Decentralized Digital Identity
Almost all our digital identities are linked through devices, applications and services. Service providers control these digital identities and their respective consumption data, linked to that digital identity.
KYC (Know Your Customer) is the information request format that manages companies that administer third-party funds, and then store personal customer information. Because of this, users currently experience a bad use of personal data and data leaks that affect their social, financial and professional life. Privacy and safety are violated. (1)
In addition, giving access to multiple third parties or service providers from different applications makes it difficult for users to administer their personal data and revoke access to their information.
Users should own and control their digital identities to address these concerns, preferably from a single source.
A centralized system causes the user’s identity data to be extremely prone to cyber attacks and privacy violations. But decentralized identity solutions provide a new horizon by allowing users and service providers to have better authority about their identity and personal data.
How is a Decentralized Identity?
Decentralized identity is based on a framework of absence in the need for trust for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider.
For example, digital identities can obtain approval from multiple issuers, such as an employer, a government or a university, which remain stored in a digital wallet called “Identity Wallet”. Using the identity wallet, the user (ie, the owner of the identity) can present proof of the identity of it to any third party. The wallet helps users grant and revoke access to identity information from a single source, which makes it easier.
According to Forrester, “decentralized digital identity (DId) is not just a word of fashion in technology: it promises a complete restructuring of the physical and digital identity ecosystem currently centralized in a decentralized and democratized architecture.”
The Decentralized Identity in Blockchain
The configuration of decentralized identity with Blockchain generally consists of the following elements:
- Identity Wallet: An application that allows users to create their decentralized identity and manage their access to service providers.
Owner of identity: A user who creates his decentralized identity using the identity wallet.
- Issuer / verifier: The person emiting and verifies identity information. They sign the transaction with their private key.
- Service providers: Applications that accept authentication using decentralized identity and access Blockchain / Distributed Book to look for the DId that the user shared.
- Blockchain / Distributed Major Ledger: A decentralized and distributed ledger that provides the mechanism and functions for DIds and its operation.
- DId (decentralized identifier): a unique identifier that contains details such as the public key, verification information, endpoints of the service.
In a decentralized identity form, an application (an identity wallet) allows users to create their own digital identity. After the creation of identity, the respective cryptographic keys, a public key and a private (secret) are generated.
The identity wallet sends a payloadload with a public key to the block chain, which generates a unique identifier for your wallet. The private key remains on the user’s identity device / wallet and is used during authentication.
Similarly, issuers such as government, universities and financial institutes verify the respective identity information and add it to digital identity data in a process similar to the emission of certificates. The processes, for example, the verification of the identity of the user and the issuance of new credentials, require that the emitters sign with their private keys.
The identity wallet contains verified identity details of the user, such as name, age, address, education, employment details and financial information. This information helps establish trust and causes the user eligible to perform authentication.
The decentralized identity mechanism takes the public key associated with the private key and publishes it in a major ledger distributed as Blockchain.
The user shares this DId with the service provider for the authentication. The service provider seeks the Did shared in the Distributed Major Ledger. If you find it, the Distributed Major Ledger sends data matching the application. The user signs this transaction with the private key to complete authentication. The application of the service provider confirms the success of authentication and allows the user to perform the actions.
What happens when we fully adopt the decentralized identity procedure?
Suppose an online shopping scenario where the required data will transite from the wallet associated with decentralized identity. The wallet in this scenario contains verified identity, address and financial data.
Users share identity data to log in to the website by sending the required information of the identity wallet. They authenticate with the website without sharing the actual data. The same scenario applies to the payment process; A user can place an order with the address and source of payment already verified on the identity wallet of it.
Consequently, a user can go through a safe and trouble-free online purchase experience without sharing an address or financial data with the owner of an e-commerce website.
- Reliable: Blockchain technology uses a consensus approach to test the authenticity of the data through several nodes and acts as a trusted source to verify the identity of the user. Along with the data, each block also contains a hash that changes if someone modifies the data. These blocks are a highly encrypted list of transactions or shared entries between all nodes distributed in the network.
- Integrity of data: The data storage mechanism based on Blockchain is immutable and permanent and, therefore, it is not possible to modify or eliminate it. Decentralized identity systems use this mechanism for any external entity to manipulate or modify the data.
- Security: Another fundamental reason for taking advantage of the chain of blocks in decentralized identity systems is to provide solid safety. The Blockchain system has an inherent design by maintaining the data highly encrypted. The block chain also deals with digital signatures, consensus algorithms and HASH cryptographic functions to protect users’ identities against infractions and thefts.
- Privacy: Decentralized identity systems that take advantage of Blockchain with a pseudoanonym (decentralized identifier) identifier can help mitigate privacy concerns among identity owners.
- Simplicity: Identity issuers take advantage of the continuous process of emission of digital identities. Identity verifiers can efficiently incorporate new users and perform the information verification process. Identity owners can store and effortlessly manage their identities within the identity wallet.
The decentralized identity with Blockchain can completely transform the panorama of digital identity. It will make the management of digital identity decentralized and transparent, since no particular organization will control the user’s data.
More importantly, users can easily authenticate without sharing their confidential personal information with third parties.
Traditionally, the user’s identity management has been carried out from third parties: an app, a service, a company that allows you to create a certain identity that becomes your username, and that allows you to identify you . This identity managed by a third party has, obviously, many problems, from the misuse of the personal data that are associating to that identity based on use, to safety problems in case that provider suffers an intrusion.
That decentralized digital identity (DId) is one of the basic fundamentals on which the idea of the web call 3: an environment in which it is stopped depending on external repositories, and in which each one administers its data.
Basically, DId allows you to have a non-only reliable system, but also, intact (stored in the block chain and not modifiable), safe, private and simple use, without any organization that manages the users’ data.
Starting to understand this type of concepts and get acquainted with them, it is one of the keys to understanding the transition that will be experiencing the web.