Decentralised identity – Cybersecurity Futurespection
Decentralised identity is required for a stronger more secure future. Security of the future will be something entirely different from what we currently have. Currently, across the metaphorical board, companies are asking people to sign up for sites, offers, news updates etc. You get the point.
Signing up for external digital elements will still exist of course.
What we actually give these entities will be completely different from what we currently do today.
As it stands, generally, we input basic information which is then stored by said company. Few know exactly where, most probably using cloud storage. This, by definition, is centralised. Your information is in trust with a separate entity from yourself. This is a centralised entity. This entity also has the information of many more people than just yourself.
Ideally the security of this central point should be as high as possible. Unfortunately the nature of centralised storage means this is the easiest point of attack for the unscrupulous. Hackers regularly attack areas of centralised storage for the mass data within.
This mass data includes your name address phone number etc, depending on what the specific entity requires from its user base of course.
As with all structures under siege, attackers will find the easiest point of entry.
So what will change?
This needs to be focused on using common sense and logic:
- The corporate entities will still desire your information in order to use their services.
- Signing up needs to be trustless (your digital ID should be the only requirement) in order to evolve to a better form.
Decentralisation is actually more secure as there is no single point of failure to be exploited.
To name a few. This will need to work with decentralised cloud storage along with login systems.
The future will probably involve around your personal details etc bundled into a decentralised digitally encrypted wallet.
The wallet will be able to store all personal details that any site or entity would ever need. You will have full control over which pieces of information are sent to which entities.
An important point to note here is that the entity will not need to know anything about you. As long as your DID (Decentralised identifier) checks out as valid. This will be the only requirement.
The DID is verifiable”self-sovereign” digital identity.
Regardless who uses or develops each DID wallet dapp (decentralised app), the general architecture will be cross platform and trustless.
Your personal wallet has your bio-metrics stored inside. Nobody else can actually see this stored information without your private key.
To the outside digital world though nothing is shown unless you require it.
Signing up to a site or service that requires say, an age limit of over 21 will be instantaneous. Your public address will simply provide this information with no proof needed. The site will not allow access unless the wallet proves you are legitimate. Without entering your passport details, for example, into your wallet, the site signup will be denied. The key point to take from this is that the site involved knows neither your age nor date of birth but will permit signup.
There are already a few organisations working on decentralised identity processes:
Thanks for reading. For more gadget tips and musings, check out Gadgethelpline.