What was once known to be the haven for geeks, the internet has now become the platform for everyone. With the advent of smartphones, it is safe to assume that we are now constantly interconnected with people and data throughout our day. Everyone relies on this technology in every facet of their lives, such as finding the best hotspots in the area, live streaming important events, or hailing rides from Uber. As more streams of data pile onto the internet, managing data are becoming a pressing issue, especially with regards to identity.
Digital identity is simply a digital medium (proofs) derived from various data attributes for attestation of identity and permission to access. Authentication has evolved into three methods over the years: password, hardware tokens (OTP), and biometric scanning. While the evolution of such technology has enabled for more security from a person to device standpoint, risks for managing and transacting with such data, are still prevalent in the internet.
Against the backdrop of the information age, the number of applications and businesses entering into the online space are rising faster than ever before. Since most online businesses cannot handle every process of their operation wholly own their own, most interoperate through a standardized interface called API. It allows two computer applications of different entities to communicate with the other, in order to execute a task or retrieve real-time data. Among many use cases, one of the most widely used API is Single Sign On, a federated identity system whereby users gain access to multiple service providers.
A federated identity model has definitely raised the bar in raising the quality of security in the online space. Unlike siloed database, it removes the burden of service providers by relying on identity providers to validate users. This shortens the registration quickly, without going through tedious rounds of KYC registration every time they want access to new services.
While the consequence of federated identity streamlined adoption process by improving user experience, it still has yet to find a way to securitize identity. Most identity providers that service providers trust rely on third-party (e.g. Google, Facebook, Naver) for authentication, which are centralized. Therefore, it is still prone to data breaches and in worst case scenario, unable use the service.
An upgraded solution to this is self-sovereign identity, where users keep control of their attributes and provide blockchain signature or zero-knowledge proofs for authentication. This is quite a unique process unlike any other verification method, since issuers, registrars, and merchants are no longer the gatekeepers of people’s identity. In order to maintain both security and privacy in the openness of the internet space, I believe more leverage should be given to an individual.
SymVerse is a platform which provides an open, self-sovereign digital identity, called SymID. Once created, a unique ID is created in form of public key hash in which multiple accounts can be created under it, allowing for various services to be used.
Every SymVerse user is given one SymID granted by a node belonging to CA. CA network is a group of servers with data mirroring, responsible for issuing and authenticating the ID as well as facilitating KYC (Know Your Customer) and AML (AntiMoney Laundering).
When creating an account under SymID, one needs to create a public and private key in the wallet first, and then apply for an account with the CA server to record the ID, country, role, and public key in the Citizen block. Here is an example field of the data attributes that gets recorded in each account:
<Public Key Hash@ Country, Mode, Trust Index, Function, Organization>
The ‘public key’ hash is used to validate the signature of the user. The ‘country’ is used to distinguish transactions between countries. The ‘role’ is used to distinguish node characteristics such as industrial functions which is used for identifying the user group of dApp. Such attributes are recorded to further heighten the security and flexibility of incoming and outgoing data.
Once SymID is created, it becomes immutable and all of the accounts’ history is recorded in Citizen block. One of the major impediments to blockchain is key management. SymID has recovery options are available when users are met with theft or leakage of their private keys, by remotely locking or creating new accounts to redirect the amount to a new balance.
— — —
SymVerse Community Official links
Official Site: https://www.symverse.com/
Telegram (ENG): https://t.me/SymVerse
KakaoTalk (KOR): https://open.kakao.com/o/ggsgzhab (password:0110)
Steemit (KOR): https://steemit.com/@symverse
Facebook (KOR): https://www.facebook.com/symverse