Decentralised Digital Identity (DDID) has the potential to revolutionise digital identity. Find out more about the different types of DDID, its use cases and benefits, and how it could change the way we manage identity verification forever.
Decentralised Digital Identity based on blockchain
Imagine never having to worry about a lost driving license or passport ever again. Imagine never having to worry if someone has stolen your identity. With decentralised digital id, this could be a very real possibility.
In the last article we looked at data privacy and how, without respect to privacy at a systemic level, we end up with public user data scandals like that of Facebook and Cambridge Analytica where millions of Facebook users' personal data was acquired without the individuals' consent and used for political advertising.
Such scandals scare end users away from sharing their data. With decentralised digital identity based on blockchain, data access is transparent. Users can see who is accessing their data, when, where, and how — and have control over it, too.
In this article we are going to take a much closer look at the proposed solution: decentralised digital identity. By the end of this article you’ll know what digital ID is, the different types that exist, and how it could change the way we manage identity verification forever.
A digital identity is simply a way to verify who you are in the digital world. It consists of a set of validated digital attributes and credentials — similar to a person's identity for the real world. Attributes can include a unique identity number, social security number, name, place, and date of birth, citizenship, biometrics, and more, as defined by national law.
It all began with the conventional siloed shared-secret model. That’s where we use our username/email and passwords to prove our identity. Service providers use a combination of online and offline processes to onboard users, then authenticate their identity for future interactions via secret information such as passwords, confirmation emails etc. In this centralised model, user information is fragmented across a pool of service providers.
The centralised model, however, is repetitive for users and poses security threats. If you want to buy something small and trivial online, it will ask you to create an account, set up a username and password, add your payment details, and perhaps verify your email etc. This means your information is likely stored in a database. The problem here is that, regardless of the strength of your username and password combination, it remains your weakest link.
A single breach of the database comprises your payment details, address, and other valuable information. In fact, it’s common for regular internet users who don’t often change passwords to have dozens of compromised accounts at any one time. The greater the number of accounts you hold, the greater the chances of compromise. Therefore, security is a legitimate risk.
What’s more, from a user perspective, it can be a real pain to keep track of countless login details for dozens of different websites. Every time you login you need to type in your details — if you can remember them. You might find yourself forever changing lost passwords. The future of digital identity, however, looks different.
This paved the way for the federated model, which allows you to sign in with some other trusted source — provided you are present on their database. If you have ever come across ‘login with Google’ or ‘login with Facebook’ you have encountered a federated identity solution before — and probably enjoyed its convenience. However, the problem becomes that we place too much trust in a single identity provider. For example, if we use ‘login with Facebook’ everywhere, a simple change in Facebook's terms and conditions could lock you out of your linked accounts.
That’s where decentralised digital identity (DDID) comes into play. With a DDID, we don’t rely on any single identity provider, we don’t have to maintain multiple login credentials, and we don’t have to type in username and password combinations everytime we login.
With DDID, the end user takes the power back as they have sole ownership of their data. Data that is no longer stored in a third-party service provider’s database. Never again do users have to worry about their passwords, hacks, or annoying advertising emails when their data gets sold in a greasy backhander.
DDID infrastructure lets you use, issue, store, and verify credentials without the physical meeting between two entities. You simply share your digital credentials with trusted parties to prove your identity, giving you freedom and security.
If you’re familiar with blockchain, as soon as you read the word ‘decentralised’, you knew what was coming. Blockchain facilitates the decentralisatist’s dream. In doing so, it helps us eradicate the following problems in the current system:
Approximately 1.1 billion people worldwide have no proof of indentity1. 45% of those are among the poorest 20% in the world. Cumbersome identification paperwork processes, expenses, lack of access, and the simple lack of awareness keep people locked out of traditional identification systems. Nonetheless, 60% of the 2.7 billion unbanked already own mobile phones, which paves the way for blockchain-based mobile identity solutions which better suit the needs of vulnerable citizens2.
At present, the government stores our most valuable information in centralised databases which have more single points of failure than an un-armoured tank. As these databases hold valuable personal information of millions of users, they may as well have bright shiny targets and welcome signs for hackers. As a matter of fact, a recent study has shown that personally identifiable information is the most targeted data for breaches comprising about 97% of the total in 20183. Our personal data is not secure.
