Digital Identities on Calcium.Network
(also known as self-sovereing identities, SSI)
From the authors: it might be a bit boring and not that interesting to read this article, but we still recommend that you do read to better understand the issues of security and personal data exposure in modern systems, and ways to solve the mentioned problems relatively safely to some degree.
The problem of classic accounts
We all are definitely used to login to different sites and services: sign in and provide a lot of different data about ourselves. And much worse we trust the developers and operators of those services that store our data, activity and messages. We have to trust the license agreements, the promises of website operators that no one will ever violate our privacy, hack the account and act on our behalf. Or we do not trust, but forced to agree.
In case it is so great, why do databases of hacked websites pop up with remarkable frequency on the Internet? Why do data archives with user logins and passwords appear around the net? Is there any guarantee that someone on your behalf will never write a bad message on the forum, or, even worse, won’t make a payment from your balance?
Weak privacy
The first problem only few people think about, is access to our personal information stored in various services.
When you store a name, surname, phone number, passport number or something else important - there is no guarantee that one day this data will not get into the third party’s hands.
Lack of control
The second problem is that even if the service provides more or less reliable protection of our data from outerworld attack - there is always a hypothetical opportunity for an attacker from inside. It could be either hacking or an offended employee pretending to be you: sending someone a malicious message, transferring money from an account, etc.
Non-reliable confirmation of actions
In addition, only few services offer high-quality confirmation mechanisms on what is going on with your account.
Even if the service makes promises to confirm every move, we still have to trust it and hope for the high-quality implementation.
In fact, we are forced to rely on the ability of a third party to ensure the physical safety of our account.
Possible Solution
If we analyze the available information about hacking and improper use of other’s accounts, obviously the only effective way to protect our virtual identity is to make it physically impossible to use your virtual identity without your consent. Literally.
This may surprise you, but most of the services are designed in a completely different way of working with your personal data, with all of the resulting negative implications described above.
How do we solve this problem? Let’s take a look at the experience of blockchain projects and cryptocurrency developers. The key concept of safety there is that each user is an independent custodian of their own vital data.
There is even a public concept “Not your keys - not your coins” It promotes the idea of holding keys to your coins. And in case if you trust them to someone else then this is not your coins anymore, but just someone else’s promises.
That’s why in blockchain projects each user usually has its own private set of keys (sometimes even more than one) in the disposal, and uses them to unlock funds and sign transactions. This way, a potential attacker will neither be able to send a message signed by you, nor to make a transfer.
After collecting all the pieces of the puzzle we get the concept of self-sovereign identity (SSI). Something that is relatively new to the world but it is being discussed and applied to some real-life projects.
This is how your accounts and private data can be protected. You become the sole owner of the keys used to sign and confirm your actions. If you ever think about a real life safe holding the valuable assets – then yes, it is your own protected safe for a digital world, with keys in your hands only.
How does it sound?
Introduction to the concept of Self-Sovereign Identity (SSI)
While moving forward and trying to secure our network identity with personal keys, we come up with the idea of digital identification (self-sovereign identity). This is when we are presented on the network not by email and password, not by a set of personal data, but by the public key - a sequence of letters and numbers that are unique and provide the mathematical proof of keys ownership.
The creation of digital identity is extremely easy - it takes little to no effort. This means that we can create several identities for ourselves, and even within the same service. By using a proper identity we can identify ourselves with a different level of publicity when needed.
That fact in its turn leads us to understanding that by using this approach we have several types of digital identity at our disposal, with a different level of privacy.
The concept of private Digital Identity
In case of grave concern about your own security you are free to use a digital identity without any identifying information. Up to using it only once.
It is important that a private digital identity does not imply unconditional anonymity. There are verification mechanisms available to confirm personality, as described below.
The concept of public Digital Identity
If you are a public person and use to present yourself as a brand, to profit from it, or provide public and media presence, you can link the public data (nicknames, accounts on social networks, etc.) to your digital identity. At the same time you still control all the actions that need to be confirmed by your identity.
The concept of Verified Identity
In some cases, using a digital identity without additional information will be pointless. Services may require identification by citizenship, age restrictions, exchanges may require KYC validation and so on. In any case, users are faced with a need to disclose information to a third-party service, at least partially. But is it possible to reduce the risks? Yes, to some degree.
