Geoff Goodell,Tomaso Aste

DOI: https://doi.org/10.3389/fbloc.2019.00017

2019-10-27

Abstract:Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.

Computers and Society

Giannopoulou, Alexandra

DOI: https://doi.org/10.1007/s44206-023-00049-z

2023-05-11

Digital Society

Abstract:The shift from electronic identification to digital identity is indicative of a broader evolution towards datafication of identity at large. As digital identity emerges from the fringes of technical challenges towards the legal and socio-technical, pre-existing ideologies on the reform of digital identity re-emerge with a newfound enthusiasm. Self-sovereign identity is one representative example of this trend. This paper sets out to uncover the principles, technological design ideas, and underlying guiding ideologies that are attached to self-sovereign identity infrastructures, carrying the promise of user-centricity, self-sovereignty, and individual empowerment. Considering the flourishing of digital identity markets, and the subsequent institutional interest on a European level in the techno-social promises that this identity architecture carries, this paper explores how the implementation of EU-wide self-sovereign identity shifts the already existing historical power balances in the construction of identity infrastructures. In this contribution, we argue that the European-wide adoption of self-sovereign ideals in identity construction does not address the shortcomings that identity and identification have historically faced and that instead of citizen empowerment, it puts individuals (a category broader than citizens) in a rather vulnerabilized position.

Uwe Der,Stefan Jähnichen,Jan Sürmeli

DOI: https://doi.org/10.48550/arXiv.1712.01767

2017-12-05

Computers and Society

Abstract:The interconnectedness of people, services and devices is a defining aspect of the digital revolution, and, secure digital identities are an important prerequisite for secure and legally compliant information exchange. Existing approaches to realize a secure identity management focus on central providers of identities such as national authorities or online service providers. Hence, changing residence or service provider often means to start over and creating new identities, because procedures for data portability are missing. Self-sovereign digital identities are instead created and managed by individuals, and enable them to maintain their digital identities independent from residence, national eID infrastructure and market-dominating service providers.

Joost Bambacht,Johan Pouwelse

DOI: https://doi.org/10.48550/arXiv.2203.00398

2022-03-03

Abstract:A movement for a more transparent and decentralized Internet is globally attracting more attention. People are becoming more privacy-aware of their online identities and data. The Internet is constantly evolving. Web2 focused on companies that provide services in exchange for personal user data. Web3 commits to user-centricity using decentralization and zero-server architectures. The current digital society demands a global change to empower citizens and take back control. Citizens are locked into big-tech for personal data storage and their for-profit digital identity. Protection of data has proven to be essential, especially due to increased home Internet traffic during the COVID pandemic. Citizens do not possess their own travel documents. The European Commission aims to transition this governmental property towards self-sovereign identity, introducing many new opportunities. Citizens are locked into banks with non-portable IBAN accounts and unsustainable legacy banking infrastructures. Migration to all-digital low-fraud infrastructures and healthier competitive ecosystems is essential. The overall challenge is to return the power to citizens and users again. The transition to a more decentralized Internet is the first crucial step in the realization of user-centricity. This thesis presents the first exploratory study that integrates governmental-issued travel documents into a (decentralized) societal infrastructure. These self-sovereign identities form the authentic base to a private and secure transfer of money and data, and can effectively provide trust in authenticity that is currently missing in online conversations. A fully operational zero-server infrastructure that incorporates all our requirements has been developed for Android using the P2P network overlay IPv8, and a personalized blockchain called TrustChain...

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Computers and Society

Gabriella Laatikainen,Taija Kolehmainen,Mengcheng Li,Markus Hautala,Antti Kettunen,Pekka Abrahamsson

DOI: https://doi.org/10.48550/arXiv.2105.15131

2021-09-13

Abstract:In the current global situation-burdened by, among others, a vast number of people without formal identification, digital leap, the need for health passports and contact tracking applications-providing private and secure digital identity for individuals, organizations and other entities is crucial. The emerging self-sovereign identity (SSI) solutions rely on distributed ledger technologies and verifiable credentials and have the potential to enable trustful digital interactions. In this human-centric paradigm, trust among actors can be established in a decentralized manner while the identity holders are able to own and control their confidential data. In this paper, we build on observations gathered in a field study to identify the building blocks, antecedents and possible outcomes of SSI ecosystems. We also showcase opportunities for researchers and practitioners to investigate this phenomenon from a wide range of domains and theories, such as the digital innovation ecosystems, value co-creation, surveillance theory, or entrepreneurship theories.

