
• The individual user (i) accepts and confirms the IDV request by confirming his /
her biometric data through THEKEY application or through terminal device
reader equipment provided at the hospital and (ii) approves the Smart Contract
between the hospital, THEKEY and himself / herself.
• THEKEY then reviews the IDV data request sent by the hospital against the Know
Your Customer (KYC) policy of the relevant industry to justify if the data request
is reasonable.
• THEKEY will compare and check the biometric data provided by the user against
the relevant comparable data validated by the government and it will also cross
check that biometric data against the latest Personal Identity Information (PII)
data, behavior data as well as the location data of the given user. These are all
automatically settled through encrypted interfaces.
• Once THEKEY has verified the validity of the user’s ID, the IDV process will
continue. Relevant PII like the user’s medical history will be collected as outlined
by the Smart Contract. THEKEY will then provide its verification of the result on
the blockchain, so that the medical insurance agency can then use it for its Claim
Processing Automation (CPA).
• The Smart Contract will be settled by TKY Tokens.
• At the same time, all previous calculations and checks will be recorded for any
future data audit.
• The credit of the user will be regularly evaluated and calculated through the
above-mentioned data audit.

Three key parts for the MVP developing task in the build of the THEKEY Ecosystem
are as follows:
Components Key Elements Descriptions

4
Participants Validator  THEKEY
 Statutory Medical
Insurance Bureau
 Public Security Bureau
 Politics and Law
Committee
 Telecommunication
company
User Users covered by the
statutory medical insurance.
Service Provider Hospital
Smart Contract Authorization Center  Authentication
 Authorization
 KYC Protection Policy
Data Security Center  Personal Privacy
Protection
 State confidential
information protection
 Other Chinese law
compliance.
Payment Center  Hospital to THEKEY
 THEKEY to other
validator.
TKY Token Users use TKY to pay for
medical bills in hospital

3、Technical Implementation

According to the White Paper, THEKEY adopted the NEO blockchain framework and
built a private NEO simulation environment, and for future work of our private
backbone chain, with private hardware, open source NEO packages as well as our
own development instead of using NEO public chain platform.

3.1 Software and Hardware Environment

Amazon AWS Cloud and Tsinghua Unigroup's platform are used as server hosts:
a) AWS: 6 hosts, 4 NEO blockchain nodes, and 2 data nodes hosting IPFS.
b) Tsinghua Unigroup Servers: 5 host servers, one for user wallets, two for
DAPP for the hospital and THEKEY respectively, and the rest two accept credit
wallet inquiry for the Human Resources and Social Security Department and the
operator.

5
c) IDV Terminal: including THKEY APP and hospital integrated machine.

NEO node software package Neo-cli (and release smart contract) and IPFS distributed
data storage software package are respectively deployed on the AWS server side. The
NEO wallet client and DAPP were deployed on our private Tsinghua Unigroup
servers, while the NEO node software package Neo-cli was also deployed. However,
it does not participate in the consensus mechanism in the chain and is only used for
the dynamic code of the user account.

3.2 System Architecture

The overall architecture is "2+4" modular design, two basic software: NEO
blockchain (certification contract, payment contract) and IPFS data storage; four
functional application modules: DAPP for hospital and THEKEY respectively,
Android front end for users and wallet for data source parties.

3.3 System Module Interaction Analysis

Four application modules and two basic platforms of the system interact with each
other in the following ways:
a) The hospital DAPP collects user information and initiates identity
authentication.
6
① Users sign smart contracts, submit biometric data, and then trigger IDV
requests;
②The hospital DAPP requests the user and prescription information from the
hospital HIS system;
③The hospital DAPP uploads data such as users, prescriptions, and biometrics
to the IPFS system to obtain the IPFS hash value;
④The hospital DAPP invokes the authentication application interface in the
certification contract, and the IPFS hash value is encrypted;；
⑤Hospital DAPP verifies the required TKY to the payment contract;
⑥Hospital DAPP notifies THEKEY of transaction identifiers on the chain.

b) DAPP of THEKEY obtains user information for IDV and feedback results.

