Zero-Knowledge Identity Protocol ZeroVault Becomes ISO Standard: Prove Identity Without Exposing Personal Data

Article

On November 22, 2028, the International Organization for Standardization (ISO) formally published ISO/IEC 27099 — the identity verification framework based on the ZeroVault zero-knowledge proof protocol. This is the first international standard to incorporate zero-knowledge proof technology into an identity authentication system.

ZeroVault's core capability is selective disclosure. Users can prove they meet a condition (such as being over 18 or having a credit score above 700) without exposing the underlying data (date of birth, exact score). Verifiers receive only a yes-or-no result with no access to additional information.

The technical architecture comprises three layers: the credential layer stores user identity credentials (ID cards, bank records), the proof layer generates zero-knowledge proofs, and the verification layer validates proof validity. The entire process completes on the user's device — raw data never leaves the phone.

China's four major state-owned banks have begun piloting ZeroVault for customer identity verification. In the pilot, KYC (Know Your Customer) processes shrank from an average of 3 days to 30 seconds, with data breach risk reduced by over 90%. Ant Group and Tencent have integrated ZeroVault into their payment systems.

In government services, ZeroVault is used for social welfare eligibility verification — low-income individuals can prove they meet subsidy conditions without disclosing detailed income and asset information to government agencies. This privacy-preserving governance model is being rolled out across 10 cities.