Computers and Society

Geoffrey Goodell

DOI: https://doi.org/10.48550/arXiv.2108.04960

2021-08-10

Computers and Society

Abstract:We propose a research initiative to explore and evaluate end-user technology, infrastructure, business imperatives, and regulatory policy to support the privacy, dignity, and market power of individual persons in the context of the emerging digital economy. Our work shall take a "system-level" approach to the design of technology and policy, considering the outcomes associated with the implementation and deployment of systems consisting of operational infrastructure, policies, and protocols for humans and computers alike. We seek to define and evaluate a set of approaches to the design and implementation of systems whose features specifically support the rights and market power of individual persons and local organisations, for the explicit goal of supporting truly consensual trust relationships and empowering local communities and organisations.

Kheng Leong Tan,Chi-Hung Chi,Kwok-Yan Lam

DOI: https://doi.org/10.1145/3616400

IF: 16.6

2023-08-17

ACM Computing Surveys

Abstract:Through digital transformation, lots of personal data are captured, but individuals often do not have ownership or control over them. This results in the emerging Web 3.0, where people demand for data sovereignty. There are actually two conceptually related terms, data sovereignty and digital sovereignty. This paper first explains these two concepts in terms of their points of focus, guiding principles, laws and regulations requirements, and then analyses the requirements and technical challenges of their implementation. To understand the emerging trend shift in digital sovereignty towards individuals taking control of security and privacy preserving over their own digital assets, this paper conducts a systematic review and analysis on Self-Sovereign Identity (SSI), which is a user-centric decentralized model and autonomy for an individual to self-determine the access and use of one's identity and credentials. The review covers existing SSI solutions and points out that an efficient key management system, the scalability and interoperability of the solution, and a well-established standard are some of the challenges for SSI deployment. Finally, the paper concludes with open issues about digital identity, including dynamic attributes, persona, and attribute ownership, that challenge the current reference architecture of SSI as well as its implementation.

computer science, theory & methods

Cristian Nicolae Butincu,Adrian Alexandrescu

DOI: https://doi.org/10.1109/access.2024.3394537

IF: 3.9

2024-05-03

IEEE Access

Abstract:The increased digitalization of society raises concerns regarding data protection and user privacy, and criticism on how the companies handle user data without being transparent and without providing adequate mechanisms for users to control how their own data is being processed or shared. To address this problem and open the way for a secure and efficient society, where the privacy of citizens is paramount, the identity concept and proof of identity mechanisms need to be redesigned from the ground up. In this paper we discuss how the emerging Web3 technologies like distributed ledger technology (DLT), blockchain, smart contracts, decentralized storage systems, and crypto wallets can be leveraged to design and implement a decentralized digital identity system based on decentralized identifiers (DID) and self-sovereign identities (SSI). Such a system puts the users in full control over their own data while also providing a solid backbone for building interoperable systems that are secure, scalable, and efficient. We propose different architectures for the decentralized identity infrastructure and storage layer, and also discuss the mapping of these architectures on cloud platforms. The main goal is to provide an architectural blueprint for a scalable, secure, privacy-preserving and trusted system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kheng-Leong Tan,Chi-Hung Chi,Kwok-Yan Lam

DOI: https://doi.org/10.48550/arXiv.2202.10069

2022-02-21

Cryptography and Security

Abstract:Advances in emerging technologies have accelerated digital transformation with the pervasive digitalization of the economy and society, driving innovations such as smart cities, industry 4.0 and FinTech. Unlike digitization, digitalization is a transformation to improve processes by leveraging digital technologies and digitized data. The cyberspace has evolved from a hardware internetworking infrastructure to the notion of a virtual environment, transforming how people, business and government interact and operate. Through this transformation, lots of personal data are captured which individuals have no ownership or control over, threatening their privacy. It is therefore necessary for the data owners to have control over the ownership, custody and utilization of their data and to protect one's digital assets and identity through proper data governance, cybersecurity control and privacy protection. This results in the notions of data sovereignty and digital sovereignty - two conceptually related terms, but different focuses. This paper first explains these two concepts in terms of their guiding principles, laws and regulations requirements, and analyse and discuss the technical challenges of implementing these requirements. Next, to understand the emerging trend shift in digital sovereignty towards individuals to take complete control of the security and privacy of their own digital assets, this paper conducts a systematic study and analysis of Self-Sovereign Identity, and discuss existing solutions and point out that an efficient key management system, scalability and interoperability of the solutions and well established standards are some of its challenges and open problems to wide deployments.

