Decentralized identity using blockchain

This article was contributed by Deepak Gupta, cofounder of LoginRadius, tech strategist, cybersecurity innovator, and author.

Today, almost all of our digital identities are linked through devices, apps, and services. Service providers control these digital identities and their respective digital identity data.

Because of this, users are now experiencing misuse of personal data and data breaches that affect their social, financial, and professional lives. 

Additionally, giving access to multiple third parties or service providers from different applications makes it harder for users to manage their personal data and revoke access to their information. Users need to own and control their digital identities to address these concerns, preferably from a single source.

A centralized system makes user identity data extremely prone to cyberattacks and privacy breaches. But decentralized identity solutions provide a new horizon by enabling users and service providers to have better authority over their identity and personal data. 

This article addresses the following:

• What is a decentralized identity?
• How decentralized identity works with blockchain
• How to authenticate using a decentralized identity
• What happens when we fully adopt a decentralized identity procedure?
• Benefits of using blockchain with decentralized identity 

What is a decentralized identity?

Decentralized identity is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider. 

For example, digital identities can get approval from multiple issuers such as an employer, a government, or a university that remains stored in a digital wallet called an “identity wallet.” Using the identity wallet, the user (i.e., the identity owner) can present proof of their identity to any third party. The wallet helps users give and revoke access to identity information from a single source, making it easier.

According to Forrester, “Decentralized digital identity (DDID) is not just a technology buzzword: It promises a complete restructuring of the currently centralized physical and digital identity ecosystem into a decentralized and democratized architecture.” 

How decentralized identity works with blockchain

The setup of decentralized identity with blockchain typically consists of the following elements: 

• Identity Wallet: An app that allows users to create their decentralized identity and manage their access to service providers.
  
• Identity Owner: A user who creates their decentralized identity using the identity wallet.
  
• Issuer/Verifier: The person who issues and verifies the identity information. They sign the transaction with their private key.
  
• Service Providers: Applications that accept the authentication using the decentralized identity and access blockchain/distributed ledger to look for the DID that user shared.
  
• Blockchain/Distributed Ledger: A decentralized and distributed ledger that provides the mechanism and features for DIDs and functioning.
  
• DID (Decentralized Identifier): A unique identifier that contains details such as the public key, verification information, service endpoints.

In a decentralized form of identity, an application (an identity wallet) allows users to create their own digital identity. Upon identity creation, the respective cryptographic keys (a public and a private key) are generated. 

The identity wallet submits a registration payload with a public key to the blockchain, which generates a unique identifier against your wallet. The private key remains with the user’s device/identity wallet and is used during the authentication.

Similarly, issuers such as the government, universities, and finance institutes verify the respective identity information and add to the digital identity data in a process that is like issuing certificates. The processes, for example, verifying user identity and issuing new credentials, require issuers to sign using their private keys.

How to authenticate using decentralized identity

These are the steps of authentication using decentralized identity and blockchain.

• The identity wallet holds verified identity details of the user such as name, age, address, education, employment details, and financial information. This information helps establish trust and makes the user eligible to perform authentication. 

• The decentralized identity mechanism takes the public key associated with the private key and publishes it onto a distributed ledger such as blockchain. 

• As the decentralized system provides the public key to the distributed ledger, the identity wallet receives a decentralized identifier (DID). DID is a unique identifier representing the user across the internet.

• The user shares this DID with the service provider for authentication.

• The service provider looks for the shared DID in the distributed ledger. If found, distributed ledger sends matching data to the application. 

• The user signs this transaction with the private key to complete the authentication.

• The service provider application confirms the authentication success and lets the user perform the actions.

What happens when we fully adopt the decentralized identity procedure?

Let’s assume an online shopping scenario where the required data will transit from the wallet associated with the decentralized identity. The wallet in this scenario contains the verified identity, address, and financial data. 

The users share identity data to log in with the website by submitting the required information from the identity wallet. They are authenticated with the website without sharing the actual data. The same scenario applies to the checkout process; a user can place an order with the address and payment source already verified in his identity wallet.  

Consequently, a user can go through a smooth and secure online shopping experience without sharing an address or financial data with an ecommerce website owner.

5 benefits of leveraging blockchain

• Trustworthy: Blockchain technology uses a consensus approach to prove the data authenticity through various nodes and acts as the source of trust to verify user identity.  Along with the data, each block also contains a hash that changes if someone tempers the data.  These blocks are a highly-encrypted list of transactions or entries shared across all the nodes distributed throughout the network. 

• Data Integrity: The blockchain-based data storage mechanism is immutable and permanent, and hence, modification and deletion are not possible. The decentralized identity systems use this mechanism so that no external entity can tamper or modify the data.
  
• Security: Another crucial reason for leveraging the blockchain in decentralized identity systems is to provide robust security. The blockchain system features an inherent design by maintaining data in a highly encrypted fashion. The blockchain also caters to digital signatures, consensus algorithms, and cryptographic hash functions to protect user identities from breaches and thefts.

• Privacy: Decentralized identity systems leveraging blockchain with a pseudo-anonymous identifier (decentralized identifier) can help mitigate the privacy concerns among the identity owners. 

• Simplicity: Identity issuers leverage the seamless process of issuing digital identities. Identity verifiers can efficiently onboard new users and conduct the information verification process. Identity owners can effortlessly store and manage their identities within the identity wallet. 

Conclusion 

From all the above facts, it is evident that decentralized identity with blockchain can completely transform the digital identity landscape. It will make digital identity management decentralized and seamless, as no particular organization will govern the user data.

More importantly, users will be able to easily authenticate themself without sharing their sensitive personal information with third parties.

Deepak Gupta is cofounder of LoginRadius, tech strategist, cybersecurity innovator, and author.