Identity management has recently been disrupted due to data breaches that have resulted in the leakage of personal information and identity theft. Self-Sovereign Identity (SSI), an innovative identity management system powered by distributed ledger technologies such as blockchain, has emerged due to the emergence of blockchain. This paper investigates how SSI can be implemented within an environment of public transportation that spans multiple operators from diverse nations.
This paper investigates how a decentralized blockchain-based identity management system can utilize the Secure and Sustainable Identification framework to provide high levels of security and transparency to all parties involved in public transportation ecosystems. In order to do this, we analyzed current public transportation ticketing systems. We gathered requirements for an alternative system based on SSI. We then created a low-fidelity model to illustrate how passengers could utilize standard travel credentials valid across various transportation networks in Europe, eliminating multiple travel cards for every transport provider.
Individuals benefit from better control over how their identities are used when using interoperable ticketing across Europe. At the same time, we provide proof of concept showing how individuals can manage their identity credentials using the SSI Framework.
What is Decentralized Identity (DI)?
Decentralized identity refers to an approach of digital identity management that enables individuals to manage their digital identities independently from specific service providers. Digital identities (digital IDs) are online profiles of people, organizations, and electronic devices that contain data on them that is accessible online. Such digital IDs typically consist of things such as name, contact info, and device info that make up its contents. Search History (with Passwords and Social Security Number) :
History of Purchasing Citizens and residents require verifiable documentation in order to exercise their rights as citizens and access services like healthcare, banking, and education. Unfortunately, 1 billion people around the world do not possess official proof of identity documents; decentralized identity systems can be found online that offer alternatives. They have become more prevalent in emerging economies.
The Benefits of Decentralized Identification Solutions
The following are some of the main advantages of decentralized identity:
Organizations can: Instantly issue and verify fraud-proof credentials and documents and reduce data breach risks storing less information about users.
Individuals: Own your digital identity and enjoy more privacy
Developers: Secure authentication sign-in is used for app users, which eliminates the use of passwords. Privacy-preserving user verification also takes place.
Why Is Decentralized Identity Important For Organizations?
Many organizations can benefit from decentralized identity solutions, including:
Organizations can now quickly verify the information within seconds without needing to contact issuing parties directly - for instance, a driver's license organization or university that needs to verify IDs, documents, or certificates issued are valid - instead of having to wait weeks or months for manual verification processes which take weeks or months and consume financial and human resources - imagine being able to instantly validate credentials using QR Code scanning or user-friendly credential verification tools that make the verification process fast and user friendly. Plus, it prevents certificate fraud.
Improved Data Security using Public-key Cryptography to Encrypt and Decrypt Information Safely. By storing less information, the risk that cyber-attacks will target you is diminished significantly. Verifying credentials instantly can be beneficial in numerous situations, from speeding up hiring processes to reducing risks associated with employing those without appropriate credentials.
Many organizations must abide by regulations concerning the collection, storage, and usage of user data. Any noncompliance could result in fines for data breaches or breaking rules and may incur sanctions from regulatory bodies.
Identity Types
Windley defines digital identity management as the practice of overseeing various identities. This could involve, for instance, creating, managing, and using records linked to one identity (for instance, a real name represents an agent). Digital identities represent external agents like devices, organizations, and applications; as a result, digital identity management refers to the layer in a system that oversees permissions and authorizations.
Whoever holds onto a digital ID has access to specific actions within an enclosed system defined by rules and permissions encoded into that identity. Any identity management system should provide adequate security and access control measures. Identity holders access their digital identities using credentials that allow them to perform specific tasks. Digital identity systems continue to become increasingly complex as they must adapt to an ever more diverse technology environment.
Digital identity systems are transitioning from centralized to federated and then decentralized models. Christopher Allen states that decentralized identity systems offer users greater portability and control across various applications. Digital identities can be divided into four broad categories, which can be broken down by user control (how much authority users have over their identities), portability dimensions (the ease with which identities can be reused between systems and applications), and self-sovereignty characteristics of smart contract services.
