Current identity paradigms are broken
The digital identity and authentication systems suffer from multiple shortcomings and their current state is effectively broken. These systems are fragmented, siloed between and controlled by big businesses and governments through multiple centralised servers. This results in:
- Insecure systems comprising centralised identity servers that act as honeypots for hackers
- Extremely poor user experience requiring repeated registrations and logins with usernames, passwords or government identifiers (Aadhaar, PAN etc)
- No control by the user over her own identity or data
- Compromises on User privacy information
Thus the current paradigms are not only frustrating for the end-users, they also put onus on businesses and governments to manage and secure sensitive identity related data of the user.
Cryptography and Blockchain to the rescue
Public key cryptography and associated technologies like digital signatures have been used in the past to solve problems related to authentication although they have seen limited usage in user identity systems. Blockchain technology has taken cryptography mainstream through cryptocurrencies like Bitcoin and Ether and has been the subject of intense and growing attention among governments, technologists, and investors. Blockchain is just a distributed database comprising blocks of data, each of which contains a list of previous transactions. The underlying technology enables creation, distribution, and protection of distributed ledgers and the potential to ensure the integrity of sensitive data records.
Blockchain and other cryptographic constructs like Zero knowledge proofs and anonymous credentials etc. also hold promise to solve the fundamental problems associated with digital identity. These could be used to build a whole new paradigm for managing digital identities in the form of self-sovereign identity.
Self-sovereign identity enables users to store their own identity data on their own devices, and provide it efficiently to those who need to validate it, without relying on a central repository of identity data. This means moving from siloes holding different versions of a user’s identity to a user-controlled identity, in an identity app on a smartphone. Users control their own identity and authorise who can see it, and in what form. Do reach out to us if you’re an entrepreneur or investor and want to understand how we’re trying to solve this mess!