POSIT: Zero Knowledge Identity for the Privacy-First Era
A concept for privacy-focused Identity Access Management using Zero Knowledge Proofs and End-to-End Encryption. Letting businesses verify users without ever seeing their data.
Krishna C
September 15, 2020
•
3 min read
This is a product concept I developed in 2020. View the original pitch deck (PDF).TL;DR POSIT is a product concept for privacy-first identity management. Users authenticate once, businesses get a unique ID and use APIs to verify claims ("Is user above 13?") without ever seeing the underlying data. Zero Knowledge Proofs + End-to-End Encryption make it work.
The Problem
Users are concerned about data privacy. As data breaches and instances of businesses selling user data rise, 95% of Americans are concerned about revealing sensitive data to businesses. 7 out of 10 want to protect their privacy but don't know how.
Businesses don't have time for privacy. With increased demand for privacy, businesses lack the time and money to invest in Identity and Access Management solutions. They should focus on their core business, not building auth infrastructure.
The Concept: POSIT
POSIT is Identity Access Management as a Service (IAMaaS) built on:
- Zero Knowledge Proof (ZKP): Verify claims without revealing underlying data
- End-to-End Encryption (E2EE): Data encrypted with user's private key
How It Works
Example: A user signs up for a streaming service.
1┌─────────────┐ ┌─────────────┐ ┌─────────────┐2│ User │ │ POSIT │ │ Business │3│ │ │ (IAMaaS) │ │ (Netflix) │4└──────┬──────┘ └──────┬──────┘ └──────┬──────┘5 │ │ │6 │ Signs up/in │ │7 │──────────────────>│ │8 │ │ │9 │ Assigns ID "1234"│ │10 │<──────────────────│ │11 │ │ │12 │ │ Is user "1234" │13 │ │ above age 13? │14 │ │<──────────────────│15 │ │ │16 │ │ YES / NO │17 │ │──────────────────>│18 │ │ │19 │ │ Send email to │20 │ │ user "1234" │21 │ │<──────────────────│22 │ │ │23 │ Receives email │ 200 / Sent │24 │<──────────────────│──────────────────>│
Instead of giving data to the business, users authenticate through POSIT. The business gets a unique ID and uses POSIT APIs to:
- Verify age: "Is user above 13?" → YES/NO (no birth date exposed)
- Send communications: Email routed through POSIT (no email address exposed)
- Authenticate: Standard auth without storing credentials
The business never sees the underlying data. Users don't receive spam because their contact info was never shared.
Why It's Secure
- Data encrypted using user's private key, protected by their password and salt
- We can only read sensitive data if user explicitly consents
- ZKP + E2EE implementation makes data unreadable, even to us
Market Opportunity (2020)
| Year | IAM Market Size |
|---|---|
| 2020 | $3.4B |
| 2023 | $16.8B |
| 2025 | $22B |
Source: Gartner, Forrester
Market validation:
- Auth0 (IAM company): 1,813% growth over 3 years
- OneTrust (privacy company): 48,337% growth in 1 year
- Average ROI for businesses using IAMaaS: 739%
Competition Landscape
The market sits at the intersection of IAM and Privacy:
| Category | Players |
|---|---|
| IAM | Okta, Auth0 |
| Privacy | OneTrust, Yubico |
| IAM + Privacy | POSIT (whitespace) |
Competitive advantages:
- Privacy-first architecture (Apple's privacy ads show market direction)
- ZKP + E2EE for security that competitors don't offer
- B2B SaaS model with usage-based pricing scales with customer growth
The Takeaway
I believe the privacy-first identity layer is inevitable. Users want control over their data. Businesses want to avoid liability. Zero Knowledge Proofs make it possible to verify without exposing.
The question isn't whether this will exist. It's who builds it first.
This was a product concept I developed in 2020. The core idea (privacy-preserving identity verification) has only become more relevant as privacy regulations tighten and user awareness grows.
View the original pitch deck (PDF)
Thoughts? Hit me up at [email protected]