Centralized Identity
Identity cards issued by central authorities allow individuals access to their identity for specific purposes (e.g., an online service provider such as Amazon). These authorities often issue identity documents with limited purpose to each holder. Centralized identities tend to grant more power to their issuing authority rather than to those associated with them, particularly when multiple accounts need to be created and managed on various websites and services that require multiple identities for login.
Since many websites and services require users to create multiple accounts, centralized identity systems may lead to data silos giving more control back to websites or services, which may cause users to lose access to their data altogether. Third-party services that create silos don't serve users' best interests as they don't guarantee continuity of service and could potentially prevent them from accessing it at any time.
Federated Identity
Users can log in to multiple services using the same credentials, for instance, by using their Google credentials to log into YouTube and other apps - they share a single-sign-on (SSO) identity across services. Federated management refers to an arrangement where identity providers do not share credentials with service providers.
User-Centric Identities
These services were created to give users more control of their digital identities. Users can manage and maintain them using services like OpenID or OAuth. User-centric identity requires users to grant authorization to a trusted third-party service provider that can verify their identities without disclosing any confidential data.
Self-Sovereign Identity
SSIs are designed to give users complete control over their identities. They are autonomous, decoupled, and independent from any central server that could block, modify, or delete identity credentials. The common principles for an SSI can be broken down into security, controllability, and portability; however, these should only be seen as general guidelines rather than requirements as there has yet to be consensus regarding the definition of an SSI.
However, it is generally accepted that identities can become self-sovereign if the user controls them and their system is decentralized; decentralizing identity management so no single institution oversees it would lead to an SSI.
Identity Management Ecosystem
Identity management is an integral aspect of managing services and access rights. Online identity management systems typically employ three roles to manage identities: provider, service provider, and identity owner - with identity owners receiving credentials for various services they use. Wallet software, which stores credentials for an identity, may also store additional personal data about its owner. Identity owners could give service providers any combination of credentials from the wallet: all, parts, or all combined.
Credentials may be disclosed selectively or entirely, with identity owners in control of how and with whom their data is shared. Identity providers are trusted systems that manage identities for an entity and offer authentication and authorization services when requested from external service providers. Identity Providers (IPs) are third-party systems that manage credentials and authenticate users to services integrated within an ecosystem. Service providers verify identities for specific services that they offer.
Service providers frequently serve as issuers as well, using proprietary databases and identity management systems to authenticate new users and onboard them onto the system. The process starts when clients decide to work with an institution of finance. KYC involves exchanging documents and collecting basic details about beneficiaries. In recent years, due to advancements in technology and regulation, this process has experienced profound transformation, making identity verification faster and less expensive when onboarding new clients.
Read more: What are Smart Contracts and How do Smart Contracts Work in Blockchain?
Blockchain Technology For Identity Management
Blockchain technology has recently seen widespread application in testing numerous new applications, thanks to Bitcoin's rising popularity. Many applications utilizing this form of cryptography involve trust issues; blockchain enables trustless networks.
Blockchain's inherent technology enables it to prevent assets from being duplicated or spent twice, even between parties who do not trust each other. Identity networks typically use this form of blockchain technology in order to eliminate intermediaries as identity providers. Sovrin is an example of an identity network that provides authentication services to users.
Unlike a centralized identity system, decentralized networks like Sovrin can't be shut down or used without consent; their decentralized nature also reinforces one's notion of individuality by controlling data with cryptographic keys that define one's identity. Blockchain technology provides users with greater control of their identity. Decentralized identifiers (DIDs), stored and created on blockchains, allow users to connect identities.
DIDs can then be controlled by users who can link them with documents or credentials for easy identification purposes. Interoperability among systems is enhanced when users don't become locked into one identity provider who refuses to integrate services outside its scope, creating an independent system that can be utilized by any service regardless of content type, location, or government regulation.
Why Is It Essential To Have A Decentralized Identity?
Modern digital economies rely heavily on identities, which allow users to interact with various online services, organizations, and governments. Criminals understand the power and significance of identity to be an attractive target, leading to identity theft becoming an issue that affects lives. Centralized identity relies upon personally identifiable information (PII), which, when compromised in data breaches, can be used by thieves to commit identity fraud. Decentralized identities may be more resistant to identity theft attempts. Blockchain offers a highly resilient solution.
