Security and privacy at the core of PikcioMe

Blog | 14 May 2019

Pikcio is proud to introduce PikcioMe, the first 360 personal data app aimed at users who wish to benefit from digital services without compromising the safety of their data.

Pikcio is committed to giving users control of their data and has therefore spent years in research & development to find the best possible security infrastructure for its services.

In this article we would like to outline how we integrate the notion of trust in PikcioMe and, more globally, the PikcioChain network. These were designed through the implementation of trust protocols that aim to prevent data misuse, confidentiality breaches and hacking as well as foster mutual confidence among users.

Peer-to-peer technology

Decentralized networks

At the core of PikcioMe: peer-to-peer technology. While a huge majority of digital services store data on centralized networks, Pikcio has chosen a decentralized alternative. This provides users with the promise of maximum security for their data.

How it works

To picture how peer-to-peer technology works, simply picture a wide network of nodes (each representing a user). Whether they be using the browser or the chat features of PikcioMe, the principle remains the same: requests from a user do not go directly to another user (if using the chat) or to the search engine (if using the PikcioBrowser). Instead, that request is encrypted and bounces from one node to another until it reaches its destination.

This way, traffic cannot be tracked or analyzed, and users remain anonymous – even in the event of a malicious node in the network.

Trusted Identification System (TIS)

What is a TIS?

The TIS is a trusted third-party that generates and grants each user x a pair of identifiers. First, a node ID (), an unambiguous identifier as a unique node in the P2P layer. Second, a Matryoshka ID () that identifies the user in the Matryoshka layer. Both identifiers are calculated from a set of properties such as x ‘s username and e-mail address. A pair of certificates links each identifier to a respective public key provided by x. The corresponding private keys are known to x and no one else. Because the P2P system can retrieve a node IP address from its node ID, the separation of node () and Matryoshka () identifiers is necessary to prevent malicious users from deriving IP addresses.

Confidentiality preservation

In Pikcio’s network, only a node’s trusted contacts are able to link these two identifiers because they can act as mirrors and therefore know both. But the TIS is an exception: it too can bind users’ Matryoshka matr_id and node_id node identifiers, since it generated both. In the event of corruption, the TIS may disclose user participation in addition to their location. However, the TIS does not possess private user keys, so it cannot impersonate, recover its set of trusted contacts or access the content of shared data.

Service bootstraps

Simultaneously, the implementation of bootstraps will allow the TIS to transmit a set of nodes (i.e. bootstraps) to the user node that will act as trusted contacts, while the user builds his own social graph. These bootstraps will also allow the user to access the DHT (see section P2P Kademlia Pikcio).

Trust Capital Index (TCI)

In decentralized systems, there is no mediation around trust and identity management despite trust being the engine of any Blockchain. This is why Pikcio has introduced the TCI to monitor trust activity and entities, i.e. network nodes.

What is a Trust Capital Index

To counter identity theft that is very common in digital spheres, our network includes an identification protocol by consensus validation called the Trust Capital Index. This TCI is a user identification score on the network, determined through their personal data and user-to-user recommendations.

Increasing a user’s Trust Capital Index

The Trust Capital Index is primarily an identity that relies on data from Pikcio’s digital identity as a service. Thus, a user’s TCI will grow as they feed more and more data on their profile and peer-to-peer network.

A user can validate their identity and increase their TCI by linking their digital identities and related data that are scattered across different platforms and service providers. These include social networks, administrations, banks, insurance, and so on.

Trust by consensus

Through an algorithm, consensus ensures the consistency of these identities and increments the users’ score according to the result. The TCI is also dependent on peer validation, i.e. validation of a user’s identity by one of their contacts. This process is also validated and certified by consensus.

How it works

At first, a user’s TCI will be managed by PikcioMe as it builds and develops according to the data on users’ profiles.

With the integration of Pikcio’s digital identity as a service in PikcioMe, users will be able to authenticate themselves and log into other portals (banks, social networks…).

Want to try PikcioMe for yourself? Download it now and send us your feedback!