While Web3 has had a tough year 2022, projects continue to be built. This is the case, for example, with decentralized identity, which the Banque de France could possibly use.
When it comes to ecosystem blockchainwe generally associate Bitcoin and cryptocurrencies, NFTs and now the metaverse. However, we forget that this technology is above all a contribution in terms of information security. As such, decentralized identity is a concept that could revolutionize the way people are identified.
Sometimes referred to by the acronym DID for decentralized identity or decentralized identifier, decentralized identity is a concept that reconciles the protection of personal data and the securing of this same data by the blockchain. The DID responds to concrete problems encountered daily by anyone on the Internet, sometimes without knowing it.
What is Decentralized Identity?
Decentralized identity is inseparable from our identity, which we have to demonstrate in certain situations, such as when crossing a border. This identity extends to the world of the Internet, with the need to authenticate to access certain services. In this case, an e-mail address or a pseudonym is associated with a password.
So when you claim your identity or need to identify yourself, you trust a third party. This third party could very well be the state, for a passport or ID card, or an online password storage service. With decentralized identity, there is no need for an intermediary, and therefore a trusted third party, when it comes to proving your identity.
Decentralized identity therefore allows everyone to manage their most personal data themselves. It allows you to give back control to the people concerned, gain more security with blockchain technology, and protect people’s privacy.
A solution to many problems
Before discussing the contributions of blockchain, we have to start from the current problems, whether we perceive them clearly or not. The first is data access and security. Indeed, cases of identity theft or password theft are daily and you may have already experienced it.
The second problem is a bad user experience on the Internet. Indeed, you have to remember a multitude of passwords. Some therefore prefer to use simple passwords, at the risk of being caught by a pirateor a password manager. Finally, some mandatory identity checks (KYC of establishments) are intrusive, with the potential transmission of a selfie photo.
Finally, third problem, data can be centralized, especially when using federated connection. You use it when, instead of registering for a service, you click on “Sign in with Google”, for example. It is also the same system for FranceConnect. However, this third party should be trusted and FranceConnect has had security issues before.
With decentralized identity, your data or credentials are protected in a NFTs. Remember that the NFT is unique, that it is associated with an owner, and that it is protected by the distributed ledger that is the blockchain. In other words, it is a unique identifier with proof of ownership.
In this NFT, the data is encrypted. Only the interested party has the decryption key (the private key) and only the latter decides to show their data or a trusted person in case of impossibility (the doctor for health data for example). Likewise, you can show only the data you want. Therefore, if you need to prove a date of birth, you don’t have to show your identity document, just the “date of birth” data.
Better verification of information
To create this NFT, there could be several services. First, there are centralized companies like Synaps or Archipels that check your documents (ID, proof of address, etc.) and issue you the famous NFT. Yes, this system isn’t perfect, because it implies trust in the company in question. It is therefore necessary to ensure that transmitted documents are destroyed as soon as the NFT is created.
Eventually, purely decentralized services should see the light of day, but we’re not there yet. Once you have your NFT, verifying the information is easier and safer.
A typical example that can make you smile is accessing a pornographic site. “I’m over 18” doesn’t prove the age of the person behind the screen. Also, he doesn’t necessarily want to disclaim her identity. This is where decentralized identity can help, as you only need to show your date of birth and there will be no doubts possible for the website.
Finally, one can imagine that voting could be revolutionized by a decentralized identity. Indeed, it will make it possible to democratize online voting without risk, since there will be no doubts about the identity of the person or whether he has conferred a power of attorney. Of course, it’s the entire vote that needs to be secured and not just identity verification.
Better data protection
In December 2022, the Banque de France press release on a specific call for contributions. The goal is “to use digital identity in the management of credit institution authentication”. Digital identity is simply the DID. Additionally, Archipels was selected among the three winners. The goal is simple: to strengthen the management and security of authentications, freeing institutions from this cumbersome process thanks to DID.
Bank KYC is truly an excellent example of what decentralized identity can offer to better protect data. The Synaps company also offers a module specifically dedicated to KYC (Anima). The aim is to facilitate the process, both for the interested party and for the credit institution.
Ultimately, decentralized identity is the hallmark of compliance with the General Data Protection Regulation (GDPR). One can in fact speak of perfect consensus without any possible doubt.
And we could even go beyond the GDPR: the sale of personal data. Today our data is sold to third parties quite opaquely. Tomorrow the user will be able to decide for himself whether to sell his data and to which buyer. The future will tell whether DID will revolutionize identity and personal data management.