Decentralized Identity Or Self-Sovereign Identities
An emerging concept for identity is decentralization. Decentralized identity can also be thought of as self-sovereign identity (SSI). While both terms can often be used interchangeably, decentralized identity should be seen as something other than synonymous with SSI.
SSI (innovative security identity management) is an approach to identity management that ensures user identities aren't stored centrally by a service provider but instead stored locally on their device rather than on an external network. With this method, users' identity information is held within their devices rather than stored centralized via decentralized identifiers and verifiable credentials.
Decentralized identities differ in that they do not need to be completely self-sovereign; individual users don't have complete control of their identity. Instead, this method stores users' identities on a distributed ledger rather than within each user's system.
A Decentralized Identity Has Many Benefits
Adopting a decentralized approach to identity can bring many benefits to developers, individuals, and organizations. Here are the primary ones: Application development with user experience at its center. Decentralized identity allows developers to build applications without using insecure passwords; privacy can be protected and reduced through these platforms; data security can be strengthened through PKI ledgers such as blockchain that are immutable ledgers of identities;
Blockchain provides an unalterable ledger that is both unchangeable and tamper-resistant, offering more users than ever control over their personal information. Users now also enjoy greater personal control thanks to decentralized identification, providing organizations with an opportunity to validate identities quickly through smart contract security.
Elimination of single point of failure. Centralized approaches often have one single point of failure, but this issue is eliminated with decentralized, highly distributed models. Identity portability. With identity not tied to one provider and more portable. They are reducing certificate fraud. Many centralized systems rely on digital cryptography certificates issued by certification authorities that may be misused or modified.
What Makes Decentralized Identification Possible?
Public Key Infrastructure (PKI)
Public and private keys are used for some decentralized identifiers, such as accounts. The public key identifies an account's controller. In contrast, the private keys are used to sign and decrypt any messages sent from this account. PKI uses cryptographic signs to verify claims and authenticate entities.
Decentralized Datastores
A blockchain is a verifiable database: a decentralized, open, and trustless repository of data. Public blockchains eliminate the need to keep identifiers on centralized registries. Anyone who needs to verify the validity of a centralized identifier can check the public key associated with it on the blockchain. This is not the same as traditional identifiers, which require third parties to verify.
How Can Decentralized Identifiers, Attestations, And Certifications Enable Decentralized Identity?
Decentralized identity refers to a concept where all aspects of identification, attestations, and related data should be portable, self-controlled, and secure. Attestations are cryptographically verifiable and tamperproof claims made by issuers using decentralized identities (DID). Each credential issued by an organization (e.g., by its employees or another source) is tied back to its DID.
Because DIDs are stored in blockchain, anyone can easily verify the validity of documents issued by checking their DID on providing instantaneous proof. acts as a global database, enabling this verification of DIDs for specific entities. Attestations can be independently managed and verified using decentralized identifiers, providing proof that an attestation remains valid even if its original issuer no longer exists.
Decentralized identifiers play an essential part in safeguarding personal information through decentralized identity. If an individual presents proof of an attestation (such as their driver's license), parties verifying this information don't need to confirm its validity; cryptographic assurances only need to be provided concerning authenticity and identity or the issuing agency to assess whether the proof can be considered valid.
Attestations Types In Decentralized Identity
The way attestation data is stored and retrieved within an Ethereum-based ecosystem for identity management is different. This article provides an overview of different approaches to issuing attestations, storing them, and then verifying them in decentralized systems.
Off-Chain Attestations
The concern about storing attestations in the blockchain is that they may contain private information. It is not a good idea to store attestations on the blockchain due to its public nature. This can be solved by issuing attestations that are stored off-chain in digital wallets. However, they will still contain the DID of the issuer, which is stored on-chain. These attestations contain the issuer’s digital signature and are encoded in JSON web tokens (opens in a separate tab).
This hypothetical scenario explains off-chain attestations.
