Digital Identity: Blockchain Solutions and How It Could Work in the Real World

At the end of June, the Council presidency and European Parliament representatives reached a provisional political agreement on the core elements of a new framework for a European digital identity (eID), expanding the list of “trust services” to include blockchain technology solutions.

The revised regulation constitutes a clear paradigm shift for digital identity in Europe, one that aims to ensure universal access for people and businesses for secure and trustworthy electronic identification and authentication by means of a personal digital wallet on a mobile phone.

We have seen the experimentation and implementation of blockchain solutions for digital identity – decentralized identity (DID), also called Self-Sovereign Identity (SSI) – in developing countries such as Vietnam, or small economies of a population of a few million, such as in Catalonia, Estonia, or Azerbaijan. The argument and concerns have been that SSI might work for small economies, or those without legacy systems that have been around for decades, if not centuries, but it would not work for large, developed economies such as the EU or the U.S.

The EU's approach to eID to include blockchain technology solutions is encouraging, as it signals that the EU does recognize the benefits of SSI solutions and their applicability in a complex legacy system economy. This is especially important and timely for the U.S.

The U.S. Senate Homeland Security and Governmental Affairs Committee recently passed a bill, the Improving Digital Identity Act, which now moves to the full Senate for debate. If the bill passes, an Improving Digital Identity Task Force would be established to help ensure citizens’ privacy and security, and to support “reliable, interoperable digital identity verification in the public and private sectors,” which then could be established by the U.S. federal government after a Senate committee vote.

The exploration and implementation of digital identity solution might include the interest of other Senate committees or sub-committees. Since the purpose of the solution is to ensure users’ data privacy and security and would implement emerging technologies, such as blockchain, and possibly integrate artificial intelligence (AI) or biometric technology, the sub-committee on Innovation, Data and Commerce might be involved as well.

Data breaches of personally identifiable information and health data have become all-too common, leading to troves of data exfiltration and subsequent fraud, abuse, identity theft, and other malicious acts further exacerbated by a lack of a universal identification verification system for online transactions. In 2021, over 293 million people were impacted by data breaches, with identity fraud losses rising 333% since 2017, amounting to $56 billion in 2020.

As we further move to a global digital economy, a viable and efficient digital identity solution would not only empower people but would also save money for both the public and private sector.

Should we consider an SSI solution in the U.S.? And if so, could such a solution be applied and implemented in the U.S.? Before we answer these questions, let’s first explain what SSI is, how it empowers users, how it works, and explore some examples of SSI today.

What is Self-Sovereign Identity (SSI)?

Self-Sovereign Identity (SSI), also known as Decentralized Identity (DID), is a model that gives individuals full ownership and control of their digital identities without relying on a third party. In contrast to centralized identity management, you are in control of your identity and decide who would get to see your data, what data would be shared, and you can remove that access to your data at any time.

There are three main participants in the SSI system:

• Holder: Someone who creates their decentralized identifier with a digital wallet app and receives verifiable credentials.
• Issuer: Party with the authority to issue Verifiable Credentials.
• Verifier: Party checking the credential.

Self-Sovereign Identity has 3 pillars:

• Blockchain: A decentralized database governed among computers (i.e., nodes) in the blockchain network that is immutable – whatever is recorded cannot be changed or erased.
• Decentralized Identifiers (DIDs): A way to identify yourself online without relying on a centralized organization or company to verify your identity. Instead, you can prove who you are, using a unique code that is stored on a blockchain. This gives you control over your personal information and who has access to it.
• Verifiable Credentials (VCs): Digital cryptographically secure versions of paper and digital credentials that people can present to verifiers.

Key principles of SSI:

• Existence: A user must be able to exist in the digital world without the need for a third party.
• Control: People must have ultimate authority over their own digital identities and personal data.
• Access: Users must have easy and direct access to their own data.
• Transparency: The way identity systems and algorithms are managed and updated must be publicly available and reasonably understandable. The solution design should be based on open protocol standards and open software.
• Persistence: Identities must be long-lasting. Solution developers should implement sufficient foundational infrastructure and design sustainable commercial and operational models.
• Portability: People must be able to bring their identities and credentials anywhere, transport their data from one platform to another, and not be restricted to a single platform.
• Interoperability: Identities should be as widely usable as possible by various stakeholders. organizations, databases, and registries must be able to communicate with each other globally quickly and efficiently through a digital identity system.
• Consent: Users must give explicit permission for an entity to use or access their data. The process of expressing consent should be interactive and well-understood by people.
• Minimization: A digital identity solution should enable people to share the least possible amount of data that another party needs to minimize sharing of excessive and unnecessary personally identifiable information.
• Protection: People’s right to privacy must be protected and safeguards should exist against tampering with and monitoring information. Data transfer should be encrypted end-to-end.

