Identity is a very important concept that we rely on every day. From renewing a license to shopping online, your identity is necessary to make a lot of things possible. However, have you considered how big of a digital footprint you can leave behind as a result?

Most online transactions require users to disclose personal information, such as financial transactions done via Amazon Pay, Paypal and Google Wallet. Your information is then stored in a database. But if you share your information to multiple entities, your digital identity – now stored in multiple databases – becomes more vulnerable to security risks. After all, it only takes one incident to cause trouble. Smart identity management is key to preventing digital identity theft.



Identity with blockchain


At the 2018 Crypto Valley Conference, I elaborated on why decentralized digital identity is so important to consider when thinking about blockchain.


Using blockchain for identity management (as a form of a decentralized public key infrastructure) makes protecting your identity much easier. Blockchain and trust go hand in hand: this way, you don’t have to fully reveal yourself to whoever you’re interacting with. Through the use of secret keys and a special type of digital signature, those requiring your information can ensure, beyond a shadow of a doubt, you are the right person when initiating a transaction or requesting a change.

Now, this seems too good to be true, doesn’t it?



How It works: It’s based on verifiable trust


Previously, individuals had to rely on an identity provider to create and store their identity attributes/claims/attestations, only providing it when someone wants to check it. Now, you can work with a number of different issuers and be in charge of your own identity through blockchain-based identity verification.

To make self-sovereign identity possible, first you must have decentralized identifiers (DIDs), which have unique IDs and can help you keep your identity private. These link directly to what’s called a DID document (DDO), which in turn defines these identifiers’ public keys, agent services and how the IDs identify with the outside world. However, while they may all link to a DID document, it’s actually very difficult to track your activities related to your digital identity and correlate how you use different services, if certain rules are followed. It’s very important to use so-called “pair-wise” DIDs – meaning that each ID is only used per single relationship and each new interaction – e.g. interacting with a bank, office, insurance company, etc is always using a new DID/DDO pair.

To start the process, the issuer (any well-known entity with a public decentralized identifier) makes a claim for attestations about your identity: be it your age, address, qualifications or other information. They send these claims to you – a holder (which can be a person, thing or organization) – and you securely store these claims in an agent (that’s why it’s called self-sovereign identity). So if someone needs to prove their age, their ability to drive a car, if they can work a certain job or what have you, the holder goes to an inspector/verifier, who has requested the proof (based on one or a combination of claims). The holder shares the information directly with the inspector/verifier (this action establishes consent, as everyone involved knows why the information was requested and it is provided peer-to-peer). The inspector/verifier then validates that the proof contains the unaltered attestations (signed attributes) from claims that have been issued by known and trusted entities (their DIDs are well known) to the presenting individual (the holder). Finally, the holder trusts that the issuer(s) gave the correct credentials, and can revoke those credentials if they’re no longer valid.

While it may sound complicated, check out this infographic help you visualize how you can use blockchain for identity management:

As a note: if you want to make your information public, you can with an identifier registry, which is trusted to be incorruptible via public key cryptography. However, if the underlying private keys are stolen or revoked, a new key must be submitted right away to keep the blockchain-based identity verification process secure.



All in support for the future


So many applications can use identity management via blockchain to their advantage. As long as there is an identity piece to it, and as long as there’s a trust element to it, it can be built. A secure digital identity is possible with the right tools, as blockchain and trust go hand in hand.

Organizations supporting the use of blockchain for identity management are certainly getting some traction as well, like the Decentralized Identity Foundation, which has gained over 30 company members just within the last year. Or the Hyperledger Indy project, which is hosted by one of the world’s largest blockchain-focused open source alliances called Hyperledger. These organizations are great ways to learn more and share ideas with people that are passionate about blockchain identity solutions and other technology.

Curious about how blockchain can help your business, strengthen your defenses against digital identity theft and want to learn more about blockchain identity solutions? Talk to Luxoft blockchain experts to learn more.
Vasily Suvorov
A technology strategist with extensive experience in defining and creating software and hardware systems based on emerging and science-intensive technologies. He created start-ups in computer telephony and wireless mesh networks. In Luxoft he is focused on creating internal start-ups to work on emerging technologies such as connected cars, next gen Automotive HMI, Network Functions Virtualization (NFV) and Blockchains.