Digital Identity (A.K.A. Self-Sovereign Identity)

When the user rules over its own identity

The Age of Information overloaded us with an infinity of access on almost anything we want to know about to help us decide on matters that concern our life, our living, and our lifestyles. The dawning of the Internet made this accessibility possible with a few clicks on our computers, laptops, and mobile phones. But the proliferation of fake news and information led authentic platforms to protect the truth in their information by requiring those who are inquiring to first submit personal details to authenticate themselves. Filling out simple to complex digital forms became the norm. We slowly turned over our treasured privacy to numerous entities, websites, and platforms, to obtain information. The price we have to pay for revealing our curriculum vitae is the loss of control over its possession. And to those that have hold of our identity, they are keeping something more valuable than gold ready for exchange to the highest bidder.

Identity Breach

For every app, service, and product that we avail, we have revealed a little of so much about ourselves and scattering them all over the Internet. We have given blind trust to service providers that they have the capabilities to secure our privacy details. Sad to say, many of them fail to protect sensitive data that often led to identity theft and fraud. Those who tried to centralize the control of identities have become easy targets for hackers whose dirty jobs became much easier with a one-stop-shop kind of hacking. Regulators across borders who are out to protect their citizen-consumers conjured legal provisions to subject providers to any liability should customer data are compromised and should, therefore, step up security measures to repulse any attempt to breach the safety of hundreds of thousands of personal identity information. With the increasing sophistication that hackers employ, providers are under pressure 24/7 to keep them at bay.

The Self-Sovereign Identity

For as far as we can remember, we have signed up countless times typing our personal data in to fulfill the requirements of a provider. Countless times too, we have used our government-issued IDs, driver’s licenses, passports, company IDs, and other documents issued by reliable authorities to prove our identity. Now that it has become more taxing with a disturbing air of doubt every time personal data is asked for in any digital access. Could it be possible that all of these pertinent documents be stored as a verifiable credential each time it is required like boarding a plane or renting a car? Yes, it could.

By using a Decentralized Identifier (DID) with public-key cryptography (PKC) in an SSID-empowered decentralized ledger (Self-sovereign Digital Identity). The user avails a wallet app to generate a public and private key pair where the owner keeps the private key secret and publishes the public key to an SSID powered distributed ledger. This will generate a User ID of the public key in the data storage. When the user requests issuer entities for validated identity claims, the entity will issue credentials of the user signed with the entity’s own issuer ID. The credential is countersigned by the User ID and stored in the user’s wallet app on his device, encrypted, and fully controlled by the user. The User DID and the Issuer DID can be verified by the service provider on the decentralized ledger before releasing a claim.

We refer to this concept as the Self-Sovereign Identity, or SSID, empowering users to rightfully present, control, and own their data identity accordingly, with the service providers enabled to validate the identity claim trustingly. It is important to note that the user’s personally identifiable data are kept only on the user’s end device and not on the ledger. With all pertinent legal documents that point to the authenticity of the user as a legal person contained in the wallet, all the user has to do is to submit his verified digital identity to a transacting 2nd party without revealing his personal information to them.

Challenges

This SSID concept is still evolving along with the complex technology that surrounds the verification of digital identity. While self-sovereign digital identity gives the user full rights to his identity, there is still the need to rely on trusted authorities to validate and issue credentials duly verified. For the long cut, users still need to collect their verified credentials from trusted issuing authorities and storing them in the wallets on their devices before transacting. There is also the challenge of moving their verified credentials from one wallet to another in cases of a wallet or device loss. For eCommerce transactions, providers may keep user data for seamless future transactions which will invalidate the user’s concept of full control. The right to be forgotten when the user wants his SSID to be removed from the provider’s ledger may not be guaranteed to be initiated at all, thereby violating the SSID concept.

Conclusion

The concept of a fully implemented self-sovereign digital identity is still a reality belonging to the distant future. But the evolving technologies surrounding it must not be discounted to bring it to fruition. Once realized, it will invariably change the way users use and control their own personal identity with a nil amount of exploitation from external influences.

eQapital is relevant now more than ever in catering to the currently evolving needs of the digital investor. Financial services from Trust, Custody, Exchange, Transfer, to Asset Management needs are strategized on blockchain infrastructure to empower you to control your funds, whether fiat or crypto. Security is in place with AML/KYC/CFT procedures. Our friendly eQapital Team is always ready to assist you 24/7. Contact us now and let us be partners towards your progressive financial health goals.