Nikhil Ghadge

DOI: https://doi.org/10.5121/ijci.2024.130401

2024-07-13

International Journal on Cybernetics & Informatics

Abstract:Ensuring the security of digital identities has become increasingly critical in today's interconnected world. This research investigates the intricate difficulties around securing digital identities, spanning technological, human, legal, and regulatory aspects. Key technological hurdles include vulnerabilities in authentication mechanisms, risks associated with biometric data, issues with multi-factor authentication, and challenges in implementing secure hardware. Human factors like social engineering threats, lack of awareness and education, insider threats, and psychological impacts of identity theft further complicate the landscape. Working though legal requirements and adhering to regulations, such as with data protection laws, cross-border data security issues, establishing digital identity standards, and balancing privacy and security concerns pose additional obstacles. The paper highlights the severe implications of unsecured digital identities and provides recommendations for enhancing security through a multi-pronged approach involving technological advancements, educational initiatives, and ethical considerations. The appeal underscores the pressing necessity for continued research. and collaborative efforts to bolster encryption, authentication protocols, and policy enforcement mechanisms in the digital domain.

Michele Guido Mario Lavizzari,Marco Di Luzio,Claudio Tommasino

DOI: https://doi.org/10.69554/siex7783

2021-06-01

Abstract:This paper aims to illustrate how digital identity has become an important element of business transformation in the financial sector and how digital identity is evolving from an asset to support business in a new revenue stream. In an increasingly digitised world, the trusted digital identity assumes the important role of enabling the legal validity of any type of digital transaction. This centrality has attracted huge investments by companies to make the onboarding of online customers and the release of digital credentials to their customer base increasingly effective and frictionless, while preserving compliance and user experience. We illustrate the main models adopted in the current context in which a progressive transfer is taking place from identification processes helped by specialised staff to completely unattended processes. Finally, we show how the digital identity evolution is moving to a new paradigm that will revolutionise the approach to digital identity management. Thanks to the development of Blockchain technologies, digital identity is evolving even further. In the self-sovereign identity (SSI) vision, digital identities will no longer be merely an element to support commercial transactions but a new strategic asset to leverage in order to generate new business. This new paradigm will offer a new business opportunity to banks that will allow them to capitalise their information assets securely in full compliance with the privacy protection regulations, General Data Protection Regulation (GDPR). In the new SSI paradigm, digital identity management of the customer base represents the asset around which financial institutions must leverage to create new value, develop new business models and generate new revenue streams.

Ana Beduschi

DOI: https://doi.org/10.1017/dap.2021.15

2021-01-01

Abstract:Abstract The COVID-19 pandemic has exposed the need for more contactless interactions, leading to an acceleration in the design, development, and deployment of digital identity tools and contact-free solutions. A potentially positive outcome of the current crisis could be the development of a more data privacy and human rights compliant framework for digital identity. However, for such a framework to thrive, two essential conditions must be met: (1) respect for and protection of data privacy irrespective of the type of architecture or technology chosen and (2) consideration of the broader impacts that digital identity can have on individuals’ human rights. The article draws on legal, technology-facing, and policy-oriented academic literature to evaluate each of these conditions. It then proposes two ways to leverage the process of digitalization strengthened by the pandemic: a data privacy-centric and a human rights-based approach to digital identity solutions fit for post-COVID-19 societies.

Ben Biedermann,Matthew Scerri,Victoria Kozlova,Joshua Ellul

DOI: https://doi.org/10.1109/blockchain62396.2024.00089

2024-09-27

Abstract:The terms self-sovereign identity (SSI) and decentralised identity are often used interchangeably, which results in increasing ambiguity when solutions are being investigated and compared. This article aims to provide a clear distinction between the two concepts in relation to the revised Regulation as Regards establishing the European Digital Identity Framework (eIDAS 2.0) by providing a systematisation of knowledge of technological developments that led up to implementation of eIDAS 2.0. Applying an inductive exploratory approach, relevant literature was selected iteratively in waves over a nine months time frame and covers literature between 2005 and 2024. The review found that the decentralised identity sector emerged adjacent to the OpenID Connect (OIDC) paradigm of Open Authentication, whereas SSI denotes the sector's shift towards blockchain-based solutions. In this study, it is shown that the interchangeable use of SSI and decentralised identity coincides with novel protocols over OIDC. While the first part of this paper distinguishes OIDC from decentralised identity, the second part addresses the incompatibility between OIDC under eIDAS 2.0 and Web3. The paper closes by suggesting further research for establishing a digital identity bridge for connecting applications on public-permissionless ledgers with data originating from eIDAS 2.0 and being presented using OIDC.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Zhikui Chen

