In our rapidly digitalising world, identity management is hugely significant. Traditional identity systems, which are centralised and controlled by third parties, exhibit characteristics that many deem undesirable. This is where self-sovereign identity (SSI) – a transformative concept that empowers individuals, ensures privacy and eradicates central points of failure – comes into play. Would you like to know more? Then join us as we explore why SSI is absolutely indispensable for our future.

The vulnerabilities of traditional identity management

Traditional systems rely on central authorities (governments or private service providers). Such centralisation creates both the potential for surveillance of all users, and a single point of attack or failure. Personal data and means of authentication are stored in centralised databases, where they are vulnerable to both breaches and unauthorised access. Websites like https://haveibeenpwned.com/, where over 13 billion user accounts from over 750 website breaches are tracked, provide undeniable proof of just what a major problem this is.

Individual privacy is eroded as centralised identity providers collect and exploit user information without explicit user consent. For some corporations, this is an excellent business model, and the success and value of websites like LinkedIn and Facebook are built on such exploitation of private data through targeted marketing campaigns.

Empowering individuals

SSI shifts the paradigm on how we treat personal data. SSI allows users to manage their identity data and decide what to share, with whom and when. Verifiable credentials (VCs) allow users to present cryptographically verified information without revealing unnecessary details (‘selective disclosure’) and without being traceable by a central authority. SSI ensures explicit user consent for data sharing, eliminating hidden terms and conditions and enforcing data privacy laws by default.

Digital signatures, as used on documents or in X.509 certificates, can be used to track signing parties. To prevent recipients of VCs from using digital signatures to track VC owners across use cases, SSI supports cryptographic algorithms that eliminate this weakness and guarantee unlinkability. However, it may still be possible to track individuals based on the information they share with recipients, but this is simply unavoidable in specific use cases.

Enhancing security

VCs are cryptographically signed. This ensures that any attempt to modify the data contained in a VC is immediately obvious (‘tamper evident’). Cryptographical signatures also provide the means to uniquely identify issuers of VCs and therefore to assess the trustworthiness of the data.

Advanced cryptography is used to implement what is known as ‘selective disclosure’. This gives owners the choice, for every transaction, of what data stored on VCs should be shared and what data should not be disclosed. Certain implementations also support zero-knowledge proof. Based on information in the VC (e.g. date of birth), it is possible to reveal derivative information (e.g. that you are over the age of 18) without disclosing the underlying data.

Eliminating central points of failure

SSI is decentralised by design and operates without a central authority. Since there is no central authority, resilience is built-in and the system remains functional even if an issuer or verifier fails.

All data in the system is distributed and is always stored in the owners’ wallets. A direct data breach that would put all the data in the entire system at risk is almost impossible, since such a breach would involve successfully hacking all of the mobile wallets at the exact same time.

Some centralisation may be introduced depending on the solutions chosen for maintaining trust lists, where a wallet can verify the authenticity and identity of issuers and verifiers, and also depending on the revocation checking solution. There are decentralised solutions for both requirements, but discussions are still ongoing.

Public-private partnership in operation

The idea that government and private organisations can collaborate in numerous use cases is certainly not a new one. But with SSI, a new and more viable approach to this idea is taking root.

SSI is an open system, and it is by design very much suitable for supporting many different ecosystems (e.g. government, healthcare, finance, sports and entertainment), with different requirements as regards security, trustworthiness and quality. Many use cases are only enabled when issuers and verifiers come from different ecosystems and limitation to government use cases is undesirable. Of course, the private sector can benefit from government-issued verifiable credentials (e.g. E-ID, driving licence), but government agencies could also profit from VCs issued by the private sector (tax authorities receiving salary certificates or bank statements as VCs).

SSI lends itself well to creating ecosystems spanning multiple industries and enables seamless data exchange across these ecosystems.

International and global impact

SSI does not stop at a country’s borders. It facilitates secure cross-border transactions without relying on centralised authorities. Legal hurdles are being removed as we speak, and EU-wide legislation is forming a firm foundation for international collaboration.

Join the SSI revolution – your identity, your rules!

Blognews directly in your mailbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge