Biometric-based DID

With added security feature in DIDs enabled by Humanode, even if the keys are compromised, not all is lost.

Biometric-based DID

When we talk about the decentralised web's "identity data solution," we're really talking about data integrity and data analysis power. As we can foresee, the future of the internet will include more decentralised networks and blockchains, as well as more anonymous user accounts and generated user data. Traditional identification systems are fragmented, unsecure, and exclusionary in today's world. By providing a consistent, interoperable, and tamper-proof architecture, blockchain enables more secure management and storage of digital identities, with important benefits for organisations, users, and IoT management systems.

Companies frequently collect sensitive data about their customers and store it alongside less sensitive commercial data. With the rise of user privacy-centric rules like GDPR and a change in industry attention to corporate IT accountability, this introduces new business risks. The data becomes less effective in generating product enhancements and achieving meaningful customer insight when they are restricted to secure data vaults. Unfortunately, it is often the case that  businesses would attempt expensive and hazardous projects to achieve the correct balance between data security and business demands only after getting hefty penalties or after establishing better IT capabilities.

Challenges in identity

A healthy society and economy require a strong sense of self. We can build healthy societies and worldwide markets if we have a good mechanism to identify ourselves and our belongings. Identity is a collection of statements about a person, place, or thing at its most basic level. Commonly, this identity would be comprised of a person's first and last name, date of birth, nationality, and some sort of a national identity, such as a passport number, social security number (SSN), driving licence, or other similar documents. These data pieces are collected and stored in centralised databases by centralised entities (governments) (central government servers).

For a variety of reasons, physical forms of identification are not readily available to all humans. Around 1.1 billion people in the world have no way of claiming ownership of their identities. One-seventh of the world's population is now in a precarious position, unable to vote, own property, open a bank account, or find work. The inability to obtain identification documents puts a person's access to the financial system in jeopardy, limiting their freedom.

Citizens who have formal forms of identity still don't have complete ownership and control over their identities. They have a disjointed online identification experience and are unaware of the value their data generates. Companies that retain personal data are frequently hacked, requiring the end-user to deal with fraud mitigation for the rest of their lives. There is minimal to no remedy after a social security number is issued and lost.

What is a DID?

As outlined in the W3C Proposed Recommendation, “Decentralized Identifiers (DIDs) are a new type of identifier for verifiable, ‘self- sovereign’ digital identity. DIDs are fully under the control of the DID subject, independent from any centralised registry, identity provider, or certificate authority.”

Decentralized Identifiers (DIDs) identify any topic that the DID's controller determines it identifies. These identifiers are intended to allow a DID's controller to demonstrate control over it, and they can be used without the use of a centralised registry, identity provider, or certificate authority. DIDs are Uniform Resource Identifiers (URIs) that link a DID subject to a DID document, allowing for trusted interactions with that subject. Each DID document can include cryptographic content, verification techniques, and service endpoints, which provide a set of procedures for a DID controller to demonstrate control over the DID. Trusted contacts with the DID subject are enabled by service endpoints. A DID document may provide semantic information about the subject it identifies. The DID subject itself could be found in a DID document (e.g. a data model).

Cryptography is an important part of establishing decentralised identities. In cryptography, private keys are only known by the owner, but public keys are widely distributed. This combination serves two purposes. The first is authentication, in which the public key validates that the communication was sent by a holder of the paired private key. The second method is encryption, in which the communication encrypted using the public key can only be decrypted by the holder of the paired private key. Users can produce the verified identifier in the form of a QR code to prove their identity and access particular services once it has been matched with a decentralised identity. The service provider confirms the user's identity by confirming the presented attestation's proof of control or ownership — the attestation had been associated with a DID, and the user signed the presentation with the DID's private key. Access is provided if they match.

Self-sovereign identification (SSI) is a digital identity approach that allows people control over their online identities. In an interaction, SSI addresses the problem of creating trust. To be trusted, one party in a transaction will present credentials to the other parties, and the relying parties will be able to verify that the credentials came from a reputable source. The verifier's confidence in the issuer is thereby passed to the credential holder. The "trust triangle" is a term used to describe the basic structure of SSI with three participants.

DID protocols and projects

ION is a Layer 2 open, permissionless network based on the purely deterministic Sidetree protocol, which requires no special tokens, trusted validators, or additional consensus mechanisms; the linear progression of Bitcoin's timechain is all that's required for its operation. ION DIDs can only be deactivated by their owners, protecting people from violations of digital rights. ION includes registry capabilities to support decentralized package managers, app stores, etc. ION enables DID owners to securely connect to each other through decentralized routing endpoints. The ION node implementation is composed of a collection of microservices. Of these components, the major dependencies are Bitcoin Core, IPFS, and MongoDB (for local persistence of data).

IDX is a cross-platform identity system that uses a decentralised alternative to centralised user tables. IDX lets users create a unified digital identity that includes all of their data, while developers can break down silos and freely share a user's data across applications. All Web3 wallets, blockchain networks, and decentralised storage platforms function with IDX's cross-ecosystem, technology-agnostic identity protocol.

The Sovrin Network is made up of server nodes all over the world that are maintained and managed by a network of trusted entities known as Stewards. Each node has a copy of the ledger, which is a database of publicly accessible data that is used to verify the validity of credentials issued inside the network. Stewards in Sovrin cross-reference each transaction to ensure that the information entered on the ledger and in what order is consistent. A mix of encryption and a Redundant Byzantine Fault Tolerant algorithm is used to accomplish this. Agents provide access to these services on the Sovrin Network for identity holders, credential issuers, and validating institutions. Agents might be as simple as a mobile app, but they have a critical role in the Sovrin Network: they hold and process claims. Agents can undertake identity transactions on behalf of the identity owner and communicate directly with other agents over secure encrypted connections. Only the issuer's public identifiers are anchored on the ledger in this way, while an identity holder's real proof of credential is sent privately to a validator.

The role of Humanode in DIDs

Humanode enables users to control the verified credentials they hold, and their consent to use those credentials is essential for an identity system to be self-sovereign. This minimises the unintentional sharing of users' personal information. Imagine a scenario where a hacker takes over a user’s private key. For a typical web3 wallet or smart account, it would mean the hacker has gained total control over the account. With Humanode, we can enable liveness detection checks of the private biometrics each epoch, whereby the user would have to prove he or she is indeed the owner of the account. The frequency of bio authentication can be configured by the user or app developer. With this added security feature in DIDs, even if the keys are compromised, not all is lost. In other words, the physical identity serves as the “key”. Humanode is complementary to cross-chain identity and wallet solutions, e.g. AIKON to give users a simple, secure login experience with web3.

Even if an account is hacked, attackers won't be able to use your verified credentials, for example to gain a student discount on goods or apply for a loan in your name if you have a DID. Developers can safeguard user data beyond just regulating access by encrypting it with keys from their decentralised identifiers.