DOI: https://doi.org/10.1109/CHINACOM.2007.4469418

2007-01-01

Abstract:User trust and empowerment (in terms of their personal data control) are areas that must be addressed thoroughly when talking about identity and business models for distributed communication systems. Protecting the privacy of users is a challenging problem for identity management systems, which can only be achieved if it gives users complete control over their identity data. However, none of the existing solutions offers this possibility. Based on a user-centric virtual identity defined by EU IST project Daidalos, this paper proposes an effective infrastructure to authorize the privacy-enabled pervasive service, which protects the context-driven access policies for online services in order to avoid attacks by malicious eavesdroppers. In the proposed infrastructure, SMAL and Diameter are used to securely protect and deliver authenticated and authorized entities and XACML is used to authorize the user-level privacy policy. The proposed infrastructure is partially integrated into the Daidalos demonstration platform.

Hal Abelson, Lawrence Lessig, Paul Covell, Steve Gordon, Alex Hochberger, James Kovacs

1998-12-10

Abstract:Currently there is no generic system for identification in cyberspace. It is not possible to absolutely identify an entity or to accurately tell whether an object has a specific characteristic. Digital environments have inherent differences from real space which causes this discrepancy, and when implementing an identity system for cyberspace one needs to consider more than just the architectural nature of the system—any system chosen will have social repercussions which need to be also taken into account.

Marek Tiits,Tarmo Kalvet,David McBee

2024-12-10

Abstract:This paper addresses critical questions surrounding the security of government-issued identity documents and their potential misuse, with an emphasis on understanding the perspectives of ordinary citizens across Europe and the United States of America. Drawing upon research on technology acceptance and diffusion, the research focuses on understanding the factors that influence users' adoption of novel identity management solutions. Our methodology includes a comprehensive, census-representative survey spanning citizens from France, Germany, Italy, Spain, the United Kingdom, and the USA. The paper's findings underscore a robust confidence in government-issued identity documents, contrasted by a lower trust in private sector services, including social media platforms and email accounts. The adoption of artificial intelligence for identity verification remains contested, with a significant percentage of respondents undecided, indicating a need for explicit explanation and transparency about its implementation and related risks. Public sentiment leans towards acceptance of government data collection for identification purposes; however, the sharing of this data with private entities elicits more apprehension.

Computers and Society

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security

Will Abramson,Nicole E. van Deursen,William J Buchanan,Nicole E Van Deursen

DOI: https://doi.org/10.30953/bhty.v3.140

2020-07-09

Blockchain in Healthcare Today

Abstract:A substantial administrative burden is placed on healthcare professionals as they manage and progress through their careers. Identity verification, pre-employment screening and appraisals: the bureaucracy associated with each of these processes takes precious time out of a healthcare professional's day. Time that could have been spent focused on patient care. In the midst of the COVID-19 crisis, it is more important than ever to optimize these professionals' time. This paper presents the synthesis of a design workshop held at the Royal College of Physicians of Edinburgh (RCPE) and subsequent interviews with healthcare professionals. The main research question posed is whether these processes can be re-imagined using digital technologies, specifically Self-Sovereign Identity? A key contribution in the paper is the development of a set of user-led requirements and design principles for identity systems used within healthcare. These are then contrasted with the design principles found in the literature. The results of this study confirm the need and potential of professionalising identity and credential management throughout a healthcare professional's career.

English Else

Roberta Centonze,Roberto Reale

DOI: https://doi.org/10.48550/arXiv.2106.11714

2021-06-22

Computers and Society

Abstract:The importance of digital identity as a foundation for digital public services is considered. As the classical, centralised model digital identity has proven to be subject to several limitations, self-sovereign identities are proposed as replacement, especially in the context of e-government platforms and direct participation to policymaking (e.g. through e-voting tools).

Thomas Hardjono

DOI: https://doi.org/10.48550/arXiv.1906.03552

2019-06-09

Abstract:The digital identity problem is a complex one in large part because it involves personal data, the algorithms which compute reputations on the data and the management of the identifiers that are linked to personal data. The reality of today is that personal data of an individual is distributed throughout the Internet, in both private and public institutions, and increasingly also on the user's devices. In order to empower individuals to have a say in who has access to their personal data and to enable individuals to make use of their data for their own purposes, a coherent and scalable access authorization architecture is required. Such an architecture must allow different data holders, data providers and user-content generators to respond to an individual's wishes with regards to consent in a federated fashion. This federation must allow an individual to easily manage access policies and provide consent as required by current and forthcoming data privacy regulations. This paper describes the User Managed Access (UMA) architecture and protocols that provide the foundation for scalable access authorization.

Cryptography and Security