THE HEART OF THE DGT PLATFORM
The Premise
Digital identity solutions are not keeping up with modern reality. They are not developing fast enough to accommodate emerging decentralized business models and are falling behind the multi-faceted identities of today’s digital netizens.
There have been two major approaches to digital identity. First, centralized solutions run by enterprises and governments. Second, federative ones run by digital behemoths like Google and Facebook. This occupied, divided, and thus sub-competitive market is plagued by data leaks. As of 2019, cyber-attacks were considered by the World Economy Forum to be among the top five risks to global stability. Since 2019, the number of data breaches has quadrupled, costing $6 trillion USD in 2021; while 31% of date breach victims later had their identity stolen (Experian).
Moreover, these rigid “legacy” solutions fail to address the most basic reality – the need for multiple identities embodied by each person in response to context, profile, and social situation. The typical ID verification solutions focus on multiple proofs validating one’s identity, instead of people having multiple identities depending on where they are applied. Users resort to “fake” and “side” accounts to split main job profiles from side hustles, medical profiles from economic transactions, co-workers from close friends. In this reality, no central identity ownership is possible. The digital space is grotesquely fragmented. It lacks a security solution where each person would have a way to authorize their real selves on any service, without sharing unnecessary information they want hidden in a given context (or having it stolen and tied back to them with a near-certain data leak).
There have been interesting developments to challenge this bleak status quo. SSID (self-sovereign identity) is one, so are the standards disseminated by the World Wide Web Consortium (W3C). world wide web consortium. But even these generals are fighting a past war, addressing past economic models, instead of new classes of business tasks.
DIGITAL IDENTITY AND BLOCKCHAIN
The lack of digital identity solutions that address security and fragmentation remains one of the most important barriers behind the scenes to blockchain’s enterprise adoption.
Classic blockchains process operations based on a pair of keys (private and public), leaving the body of transactions open, but the owners of the keys anonymous. This is acceptable for anonymous P2P financial transfers but cannot work for asset management. Corporations that aim to tokenize their assets, as well as the accompanying markets require the security of identification. Public blockchains do not provide any basis or identifications. Private blockchains (such as Hyperledger Fabric) partially solve the problem by introducing X.509 certificates with a centralized PKI structure. However, they remain unscalable due to the difficulty of free participants joining them and thus are pseudo-decentralized, i.e., missing out on the cost and operational advantages of decentralization.
In addition to anonymous key holders, the open bodies of transactions are a problem. Transactions must be open in some form to be processed by decentralized agents with a common registry. Yet, to unambiguously represent digital objects, the attributes of tokenized entities should be hidden from prying eyes and available only to authorized uses. This requires storing encrypted attributes outside the blockchain network (off-chain) and management of authorized access to link off-chain attributes on-chain.
Unsatisfied with the current solutions and their inability to make blockchains not only useful, but even usable by enterprises in the long-term, we developed our own solution to these problems.
Dgt identification management system
DGT IDMS combines the seemingly contradictory capabilities of sharing transactions publicly with user anonymity (classic blockchain model) and processing them with concealed sensitive content and user identification.
DGT IDMS supports several key functions:
• It supports the process of generating public and private keys, generated on the client side, but with required cryptographic unification. These can be created for a user, node, digital object, tokenization event, etc.
• Creating a decentralized DID identifier and its body (DID – DOD document); assigning a public key to DID and verifying whether it corresponds to an identified object.
• Creating and verifying a set of properties for an identified object (VCs, Verifiable Credentials).
• Storage of Verifiable Credentials. We created a division between off-chain and on-chain operations and used our H-Net architecture to assign different node roles, such as arbiters for on-chain security, and notary nodes that work as oracles with external systems.
Next Steps
DGT IDMS sets out to provide security and identification necessary for serious enterprise asset tokenization. Read more about DGT IDMS here.