In many cases, a confirmation from a third party may be sufficient without disclosing the information itself. That brings us to the concept of data verification. Verification center may obtain your personal data once at the initial stage. In the future it can respond to services we a validation result only - whether your digital identity meets the specified criteria without receiving the information itself.
The simplest example is if you are of a legal age. In most cases, using the data from your id card or a passport, the verification center can give the answer “adult / not adult.” Which should be sufficient to prove your age without disclosing it. Why would a service need to know your exact age, right?
Future outlook
Digital identification technology along with registering data on the blockchain may well allow you in some cases to use verification even if the verification center is not available at the moment.
Implementation of such approach in centralized services (which are currently the majority) allows to keep all the advantages of being in control of access to your private data. And with further deep integration - your actions can also be controlled as well.
Calcium Digital Identity Management
Calcium.Network is a decentralized ecosystem. There is no single point of control that is fully responsible for the quality of services that will appear on the network in future. For this reason, the concept of digital identification is embedded into the network architecture as one of the cornerstones of the entire ecosystem and your security.
From the enduser’s point of view - you get a full-fledged tool to ensure your privacy and minimize risks. The concept has been implemented at the core software level and in open-source libraries.
Control via action
Any service on the net needs to distinct users. And Calcium service must support users idenification via the Calcium Digital Identity.
In this case endusers have full control over the actions service does to users’ personal data – including signing and publishing messages, transmitting funds and so on.
Multiple Identities
Since this concept of identification implies the possibility of using several digital personalities - the user is free to choose which of several digital personalities to use for signing up or logging into
Digital Identity management app
The standard Calcium repository of your digital identities is a key element of your security in the Calcium.Network. It is crucial to preserve your digital identities.
The Identity Management Application will request your confirmation every time new service tries to connect to your digital identity, or when such a service is trying to perform something important on your behalf.
The identities storage is based on the root key, which can be generated in various ways. It is used to create new digital identities, and can be used to restore the bulk of your key data even if your phone or tablet is lost.
IMPORTANT INFORMATION: Regardless of the way the primary key was generated initially, ensure the safety of the key itself, or credentials used for its generation. This will restore your digital life in the Calcium.Network in case of problems with your device.
Examples of using Calcium Digital Identity
For example, while using the standard Calcium messenger, you do not need to create a separate account with a name and password. Simply select which digital identity from the list of available you want to use.
If your digital identity is public and has additional information registered on the blockchain, the messenger will automatically download it. Other parties software will do the same, thus presenting you under a publicly known nickname and additional accompanying data.
If you send donations to authors of interesting content, or send cryptocurrency to your contacts - for additional security you can create a separate digital identity, with separate wallets intended only for payments inside the messenger.
At the same time, the digital identity management application allows to manually control each operation, like sending a message or funds. Automated control rules can also be configured for trusted services.
The cost of using Calcium Digital Identity (nothing, or low to zero).
For regular user creating and using a digital identity costs nothing. Key generation and management is carried out on the user’s device, and interaction with services is provided by the Calcium.Network architecture.
For public accounts, registration of public information on the blockchain will be required. The amount of expenses (in UFO cryptocurrency) is a total of the cost of payment for a specific public service that was enforced at the time of publication, additionally the commission of the UniformFiscalObject blockchain will apply.
GDPR compatibility
The following paragraph is not any kind of legal advice and should not be used as an official statement.
The European Data Protection Regulation declares that residents have full control over their personal data, including the rights to restriction of processing, rights to data portability and so on.
For more information on personal data protection please refer to the proper official GDPR documentation.
Conclusion
Like any technology in Calcium.Network, this concept is experimental and may change significantly, as the network evolves.
The concept of digital identity (or self-sovereign identity) is designed to protect users from unfair access to personal data, and prevent modification of such data or trading it by third parties without owner’s permission. There is no doubt that sole control over keys opens up great opportunities for ensuring privacy. Within reasonable limits it makes it possible to use untrusted services with a better level of protection
Implementation of this feature in Calcium.Network means that digital identity of the user can be protected at least at the same basic level as crypto assets are.