Decentralized identity: when the blockchain protects the individual

While Web3 has gone through a difficult year 2022, projects continue to be built. This is the case, for example, with decentralized identity, which the Banque de France could eventually use.

When we talk about the blockchain ecosystem, we generally associate Bitcoin with cryptocurrencies, NFTs and now the metaverse. However, we forget that this technology is above all a contribution in terms of information security. As such, decentralized identity is a concept that could revolutionize the identification of people.

Sometimes referred to by the acronym DID for decentralized identity or decentralized identifier, decentralized identity is a concept that reconciles the protection of personal data and the securing of this same data by the blockchain. The DID responds to concrete problems encountered daily by anyone on the Internet, sometimes without knowing it.

What is Decentralized Identity?

Decentralized identity is inseparable from our identity, which we must prove in certain situations, such as when crossing a border. This identity extends to the world of the Internet, with the need to authenticate to access certain services. In this case, an e-mail address or a pseudonym is associated with a password.

So, when you state your identity or need to identify yourself, you are trusting a third party. This third party may very well be the State, for a passport or an identity card, or an online service for storing the password. With decentralized identity, there is no need for an intermediary, and therefore a trusted third party, when you need to prove your identity.

Decentralized identity therefore allows everyone to manage their most personal data themselves. It makes it possible to return control to the persons concerned, to obtain more security thanks to blockchain technology and to protect the privacy of individuals.

A solution to many problems

Before discussing the contributions of the blockchain, we must start from current problems, whether we perceive them clearly or not. The first is access and data security. Indeed, cases of identity theft or theft of passwords are daily and you may have already experienced it.

The second problem is a bad user experience on the internet. Indeed, you have to remember a multitude of passwords. Some therefore prefer to use simple passwords, at the risk of them being discovered by a hacker or a password manager. Finally, certain mandatory identity checks (KYC of establishments) are intrusive, with the potential transmission of a selfie photo.

Finally, the third problem, the data can be centralized, especially when using the federated connection. You use it when, instead of registering on a service, you click on “Sign in with Google”, for example. It is also the same system for FranceConnect. However, this third party should be trusted and FranceConnect has already had security problems.

With decentralized identity, your data or credentials are protected in an NFT. Remember that the NFT is unique, that it is associated with an owner and that it is secured by the distributed ledger that is the blockchain. In other words, it is a unique identifier with proof of ownership.

In this NFT, the data is encrypted. Only the person concerned has the decryption key (the private key) and only he or she decides to show his data or a trusted person in the event of impossibility (the attending physician for health data for example). Similarly, it is possible to show only desired data. Thus, if you need to prove a date of birth, you do not need to show your identity document, but only the “date of birth” data.

Better verification of information

To create this NFT, there may be several services. First, there are centralized companies like Synaps or Archipels that check your documents (identity document, proof of address, etc.) and issue you the famous NFT. Yes, this system is not perfect, because it involves trusting the company in question. It is therefore necessary to ensure that the documents transmitted are destroyed as soon as the NFT is created.

Eventually, purely decentralized services should see the light of day, but we are not there yet. Once you have your NFT, verifying information is easier and more secure.

A typical example that can make you smile is access to a pornographic site. “I’m over 18” doesn’t prove the age of the person behind their screen. In addition, she does not necessarily want to decline her identity. This is where the decentralized identity can help, since it is enough to show only your date of birth and there will be no possible doubt for the website.

Finally, one can imagine that voting could be revolutionized by decentralized identity. Indeed, it will make it possible to democratize online voting without risk, since there will be no doubt about the identity of the person or whether he has given power of attorney. Of course, it is the entire vote that must be secured and not just the verification of identity.

Better data protection

In December 2022, the Banque de France communicated on a specific call for contributions. The objective is “to use the digital identity in the management of the authentication of credit institutions”. The digital identity is quite simply the DID. Moreover, Archipels was selected among the three winners. The objective is simple: strengthen the management and security of authentications, free institutions from this cumbersome process thanks to the DID.

Bank KYC is indeed an excellent example of what decentralized identity can bring to better protect data. The company Synaps also offers a module specially dedicated to KYC (Anima). The aim is to facilitate the process, both for the person concerned and the credit institution.

Finally, decentralized identity is the consecration of compliance with the General Data Protection Regulation (GDPR). We can indeed speak of perfect consent without any possible doubt.

And we could even go further than the GDPR: the sale of personal data. Today, our data is sold to third parties in a fairly opaque way. Tomorrow, the user could decide for himself whether he wants to sell his data, and to which buyer. The future will tell if the DID will revolutionize the management of identity and personal data.

Source: www.journaldunet.com