What is decentralized identity in blockchain?
Sovereign identity is a concept that refers to the use of distributed databases to manage PII.
The notion of self-sovereign identity (SSI) is at the heart of the idea of decentralized identity. Instead of having a set of cross-platform identities or a single identity managed by a third party, SII users have digital wallets where various credentials are stored and accessed through trusted applications.
Experts distinguish three main components known as the three pillars of SSI: blockchain, verifiable credentials (VC) and decentralized identifiers (DID).
Blockchain is a decentralized digital database, a ledger of transactions duplicated and distributed among networked computers that records information in a way that makes it difficult or impossible to change, hack or cheat.
Second, VCs are referred to as tamper-proof cryptographically secured and verified credentials that implement SSI and protect users’ data. They can represent information contained in paper identification, such as a passport or license, and digital identification without a physical equivalent, such as ownership of a bank account.
And last but not least, SSI includes DID, a new type of identifier that enables users to have a cryptographically verifiable, decentralized digital identity. A DID refers to any subject as a person, organization, data model, abstract entity, et cetera, as determined by the controller of the DID. They are created by the user, owned by the user and independent of any organization. Designed to be disconnected from centralized registries, identity providers and certificate authorities, DIDs enable users to prove control over their digital identity without requiring third-party permission.
Alongside SII, which is rooted in blockchain, DIDs and VCs, decentralized identity architecture also includes four elements. They are a holder who creates a DID and receives the verifiable credential, an issuer who signs a verifiable credential with their private key and issues it to the holder, and a verifier who checks the credential and can read the issuer’s public DID on the blockchain. Moreover, a decentralized identity architecture includes special decentralized identity wallets that power the entire system.
How decentralized identity works
The basis for decentralized identity management is the use of decentralized encrypted blockchain-based wallets.
In a decentralized identity framework, users use decentralized identity wallets—special apps that allow them to create their decentralized identifiers, store their PII, and manage their VCs—instead of keeping identity information on a number of sites controlled by intermediaries.
Besides distributed architecture, these decentralized identity wallets are encrypted. Passwords to access them are replaced by non-phishable cryptographic keys that do not represent a single weakness in the event of a breach. A decentralized wallet generates a pair of cryptographic keys: public and private. The public key distinguishes a concrete wallet, while the private key, which is stored in the wallet, is needed during the authentication process.
While decentralized identity wallets authenticate users transparently, they also protect users’ communications and data. Decentralized apps (DApps) store PII, verified identity details, and the information needed to establish trust, prove eligibility, or simply complete a transaction. These wallets help users grant and revoke access to identity information from a single source, making it faster and easier.
On top of that, this information in the wallet is signed by multiple trusted parties to prove its accuracy. Digital identities can, for example, receive approval from issuers such as universities, employers or public structures. By using a decentralized identity wallet, users can present proof of their identity to any third party.