Due to the weak link between online and offline identities, it is easy to fake our identity online over different websites. Have you ever entered a false email, or even made a second email for online sign ups with a different name? It’s most common among trolls who juggle fake identities and peddle fake news and fraud. With a false identity and no way to prove who they are, we rarely get hold of the actual culprit. With a blockchain-based system of identity management we can reduce such activities where the user has to authenticate himself with his true identity online.
The process flow of DDID is shown in the image above. The issuer can be any trusted organisation. Here’s an example. Let’s say the credential issuer is the UK Government, the credential issued is a driving licence, and the verifying entity is a car dealership. The process to get your licence remains the same, however, when you pass, instead of getting a paper or hard copy of the document, you will be offered credentials by the government in your cloud wallet, which you access with your smartphone. This credential will state all the details the driving licence normally states. Now, you as the owner of the credentials will have the chance you accept these credentials or deny. Once you accept them, they will be added to your wallet and can be used to prove you are a verified driver within the UK. You can now test drive from a car dealership showing proof of license from your phone. Here from your mobile phone you can share the credentials issued to you earlier by the government.
There are three basic types of decentralised digital id: enterprise, consortium, and self-sovereign identity.
The enterprise implementation is restricted to an internal enterprise in a private blockchain network. The enterprise acts as the issuer and the verifier and also controls the data.
In a consortium DDID, members can join either as issuer or verifier and use permissioned blockchain to share details in a secure manner. The identity information here is controlled by members.
Self-sovereign identity systems operate as public utilities. In SSI, we rely on a non-permissioned blockchain like Ethereum or Sovrin where the underlying network is hyperledger Indy, which is a public, but permissioned, chain.
Privacy and convenience
DDID’S are private by design giving users full control of how, when, where and what data is being shared. They are conveniently easy to set up and reduce a lot of time and effort than the usual logging in with a username and password.
Security and fraud reduction
Users are more secure as they do not have to maintain and cope with multiple usernames and password combinations for different websites and login pages. Furthermore, businesses are more secure as they don't have to maintain honeypots of descriptive personally identifiable information. This leads to fraud reduction as there are no login IDs and passwords with which hackers can steal — even with brute force hacking.
Cost savings and efficiency
DDIDs can reduce the cost of customer onboarding, data management, and security.
There are two approaches to implementing DDID in a Sovrin network: connectionless or connection-oriented.
In a connection-oriented approach, the issuer and the user have to establish a connection before the user can receive their credentials. However, once a user connects with an organisation, the organisation can directly issue a credential to the user’s digital wallet.
For example, an end user goes to a driving licence issuing entity and connects with them he establishes a channel of communication between them. Now, when the driving licence is ready, it is directly sent to his wallet.
In a connectionless approach, no prior connection between end user and issuing or verifying entity is required. In this type, the end user is given a QR-code to scan. Once the QR code is scanned, it either issues a credential which the user can accept or reject, or it asks for a certain verification of identity.
In a certain sense, the connectionless approach has a higher risk factor in regard to important credentials like driving licenses or passports. It is possible that, should someone get access to the QR code prior to the real user, they could fraudulently steal their identity. For that reason, in such instances, a connection-oriented approach is preferred. On the other hand, when we want basic verification or to sign up on social media or websites, a simple connectionless approach is convenient.
The very fact that DDID is set to change how we manage our personal identity forever means that there is a lot of early interest and attraction in the idea. No longer will anyone have to worry about losing importing personal identity information.
What’s more, at Reply, we worked hard and early to get ahead of things and apply DDID to the urgent and important need of COVID freedoms.
We have created a brand new platform that allows users to prove their identity and immunity status during the pandemic — making public gatherings safe from the risk of further COVID outbreaks.
Using the platform, once the user gets tested at a verified NHS test center, they receive an immunity certificate issued to their wallet in the app. If the user can not visit the test centre, he or she can take one of the approved home test kits and upload the test results directly onto the platform. Upon verification, according to the results, they will then receive their immunity certificate and be free to attend whichever mass gathering they so choose, from football games to concerts, to restaurants and more. Finally, we can get the country moving again.
Blockchain Reply is the Reply Group company specialising in Blockchain and Distributed Ledger Technology (DLT). Our unique approach aims at identifying industries' challenges to pinpoint where DLT can bring the most value. From light touch advisory services to large-scale implementations, we help companies to leverage DLT for the right reasons. Blockchain Reply coexists in an ecosystem with an extensive range of Partners with whom we deliver tailor made solutions. Blockchain Reply is technology agnostic and acts as a trusted advisor for its clients.