The concept is actually rather simple and I have been thinking about it a lot. It requires a blockchain for who's only purpose is to store a valid confirmed identity for a single entity. Entered by the identity and signed by the authority (government) to whom the identity is issued. Once created, the identity can use a key to stand in place of any KYC request by any website. The identity can even create a separate key for each use case, to enhance security of their identity. The key will not expose the identity, but only verify that the information submitted for verification is valid and confirmed. This allows for KYC without storing any personal data on any site save for the identity blockchain, which only stores an identity verification, no other personal information. That's my theoretical markup, anyway. Any design is likely to have flaws that cannot be seen from the designer's perspective.