- The university generates a digital academic certificate (attestation) and signs it with its keys. It then issues the certificate to Bob (the owner of the identity).
- Bob is applying for a new job. He wants to show his academic credentials to the employer. So, he sends an attestation via his mobile wallet. The company can confirm the validity of an attestation by checking its DID (i.e., public key on Ethereum).
Persistent Access To Off-Chain Attestations
This method converts attestation entries to JSON files that can then be stored off-chain (ideally on IPFS or Swarm), though there may be limitations.
Hash: Json On Chain
Once on-chain, JSON files will be linked with an on-chain registry, and their identity will be connected via DIDs of both parties involved; either issuer or recipient could use an attestation attestation DID for their record.
This approach allows attestation claims to gain access to persistent blockchains while keeping claim information encrypted and verifiable; additionally, the private key holder can selectively reveal this information as needed.
On-Chain Attestations
Smart contracts can be used to store on-chain attestation data securely. They serve as a registry that associates each attestation with its unique identifier on-chain. This example illustrates how chain attestations might function in practice. A company (XYZ Corp.) wants to use smart contracts to sell shares of ownership using intelligent contracts; however, only buyers who have passed a background investigation will be considered potential buyers for these shares.
XYZ Corp can have their company conduct background checks in order to issue on-chain certifications on that attest that an individual's background check was successful without divulging any personal details.Smart contracts can help determine whether or not buyers can purchase shares by checking the registry contract.
Identity And Soulbond Tokens
Soulbound Tokens (opens in a separate tab)(non-transferable non-transferable tokens) can be used to collect data unique to a wallet. It creates an on-chain unique identity that is bound to a specific address. This could include tokens that represent achievements (e.g., This could be a specific online course or achieving a particular score in a video game.
Use Cases For Decentralized Identity
There are many possible uses for decentralized identity:
Universal Login
Decentralized identity is a means to replace password-based logins with decentralized authentication (opens in a new tab). Attestations issued by service providers to users and stored in wallets will grant them entry to an online community.
Signing in with (opens in a new tab) would enable servers to verify a user's Account and retrieve all necessary attestation from its address, making online experiences more seamless for users who no longer need to remember complex passwords and provide better user experiences.
Kyc Authentication
Many online services require individuals to submit credentials and attestation documents such as their driver's license or passport for verification, which can pose problems when users submit personal data that might compromise their privacy, leaving service providers unable to authenticate it properly.
Decentralized identity provides businesses with a way to bypass Know Your Customer (KYC) (opens in new tab) processes and authenticate users using Verifiable credentials instead. It lowers costs associated with identity management while eliminating fake documents being produced as proof.
Online Communities And Voting
Social media and online voting are two promising applications of decentralized identity. Voting schemes may be susceptible to manipulation if malicious actors use false identities when casting votes online; to reduce manipulation, online voting could benefit from asking individuals to provide on-chain certifications as part of the voting process.
Decentralized identity can help create online communities free from fakes. Each user could be required to authenticate themselves using an on-chain system like the Name System in order to minimize bot activity and reduce bot risk.
Anti-Sybil Protection
Sybil attacks refer to any behavior in which one human tricks another human into believing they are multiple people in order to increase their power. Grant-giving applications (opens in new tabs) utilizing Quadratic Voting(opens a tab) may be particularly susceptible since more votes for grants mean higher contributions across more identities. Decentralized identities can help combat this threat by requiring each user to verify they are human without disclosing private details about them or anyone else.
The Conclusion Of The Article Is:
Based on the principles of identity sovereignty, we propose a decentralized identity management system that does away with multiple travel cards when traveling with multiple transportation providers in multiple jurisdictions. In order to demonstrate our concept, we created a low-fidelity proof-of-concept prototype with Hyperledger Indy Blockchain. We demonstrated how individuals may gain greater control of their identities when using interoperable ticketing systems across Europe.
This proposed system fits with the EU's goal to create a common transport market between member nations. We presented a low-fidelity version of a decentralized identity system for public transportation that makes use of self-sovereign identities and blockchain technologies, giving this paper insight into designing such an identification management system based on self-sovereign identities principles.