7
①DAPP of THEKEY after receiving the notification from the hospital DAPP,
call NEO's API to obtain the corresponding encrypted hash value;
②THEKEY DAPP decrypts the hash value and retrieves user related data from
the IPFS system.
③ THEKEY DAPP invokes the industry rules inspection interface in the
certification contract to retrieve the validation rules;
④THEKEY DAPP calls the interface for verification based on the validation
rules;
⑤ THEKEY DAPP triggers the payment contract to complete the token
allocation;
⑥The payment contract then pays the operator, THEKEY the corresponding
TKY;
⑦ THEKEY DAPP uploads the verification result and prescription ledger
information to the IPFS system and returns the IPFS hash value;
⑧ THEKEY DAPP invokes the authentication feedback interface in the
certification contract, encrypts and broadcasts the IPFS hash on the blockchain;
⑨THEKEY DAPP notifies the hospital DAPP of the transaction identifier on the
chain.

8
 c) The hospital DAPP obtains the verification result and the prescription ledger
information, and the user pays the bill and then generates the settlement slip
on the chain.
①The hospital DAPP retrieves the IPFS hash from the blockchain;
②The hospital DAPP retrieves the verification result and prescription ledger
information from the IPFS system;
③The hospital DAPP displays prescription ledger information in the terminal;
④The user selects a prescription and use TKY to pay the hospital;
⑤The hospital DAPP uploads the payment result settlement slip to IPFS and get
the hash value.
⑥ The hospital DAPP invokes the settlement certificate interface in the
certification contract, encrypts and broadcasts the IPFS hash on the blockchain;
⑦Hospital DAPP notifies THEKEY DAPP of the transaction identifier on the
blockchain.

3.4 Smart Contract

9
According to the White Paper, THEKEY uses NEO Contract as a smart contract
system. The contract mainly implements three aspects of business: data security,
authentication and authorization, and token circulation.
a) Data Security Center
For personal data, we have conducted data security protection at the Data
Security Center, which is mainly reflected in the desensitization of sensitive
data that may be related to people or data sources. In accordance with the
rules set out in some Chinese laws, sensitive data involving state secrets are
removed.

The hospital DAPP invokes the authentication application interface in the

certification contract, encrypts the authentication parameters (the hash value
generated by the user and prescription information in the IPFS) with the
public key of THEKEY, and stores them in the certification contract;

THEKEY DAPP invokes the authentication feedback interface in the

certification contract, encrypts the authentication result (the hash value
generated when invoking the interface in IPFS) with the public key of the
hospital, and stores them in the certification contract;

The hospital DAPP invokes the settlement certificate interface in the

certification contract, and encrypts the settlement information (the hash value
generated when prescription settlement information are put into IPFS) using
the THEKEY public key, and stores them in the certification contract;

b) Authorization Center
10
 THEKEY receives the authentication request initiated by the service provider,
authorizes it according to the industry (application scenario) multidimensional
cross-validation rules, and obtains information verification and feedback
information.

The THEKEY DAPP obtains the hospital's request authentication parameter

(industry code) and calls the industry rules inspection interface in the
certification contract to inspect it. If the verification is successful, the
verification rules of the industry (interfaces requiring verification, such as the
state secret information interface, public security citizen information interface,
human social insurance information interface, operator location information
interface, CPA pre-audit interface, etc.) are reported back to THEKEY .

c) Token Circulation Center

As shown in the figure, the Token flow is as follows:

11
  Hospital DAPP initiates verification of 3 TKY transfers to the payment
contract. The payment contract temporarily stores TKY.
 The THEKEY DAPP triggers the payment contract to complete the
assignment of the Token based on the result of the call of interface.
 If all multidimensional authentication interface calls are successful (return
the result), the payment contract transfers 2 TKYs to THEKEY, otherwise
returns 2 TKYs to the hospital.
 If the location information interface call succeeds (returning the result),
the payment contract transfers 1 TKY to the operator, and conversely
returns 1 TKY to the hospital.

3.5 Real-ID wallet

When IDV, which is based on biometrics, government-identified data, cross

validation with behavioral data and scene data as well as key dynamic data validation,
confirms the identity, a user can trigger a private key using his biological information
（face, finger prints, iris, etc.） and finish the smart contract signing or TKY
payment, both will be documented for future audit. In this technical verification,
Token cirulation is used to demonstrate service transactions between participating
parties. In the process of dynamic multi-dimensional authentication, the hospital is the
payer. It must apply for TKY recharge in THEKEY beforehand to ensure that there
are enough tokens in the account to purchase the certification service.

When the THEKEY DAPP receives an authentication request, a transaction begins.

