Distributed digital identity addresses several needs that have emerged as artifacts of the digital economy. As systems and services move online to support remote customers and workers, passwords, one-time codes sent via email, SMS and voice, and other authentication mechanisms prove ineffective and frustrate users. On closer inspection, the challenges grow larger.
Proving user identity at new account origination, login or during a transaction to eliminate fake and synthetic identities, securing personally identifiable information, and providing online services to underbanked and otherwise disadvantaged populations are all business challenges rooted more deeply in digital commerce.
Advances in smartphones, cryptography and blockchain technology help address these challenges. Modern handsets and other electronic devices are now manufactured with a Trusted Platform Module / Secure Enclave that enables Public-Key Cryptography with the storage of a private key under sole access and control by the user / device owner. Those same devices come equipped with digital cameras capable of high resolution image capture.
A distributed digital identity deployed via distributed ledger (AKA blockchain) gives users control over their personal, verified information and allows them to share it on demand in a safe and secure way. This differs from both:
- Centralized identity: verified credentials are stored and controlled by a single central authority, typically in a single database
- Federated identity: linking an individual’s electronic identity and attributes are stored across multiple distinct identity management systems
A key limitation of both centralized and federated identity is that neither form of identity has provided an identity service that is private and easy-to-use. The decentralized identity model (also frequently referred to as a self-sovereign identity model) solves this challenge.
With a decentralized identity model, users are offered a unique opportunity to move beyond the existing limitations to which they’re confronted. Based on distributed ledger technology (blockchain), a decentralized identity returns the control and administration of the identity back to the user rather than leaving it under the control of another party (web service or site).
The identity data that’s entered by the user, verified by BlockID and trusted third-party certification services, and stored on the blockchain create what’s known as a Decentralized Identifier (DID). DIDs are the new standard for identity data that’s enabled by Blockchain technology, and are the enabling force behind Distributed Digital Identity
DIDs are not controlled by any single organization — instead, they’re controlled by the owner of the identity information. For GDPR compliance, they — and only they — get to choose what identity information to provide and to whom.
The BlockID Blockchain also maintains a complete, immutable history of each identity request and exchange. Beyond its value for auditability, BlockID uses this data and artificial intelligence (AI) to help identify patterns and anomalies to detect and prevent fraudulent activity.
Uses for Distributed Digital Identity
The BlockID digital identity compiles attributes from multiple, proof-able sources to automate and accelerate new account registration. All sorts of information then becomes readily available anywhere at any time upon user consent.
This allows identity to be verified, for example, by any combination of government issued credentials (eg, driver’s license, passport), banking records, telco providers, and employment records.
Other types of information such as educational certificates and vaccination records, for example, can also be added to the distributed identifier to make the user’s ID proofing process indisputable to support a variety of use cases, including:
- Perform new employee employment identity verification
- Authenticate worker access to corporate systems
- Update corporate records without introducing manual errors
- Comply with privacy and security requirements for personally identifiable information
- Prevent creation of fraudulent new accounts
- Combat account takeover
- Secure transactions from financial fraud
- Accommodate secure sharing of personally identifiable information
Users retain sole access and control over their personally identifiable information at all times
Users create and hold identity information in their digital wallets rather than having their data controlled by a website or an application. The new identity resides in the user’s local wallet, which remains securely on the user’s own devices. Since the identity remains within the user’s control, a remote application can’t delete it purposefully or inadvertently, and it also cannot be compromised if a remote website is the victim of a data breach. This is the advantage of Distributed Digital Identity: the user retains control of their identity at all times.
Decentralized storage removes a central administrator and the risk of data breach
A decentralized digital identity is created with a unique public and private keypair that is used for encryption, signing, and making relationships with other parties. Each identity contains a decentralized identifier (DID) and a unique private/public encryption pair. We follow W3C DID specifications that define how a specific DID scheme can be implemented on a specific Distributed Ledger Technology or network, including the precise method(s) by which DIDs and DID Documents can be read, written, and revoked.
Decentralized identity provides end-to-end encryption protecting information while sharing
One of the clear advantages of decentralized models over current models is that decentralized identity users negotiate peer relationships with the users or applications with which they connect. The identity owner and the remote application securely exchange unique DIDs when creating a new peer relationship. Since the pairwise DIDs are privately negotiated only between the two parties, no external public key server, host messaging server, etc. has access to the keys or plaintext messages and strong end-to-end encryption is achieved.
Edge / Cloud Agents
Easily and unobtrusively manage their identities without the need to be continuously online
Users can install applications and subscribe to digital identity services for a wide range of purposes. Digital identity apps that provide local functionality and services (e.g., decentralized identity wallet) provide what is called an edge agent. Digital identity owners can also employ a cloud agent to help them with cloud-based activities. For example, a cloud agent can receive messages sent from remote peers and store them until an identity owner’s edge agent (e.g., device, app, etc.) connects to the cloud and is ready to receive them.
Zero knowledge proof satisfies an information request while protecting the privacy of the user
Identities can make assertions (without revealing the data itself) which are cryptographically verifiable by the receiving party. Verifiable credentials are a standardized method for issuing and presenting claims about a person’s identity (e.g., driver’s license, university qualifications, passport, gym membership, etc.).
The major cryptographic element used by decentralized identities to request and validate verifiable credential assertions is known as a zero knowledge proof (ZKP).