While Web3 has had a tough 2022, projects continue to build. This is the case, for example, with the decentralized identity that the Banque de France may eventually use.
When we talk about the ecosystem blockchainwe generally link Bitcoin and cryptocurrencies, NFT and now metaverse. However, we forget that this technology is above all a contribution in terms of information security. As such, decentralized identity is a concept that could revolutionize how people identify.
Sometimes referred to by the acronym DID for decentralized identity or decentralized identifier, decentralized identity is a concept that reconciles the protection of personal data and the securing of the same data by the blockchain. DID responds to concrete problems encountered every day by everyone on the Internet, sometimes without even knowing it.
What is decentralized identity?
Decentralized identity is inseparable from our identity, which we must prove in certain situations, such as when crossing a border. This identity extends to the Internet world, with the need to authenticate to access certain services. In this case, an e-mail address or a nickname is associated with a password.
So when you declare your identity or need to be identified, you trust a third party. This third party may well be the state, for a passport or an identity card, or an online password storage service. With decentralized identity, there is no need for an intermediary, and therefore a trusted third party, when you need to prove your identity.
Decentralized identity therefore allows everyone to manage their own personal data. It makes it possible to return control to the persons concerned, to obtain more security thanks to blockchain technology and to protect the privacy of individuals.
A solution to many problems
Before discussing the contributions of blockchain, we need to start from the current problems, whether we perceive them clearly or not. The first is data access and security. Indeed, cases of identity theft or password theft are everyday and you may have already experienced it.
The second problem is a bad online user experience. In fact, you have to remember a bunch of passwords. Therefore, some prefer to use simple passwords, risking being discovered by a hacker, or a password manager. Finally, some mandatory identity checks (KYC of institutions) are intrusive, with the possible transmission of a selfie photo.
Finally, the third problem, data can be centralized, especially when using federated connectivity. You use it when, instead of signing up for a service, you click on “Sign in with Google”, for example. It is also the same system for FranceConnect. However, this third party must be trusted and FranceConnect has already had security issues.
With decentralized identity, your data or credentials are protected in a NFT. Remember that the NFT is unique, that it is tied to an owner, and that it is secured by the distributed ledger, which is the blockchain. In other words, it is a unique identifier with proof of ownership.
In this NFT, the data is encrypted. Only the person in question has the decryption key (the private key) and only the latter decides to show his data or a trusted person in case of impossibility (for example the doctor in charge of health data). Similarly, it is possible to display only the desired data. Thus, if you need to prove a date of birth, you do not need to show your identity document, but only the “date of birth” data.
Better information verification
To create this NFT, there may be several services. First, there are centralized companies like Synaps or Archipels that check your documents (ID document, proof of address, etc.) and issue you the famous NFT. Yes, this system is not perfect, because it involves trust in the company in question. It is therefore necessary to ensure that transmitted documents are destroyed as soon as the NFT is created.
Eventually, purely decentralized services should see the light of day, but we’re not there yet. Once you have your NFT, verifying information is easier and more secure.
A typical example that can make you smile is accessing a porn site. “I’m over 18” does not prove the age of the person behind their screen. Besides, she doesn’t necessarily want to reject her identity. This is where decentralized identity can help, as it is enough to show only the date of birth and there will be no possible suspicion about the website.
Finally, it is conceivable that voting could be revolutionized by decentralized identity. Indeed, it will make it possible to democratize online voting without risk, since there will be no doubt about the identity of the person or whether he has given a proxy. Of course, the entire vote must be secured and not just identity verification.
Better data protection
In December 2022, Banque de France press release for a specific call for contributions. The objective is “the use of digital identity in the authentication management of credit institutions”. Digital Identity is simply DID. Furthermore, Archipels was selected among the three winners. The objective is simple: strengthening the management and security of authentications, freeing institutions from this cumbersome process thanks to DID.
Bank KYC is indeed a great example of what decentralized identity can bring to better protect data. The Synaps company also offers a module specifically dedicated to KYC (Anima). The aim is to facilitate the process, both for the interested person and for the credit institution.
Finally, decentralized identity is a prerequisite for compliance with the General Data Protection Regulation (GDPR). We can indeed speak of perfect consent without any possible doubt.
And we can go even further than GDPR: selling personal data. Today, our data is sold to third parties in a rather obscure way. Tomorrow, the user can decide for himself if he wants to sell his data and to which buyer. The future will tell if DID will revolutionize identity and personal data management.