Deepak Gupta* makes an argument for changing the way we provide personal data to third parties. Today, almost all of our digital identities are linked through devices, apps, and services. Service providers control these digital identities and their respective digital identity data. Because of this, users are now experiencing misuse of personal data and data breaches that affect their social, financial, and professional lives. Additionally, giving access to multiple third parties or service providers from different applications makes it harder for users to manage their personal data and revoke access to their information. Users need to own and control their digital identities to address these concerns, preferably from a single source. A centralised system makes user identity data extremely prone to cyberattacks and privacy breaches. But decentralised identity solutions provide a new horizon by enabling users and service providers to have better authority over their identity and personal data. This article addresses the following: - What is a decentralised identity? - How decentralised identity works with blockchain - How to authenticate using a decentralised identity - What happens when we fully adopt a decentralised identity procedure? - Benefits of using blockchain with decentralised identity
What is a decentralised identity? Decentralised identity is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider. For example, digital identities can get approval from multiple issuers such as an employer, a government, or a university that remains stored in a digital wallet called an “identity wallet.” Using the identity wallet, the user (i.e., the identity owner) can present proof of their identity to any third party. The wallet helps users give and revoke access to identity information from a single source, making it easier. According to Forrester, “Decentralised digital identity (DDID) is not just a technology buzzword: It promises a complete restructuring of the currently centralised physical and digital identity ecosystem into a decentralised and democratized architecture.” How decentralised identity works with blockchain The setup of decentralised identity with blockchain typically consists of the following elements: - Identity Wallet: An app that allows users to create their decentralised identity and manage their access to service providers. - Identity Owner: A user who creates their decentralised identity using the identity wallet. - Issuer/Verifier: The person who issues and verifies the identity information. They sign the transaction with their private key. - Service Providers: Applications that accept the authentication using the decentralised identity and access blockchain/distributed ledger to look for the DID that user shared. - Blockchain/Distributed Ledger: A decentralised and distributed ledger that provides the mechanism and features for DIDs and functioning. - DID (Decentralised Identifier): A unique identifier that contains details such as the public key, verification information, service endpoints. In a decentralised form of identity, an application (an identity wallet) allows users to create their own digital identity. Upon identity creation, the respective cryptographic keys (a public and a private key) are generated. The identity wallet submits a registration payload with a public key to the blockchain, which generates a unique identifier against your wallet. The private key remains with the user’s device/identity wallet and is used during the authentication. Similarly, issuers such as the government, universities, and finance institutes verify the respective identity information and add to the digital identity data in a process that is like issuing certificates. The processes, for example, verifying user identity and issuing new credentials, require issuers to sign using their private keys.
How to authenticate using decentralised identity These are the steps of authentication using decentralised identity and blockchain. - The identity wallet holds verified identity details of the user such as name, age, address, education, employment details, and financial information. This information helps establish trust and makes the user eligible to perform authentication. - The decentralised identity mechanism takes the public key associated with the private key and publishes it onto a distributed ledger such as blockchain. - As the decentralised system provides the public key to the distributed ledger, the identity wallet receives a decentralised identifier (DID). DID is a unique identifier representing the user across the internet. - The user shares this DID with the service provider for authentication. - The service provider looks for the shared DID in the distributed ledger. If found, distributed ledger sends matching data to the application. - The user signs this transaction with the private key to complete the authentication. - The service provider application confirms the authentication success and lets the user perform the actions.
What happens when we fully adopt the decentralised identity procedure? Let’s assume an online shopping scenario where the required data will transit from the wallet associated with the decentralised identity. The wallet in this scenario contains the verified identity, address, and financial data. The users share identity data to log in with the website by submitting the required information from the identity wallet. They are authenticated with the website without sharing the actual data. The same scenario applies to the checkout process; a user can place an order with the address and payment source already verified in his identity wallet. Consequently, a user can go through a smooth and secure online shopping experience without sharing an address or financial data with an ecommerce website owner. Five benefits of leveraging blockchain Trustworthy: Blockchain technology uses a consensus approach to prove the data authenticity through various nodes and acts as the source of trust to verify user identity. Along with the data, each block also contains a hash that changes if someone tempers the data. These blocks are a highly-encrypted list of transactions or entries shared across all the nodes distributed throughout the network. Data Integrity: The blockchain-based data storage mechanism is immutable and permanent, and hence, modification and deletion are not possible. The decentralised identity systems use this mechanism so that no external entity can tamper or modify the data. Security: Another crucial reason for leveraging the blockchain in decentralised identity systems is to provide robust security. The blockchain system features an inherent design by maintaining data in a highly encrypted fashion. The blockchain also caters to digital signatures, consensus algorithms, and cryptographic hash functions to protect user identities from breaches and thefts. Privacy: Decentralised identity systems leveraging blockchain with a pseudo-anonymous identifier (decentralised identifier) can help mitigate the privacy concerns among the identity owners. Simplicity: Identity issuers leverage the seamless process of issuing digital identities. Identity verifiers can efficiently onboard new users and conduct the information verification process. Identity owners can effortlessly store and manage their identities within the identity wallet. Conclusion From all the above facts, it is evident that decentralised identity with blockchain can completely transform the digital identity landscape. It will make digital identity management decentralised and seamless, as no particular organisation will govern the user data. More importantly, users will be able to easily authenticate themself without sharing their sensitive personal information with third parties. *Deepak Gupta is cofounder of LoginRadius, tech strategist, cybersecurity innovator, and author. This article first appeared at venturebeat.com.