Technology
EXPLORE THE SECURITY
IDENTITY FUTURE
AN EASY-GOING
FUTURE
Decentralised Identity (DID) is a W3C defined open-standards, layered model that enables common addresses or names (called decentralised identifiers or DIDs) to be used in processes to exchange data using standardised data containers called verifiable credentials (VC’s).
The key advantage of decentralised identity (sometimes called self-sovereign identity is that the secure digital wallets identity goes with the holder, so that verifiers do not need a relationship with the credential “issuer”, they simply need access to a “shared truth” that is the DIDs and a trusted platform, typically a public or a private ledger, they are recorded on.
The identity data can be verified with a Verifiable Data Registry e.g. the Digital Asset Broker (DAB) platform, or in other implementations a public blockchain identity management system.
WHAT DOES THIS LOOK LIKE
FOR DAB AND IDENTITY?
DAB Identity is focused on device identity, enabling devices to uniquely identify themselves, rooted in the SIM, where devices can act as holders of their own identity information, leveraging the DAB platform to provide issuing and verification functions that together enable the economy of things.
Device identity in DAB complements the open W3C standards by providing:
- Identity “documents” for the device that meet those requirements.
- Enabling the import of corresponding “credentials” from outside the device identity.
- Allowing third parties to use DAB’s optional verification features or independently validate identity documents from the DAB platform.
DAB DECENTRALISED IDENTITY SOLUTIONS
ISSUE:
Create unique subject device identities: decentralised identifiers (DIDs), verifiable credentials (VC’s) and verifiable presentations (VP’s)
HOLD:
Securely store personal identity security blockchain data and verifiable credentials issued externally for the device or issued by the DAB Platform within hosted wallets. Verification (proof) data is replicated to the DAB Distributed Ledger to endorse the immutability of the identity data
VERIFY:
Prove to an external party that the DID, verifiable Credential or verifiable presentation was issued by the DAB platform to apps and third-party service providers and in the case of verifiable credentials and presentations has not been tampered with.
EMPOWERING SECURE IDENTITY MANAGEMENT
VERIFIABLE CREDENTIAL
VERIFIABLE PRESENTATION
These are used by an ‘issuer’ to share information about the DID subject in a controlled way. A verifiable credential is a zero-knowledge proofs for identity text-based file structured in a standard way – a “document” containing device identity information. The document also contains cryptographic identity proof details that any recipient can use to check the contents that have not been tampered with.
An IoT device can be the subject of multiple sets of data. For example, a car could be the subject of the following, each issued by a different organisation.
A verifiable presentation allows multiple verifiable credentials to be included in a self-contained document that has its own cryptographic proof to show that the contents have not been tampered with. Unlike a verifiable credential, which only ever comes from a single issuer, a verifiable presentation can include multiple verifiable credentials, each from separate issuers and containing proof information to show they haven’t been tampered with.
Multiple verifiable presentations can be issued for different purposes, containing different combinations of information or intended for a specific audience and/or services. These form a ‘Device Identity Passport’ that can be provided to third parties to share device attributes and authorizations in a standardised way.
Verifiable Credential
Credential Metadata
Type of credential
Claim(s)
Information being shared
Proof(s)
Cryotographic proof
