Self-Sovereign Identities: Blockchain Technology & Personal Data
The identity management system that we’ve used for decades has some important problems. Paper based systems are always subject to the possibility of loss, destruction and fraud. Centralized digital systems on the other hand, are digital gold for hackers as they can access huge amounts of private information when they find a security breach. Addresses, medical records, credit card numbers, etc. are simple examples of the kind of information that can be hacked, leaked or breached from organizations. Identities should be digitally portable and easily verifiable anytime and anywhere by different organizations, public and private institutions. Let’s quickly analyze some of the typical problems that several industries are suffering from the legacy identity management system:
- In the banking sector, the need for login details decreases the security of users that many times have key-loggers that steal their information.
- In the education sector, universities and professional associations are continually struggling with fake academic certificates.
- In the government sector, different government levels, departments and institutions have no interoperability, hence increasing waiting times & costs while at the same time increasing frustration on tax payers.
- In the healthcare sector, just like with different government departments and levels, there’s a massive lack of interoperability. Clinics, doctors, pharmacies, hospitals, insurance companies, etc., don’t have a single decentralized source for digital identity verification, making the process inefficient, frustrating and expensive.
How could blockchain technology help to reduce or at least mitigate the risks and problems we have just analyzed?
One approach that is widely considered by industry experts is the usage of Zero-Knowledge Proof as a method of authentication. This method allows one entity to prove to another entity, that they have certain information or meet specific requirements without the need to disclose proof that supports that information. In simple terms, this allows verifiers to trust on the validity of the information without having supporting proof. When applying this logic to identity management, it basically means that you can prove different things without the need to reveal actual details. For instance, you could prove that you are married without showing a marriage certificate or that you are over 21 without disclosing your exact birth date. The Zero-Knowledge protocol is particularly useful on situations where you need to prove something even if you don’t want to share sensitive information or don’t trust the verifying agent or institution.
Blockchain technology enables everyone on a network to use the same source of information for verification purposes without the need to reveal the actual information. The typical actors would involve governments (traditional issuers), verifiers and identity owners. For instance, a government can issue all type of different credentials for an identity owner and attest to the validity of the personal data in that credential. Identity owners can store all the credentials they request from an issuer on their personal identity wallet and use them each time they need without the actual need to disclose exact information to the verifiers. The whole system of digital identities depends on the reputation of the issuer, as it’s the actor that vouches for the legitimacy of the credentials. In the end, it all comes down to one simple fact: the validation of a proof is based on how reliable is the issuer from the verifier´s perspective.
Now, one key aspect to have in mind is that personal data has many components that can change on time. We are all born just once but our home address, car identifications, passports identifiers, fiscal addresses, etc., can change many times during a lifetime.
This is one of the main reasons (among others) to explain why only references and the associated attestation of a user´s verified credential are usually the only type of information that is included on a blockchain. Instead of storing actual private information, revocation registries, schemas, credential definitions, public decentralized identifiers and proofs of consent for data sharing are good examples of what type of information is actually included on a blockchain.
Blockchain technology has enabled the creation of self-sovereing identities (SSI), which are stored on personal identity digital wallets. This avoids all the typical problems we explained above and facilitates the process of developing digital identities that exponentially speed up the process of banking the unbanked, provides an interoperable framework that can be used by different governments & institutions for identity verification purposes and reduces operational costs drastically. RSK endorses the usage of blockchain technology for identity verification purposes as it helps in the process of creating a new Internet of Value.