Introduction of regulations such as General Data Protection Regulation (GDPR) has enhanced the focus on data protection and privacy for the citizens. Individuals might have multiple digital identities for social and business engagements that they are involved with. Each of these identities require login credentials to get connected and individuals need to remember these credentials. Thus, it is a big hassle when they are not used often. Quite often it results in poor password management policies making these identities a soft spot for hackers.
Block chain based Decentralized Identity Management solution helps resolve this issue by building an additional security layer to the existing login processes that enables Password-less authentication. This is achieved by using DID based authentication services. This service utilizes DID based proofs to permit authentication and grant access to the respective system/application.
Solution Overview:
Triads in DID-based authentication services:
Triads refer to the roles permissible for an entity. They are -
Proofs: The Proofs will be in the form of DID document. Individuals can secure the Proofs from the enterprises whose application is to be accessed. These proofs will be saved in the individual’s Wallet App on their mobile device.
DID based Authentication Services: The service will enable the transfer of proof from the individual to the enterprise. Post verification of the Proof, the user will be authenticated and can proceed to access the application / system. The service would employ a series of ZKP on the Verifier to verify the Proofs.
Security: The proofs will have expiry dates and post expiry, a new one needs to be secured from the enterprise for authentication purpose. Individuals will have different proofs for each of the applications they are trying to access.
Conceptual view is depicted below:
RTA (Issuer) – responsible to issue Identity Proof to Bob once he raises a claim with his Driving License details.
Bob (prover) – will hold the proofs shared by RTA and will share it with Bank XYZ to secure authentication to their web application
Bank XYZ (verifier) – will verify the proofs shared by the holder and verify the identity of Bob, then issue Proof to Bob to access its application.
Benefits from using DID-based authentication services:
Conclusion:
Password-less Authentication capability offered by Blockchain based Decentralized Identity management solution will help enhance security around authentication while confirming the identity of the individual who is attempting to authenticate. Apart from enhancing user experience, this solution also enables enterprises to comply to privacy regulations (like GDPR) more effectively.
Vinod Panicker,
Chief Architect- Cybersecurity, Blockchain & open source
Vinod has over 20 years of experience in software development and product architecture.
Vinod currently leads the Blockchain Security initiatives for the Cybersecurity practice at Wipro. He is an expert in Decentralized identity, Blockchain security and building open source solutions. Vinod has extensive expertise in open-source and community led tools development, open-source licensing and re-engineering of products.
Sumod Rajan George PMP,
Sr. Project Manager, CRS, Wipro
Sumod has over 18 years of experience in software developmentand has managed various projects and programs for business domains, such asretail, finance, healthcare andtransportation. He is currently part of the Advanced Security Solutions team with CRS, which develops solutions around Decentralized Identity Management using Blockchain technology.