Each party uses the blockchain in SSI system, as follows:

• Holder: Owner of the Verifiable Credential (e.g., driver’s license) has their public DID on the blockchain.
• Issuer: When an issuer, like a government department, provides a Verifiable Credential to a holder, they sign it with their DID and associated private key. The department’s DID and associated public key will be on the blockchain.
• Verifier: A verifier, like an on-demand driving company, can check the blockchain to ensure that the government department they trust did in fact issue the license because the credential was signed by the issuer’s DID that is on the blockchain.

Blockchain technology allows the holder, issuer, and verifier to have the same source of truth about which credentials are valid and who authenticated the validity of the data inside the credentials.

You can decide which data within a credential you want to show to a verifier without revealing more unnecessary information than what is requested. This is made possible with zero-knowledge proof (ZKP) – a method in cryptography by which one party (the prover) can prove to another party (the verifier) that a given statement is true, while avoiding conveying to the verifier any information beyond the mere fact of the statement's truth.

For example, suppose you would like to buy alcohol and need to prove you are at least 18 years old. You can do this without revealing your date of birth or any other details about your identity by using SSI wallet that implements ZKP.

1. The cashier requests data from your wallet which confirms that you are at least 18 years old (as with your digital driver’s license), and you are prompted to give permission to share the data.
2. When you approve the request, this creates a secure connection between the store and your wallet while exchanging DIDs.
3. Your driver’s license confirms that you are at least 18 years old. Because of ZKP, your license details like date of birth or full name are not revealed and the store trusts that the data is legitimate.

Examples of SSI use cases implementation:

Catalonia

Catalonia has been developing a blockchain-based system for use by any public body across the EU. Of the region's 7 million residents, the Open Administration Consortium of Catalonia (OACC) issued more than 2.5 million digital identities and recently undertook an SSI pilot, working alongside local authorities and universities in Belgium and Catalonia.

The OACC team worked with the European Blockchain Services Infrastructure (EBSI.) The pilot generated an immutable, secure record of the user’s ID and other data, such as their accreditations at the two universities, and stored it in a wallet on their mobile phone, secure behind a biometric access system. No central record of the data was created, and the user retained full control of their data. In this case, the students can show that they have a diploma from a university but can choose not to show where they live.

Catalonia’s blockchain system can be accessed by any public body in the EU – reflecting the lives of EU citizens, who increasingly need to connect with organizations across the Union. The OACC also offers digital ID for non-EU citizens, recently providing mobile digital IDs to Ukrainian refugees, permitting them to rapidly access public services online through a video identification algorithm, which checks and matches their identity documents.

Azerbaijan

Azerbaijan has a blockchain-powered identification system, accessible and secure, linked to the robust spine of national ID records and offering a range of applications in both the public and private sectors. It also uses AI-powered video registration systems. To mitigate the threat of AI-created deep fakes, it also asks users to answer random questions during the registration process. It has been a decade-long journey for Azerbaijan, but the country’s experience shows that given a focus on user-friendliness, accessibility, and citizen benefits, digital ID and good data management can win both the engagement of citizens and the trust of elected leaders.

Estonia

Estonia is world's first country to completely digitize public services with its e-Estonia (e-Governance, e-Tax, digital ID, i-Voting, e-Health, etc.). In Estonia, citizens can file their national taxes online in minutes, zip through signing up for services without dealing with paper forms, and vote online thanks to digital identities created for them within minutes of their birth.

It should be noted, though, that Estonia’s primary distinguishing factor was starting anew in 1991 after decades of Soviet occupation as an independent country without legacy legal systems. This factor, combined with a relatively small population of 1.3 million, enabled such a country-wide SSI implementation.

Should we consider an SSI solution in the U.S.?

If the bill is to ensure citizens’ privacy and security, and to support “reliable, interoperable digital identity verification in the public and private sectors,” then SSI would fulfill all these requirements. In addition, it will empower users by putting control over their data in their hands. Based on the success story of Azerbaijan, it can win the engagement of citizens as well as the trust of elected leaders.

The SSI experiment in Catalonia is very encouraging. Catalonia not only has legacy legal systems, it’s also part of the EU, and its SSI system can be accessed by any public organization in the EU Thus, the revised EU eID, allowing for blockchain solutions, implies that it is quite likely that Catalonia’s SSI system may be adopted across the entire EU region, as well as providing digital ID for non-EU citizens.

SSI solution has the potential to greatly benefit both the private and public sector as well as empower citizens. It might be wise that the U.S. studies the SSI use cases, especially in developed countries, and consider such an implementation.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Blockchain Innovation FinTech