Introduction of regulations such as General Data Protection Regulation (GDPR) has enhanced the focus on data protection and privacy for the citizens. Individuals might have multiple digital identities for social and business engagements that they are involved with. Each of these identities require login credentials to get connected and individuals need to remember these credentials. Thus, it is a big hassle when they are not used often. Quite often it results in poor password management policies making these identities a soft spot for hackers.
Block chain based Decentralized Identity Management solution helps resolve this issue by building an additional security layer to the existing login processes that enables Password-less authentication. This is achieved by using DID based authentication services. This service utilizes DID based proofs to permit authentication and grant access to the respective system/application.
Triads in DID-based authentication services:
Triads refer to the roles permissible for an entity. They are -
- Issuer: Organization which is authorized and accepted within the network to process claim request from Prover to issue proofs
- Prover: An individual who establishes ownership of his digital identity by raising requisite claims
- Verifier: A Business Organization which verifies the proofs shared by the Prover and confirms their authenticity
Proofs: The Proofs will be in the form of DID document. Individuals can secure the Proofs from the enterprises whose application is to be accessed. These proofs will be saved in the individual’s Wallet App on their mobile device.
DID based Authentication Services: The service will enable the transfer of proof from the individual to the enterprise. Post verification of the Proof, the user will be authenticated and can proceed to access the application / system. The service would employ a series of ZKP on the Verifier to verify the Proofs.
Security: The proofs will have expiry dates and post expiry, a new one needs to be secured from the enterprise for authentication purpose. Individuals will have different proofs for each of the applications they are trying to access.
Conceptual view is depicted below:
RTA (Issuer) – responsible to issue Identity Proof to Bob once he raises a claim with his Driving License details.
Bob (prover) – will hold the proofs shared by RTA and will share it with Bank XYZ to secure authentication to their web application
Bank XYZ (verifier) – will verify the proofs shared by the holder and verify the identity of Bob, then issue Proof to Bob to access its application.