lifeID in Depth: Self-Sovereign Identity and How it Works

We’re getting ready to launch the lifeID Protocol Network in Q1, so we want make sure everyone groks all the aspects of how lifeID is developing and launching the lifeID Identity Protocol. Over the next several weeks, we’ll be covering what you need to know about the architecture, the protocol tokenomics, community governance, our marketing philosophy in a “zero-knowledge” user data world, as well as everything else that touches you, our partners, token holders and community.

This article covers what “Self-Sovereignty Identity” is and how it works using a blockchain identity protocol.

Self-sovereign Identity and How it Works

A self-sovereign digital identity is an identity that’s created and managed by you, the user. It has all of the credentials you need to interact in the digital and physical world, without relying on a centralized organization or authority.

Self-sovereign identities use public key cryptography, so to understand how they work requires a basic understanding of how this cryptography is used.

Public key cryptography is a process in which cryptographic keys are generated in pairs, a public key and a private key. The public key can be viewed by anyone, while the private key is kept secret by the user. Users can prove ownership of the public key by using, but not showing, the private key itself. This proof of ownership of the public key is the mechanism owners use to prove that a self-sovereign identity is theirs.

To create a self-sovereign digital identity, an app creates a unique digital identifier along with a cryptographic public/private key pair. This “identifier” is just a large, unique random number. Using a global public registry — in this case a blockchain — the user associates the public half of the key pair with the unique digital identifier.

The private key is also an extremely large number that’s ridiculously hard to memorize or type into keyboard. Instead, it gets stored in a secure enclave like on an iPhone or Android. If the user loses access to the private key associated with their digital identifier, they create a new key pair and update the global public registry. This key management is an essential feature of self-sovereign identity. (We’ll cover how key recovery works in a future note, but the short version is that it uses smart contracts combined with standard “friends or family” recovery methods chosen by the user during initial setup.)

Unique identifiers represent each peer-to-peer relationship established by the user with a third party, like a friend, a bank, their university, a website, etc. These identifiers are then used to ensure each party is who they say they are for these peer-to-peer interactions. As an example, when a user creates an account on a new website, a new key pair is created. To authenticate with the website, the user proves ownership of this identifier using the private key associated with the identifier (all this happens in the app — users don’t have to manage this themselves). When the website wants to authenticate a user, it looks up the user’s identifier on the blockchain, determines the associated public key, and confirms that the user has the private key. It’s worth noting that updating the keys associated with the unique digital identifier does not require that the user contact the website where the identifier was used. Instead, updates are managed in the background by a lifeID-power app.

Making all of this work requires a secure global registry where users can update the digital identifiers that they control — where the data, once written, can’t be changed or removed except by the user with the private key. Until the advent of blockchain technology, these requirements were impossible to meet.

How do you create an open public central registry that isn’t itself centrally controlled? This is where the magic of the blockchain comes in!It’s the source of truth for key management, mapping a user’s unique digital identities to their corresponding public keys. Because it uses a blockchain-based consensus mechanism to maintain the accurate and up-to-date state of the registry, it requires no central authority to control or operate it. In fact, an open, self-sovereign digital identity is one of the best use cases for a permissionless, decentralized blockchain.

To fully realize the promises of a self-sovereign identity, the blockchain that functions as the central registry must be built with these three important pillars that we’ll cover in next the next edition of our newsletter.

1. Driven by economic incentive

2. Open and Permissionless

3. Self Governance

Please let us know if you have questions about this newsletter topic or anything else via email, info@lifeID.io, or twitter, lifeID_io