The query on government data sources will be converted into TKY by THEKEY
DAPP based on the results (right and wrong), then the payment contract on the
blockchain will be executed to perform deductions on the hospital account, and the
data source account and THEKEY account will be added.

Each user (hospital, THEKEY, data source) can install NEO's wallet software on his
terminal to query TKY in his account.

12
The user can operate on the terminal machine to query prescription information, as
well as TKY payment and balance inquiry functions. In order to ensure the security of
the user's digital assets, we authenticate the user when opening an account. After the
user passes the authentication, he creates a digital wallet bound to his real identity,
which is called a Real-ID Wallet. Each payment operation of the user requires identity
authentication through biological information. After the certification is passed, the
private key is triggered and the payment action is completed. This fundamentally
eliminates the malicious use of fraudulent use or theft of private keys, and ensures the
safety of the user's assets to the greatest extent.

4、Business Flowchart

1. The hospital, as the service provider, triggers an IDV request for certain aspects
of a given individual user’s medical history as requested by the medical insurance
agency.
2. The individual user (i) accepts and confirms the IDV request by confirming his /
her biometric data through THEKEY application or through terminal device
reader equipment provided at the hospital and (ii) approves the Smart Contract
between the hospital, THEKEY and himself / herself.
3. THEKEY then reviews the IDV data request sent by the hospital against the
Know Your Customer (KYC) policy of the relevant industry to justify if the data
request is reasonable.
4. THEKEY will compare and check the biometric data provided by the user against
the relevant comparable data validated by the government and it will also cross
check that biometric data against the latest Personal Identity Information (PII)
data, behavior data as well as the location data of the given user. These are all
automatically settled through encrypted interfaces.
5. Once THEKEY has verified the validity of the user’s ID, the IDV process will
continue. Relevant PII like the user’s medical history will be collected as outlined
by the Smart Contract. THEKEY will then provide its verification of the result on
the blockchain, so that the medical insurance agency can then use it for its Claim
Processing Automation (CPA).
6. The Smart Contract will be settled by TKY Tokens.
7. At the same time, all previous calculations and checks will be recorded for any

13
 future data audit.
8. The credit of the user will be regularly evaluated and calculated through the
above-mentioned data audit.

14
5、Conclusion

Through the development and testing of the MVP, we came to the following initial
conclusions:

• First, “undeniable” and “unalterable” online IDV results were generated for
the first time in the world through BDMI technology. BDMI embraces 6
elements simultaneously to realize EA5 (e-authentication-5) level IDV
services. Since IDV is fundamental to establish mutual trust in the digital
world, we believe that BDMI will become an underlying layer that will
facilitate the development of blockchain technology and the digital economy.

• Second, the storing of private keys on mobile phones is of concern as mobile

phones are easy to lose, can be used by others fraudulently and are costly.
Thus, we adopted a 5-pillar private key management system that directly
triggers the signing of a smart contract and token circulation. Although the 5-
pillar private key management system still needs to be further improved, the
initial results appear to provide a great starting point for a feasible solution for
private key management, deviceless IDV and deviceless payment.

• Third, for the first time, we were able to integrate IDV and digital wallets to
form a real identity wallet (RIW). We believe this real identity wallet
technology will play an important role in anti-money laundering applications,
which can lay a solid foundation for the healthy development of
cryptocurrencies and the digital economy.

In this phase, we focused on establishing the baseline technical feasibility proof. For
the next stage, we will focus on improving the performance, efficiency and reliability
of BDMI technology. In addition, we understand the vital need to have equipment
which is trusted and secure to underpin any of the work BDMI technology will be
based on, and thus we look to develop exclusive hardware devices in the future.

15
We began this process to ensure we build a superior product for our investors and our
community. This is just the first step in our journey. I thank you all for the support
you have given to THEKEY and me. With it, we will continue to work hard to
accomplish what we set out in the beginning.

Appendix: List of Delivery Codes

https://github.com/thekeygithub/MVP
a) Mobile-APP: source code of Android APP in the android smartphone
b) Hospital-DAPP: hospital DAPP server code
c) Hospital-terminal-APP: source code of Android APP in the All-in-one terminal
d) IPFS-api: source code of IPFS private network data access API service
e) THEKEY-DAPP: THEKEY DAPP service source code
f) NEO: Smart Contract Code, including certification contract, payment contract
g) NEO-cli-ebao: modified source code of the neo-cli code for the wallet transfer
interface

16