Beyond The Device With Self-Sovereign Identities
The first commercial transactions were face-to-face. It was a good way to ensure trust: the other person had to be physically present. And if they ran off, at least you could chase after them. But with the advent of technology, a divide has been created between people. Over the years, products evolved to bridge this gap. Mainframe computers became desktops, laptops and then mobile devices. The more intimate the interface became, the ‘closer’ individuals could become.
While this shift from physical to digital has brought many benefits, it’s also had less welcome consequences. As we’ve moved more and more online, digital platforms and processes have failed to keep up. We can’t trust them to collect, store or share our personal information safely. In fact, consumers’ information is frequently abused and misused without our knowledge or consent.
Businesses are impacted, too. They’ve been forced to add extra safeguards to outdated password-based login systems. We’ve seen the rise of 2FA, SMS, card readers, device IDs, and more – all of which are creating more friction in our everyday lives. Despite this, data breaches and identity fraud are not just commonplace – they’re actually increasing.
In 2021, the average cost of a data breach reached an all-time high of $4.24 million, even though businesses are already spending millions more to combat financial crime and meet their regulatory and compliance responsibilities.
Faced with this, and the fact that we’ve passed the peak of the smartphone era, with market saturation and a lack of real innovation leading to declining sales over the last few years. The obvious question is: what comes next?
The Need for a New Paradigm
There’s no denying that the ecosystem of modern digital services has made so many things more convenient and personal for a wide variety of users. Social media, open banking and similar platforms are changing the way the average person integrates in the world.
The reality is that, despite connecting us in so many ways, these devices and systems have taken a high degree of both control and data out of the individual’s hands and placed it in the grasp of others. From rogue hackers to data mining service providers, users have never been more at risk of having their well being attacked by forces out of their control. Despite — or really because of — the increased intimacy of these systems, consumers have found themselves potentially more vulnerable than ever before.
On top of this, businesses and developers have become increasingly reliant on the modern mobile device as the primary vector for delivering services. This is not entirely surprising, as it has become both novel and ultimately expected by many customers, but this still limits the potential. Mobile devices really just represent an interface, but the future is breaking the tether to any specific interface, bringing individuals to the forefront.
Beyond The Device
We’re already seeing new innovations that are making the latest systems more personal and powerful, bringing these platforms into a more intimate relationship with users, one that transcends how they are accessed.
This means that soon, customers won’t be locked into a specific phone, tablet, or operating system to access the online world. Their digital identity, just like their physical one, will travel with them wherever they go via the rollout of biometrically enforced digital IDs that live in the cloud and can be cryptographically proven and are tamper-proof.
Latest technological developments provide the means for a brand new combination of wireless communication, biometric identification, and cryptography – with blockchain technology and distributed encrypted cloud storage setting the stage for a new wave of the financial system.
In the current model, a user must interface with a verified phone or tablet for every transaction. But now, as we usher in the next big technological epoch, cryptographically enforced digital sovereign ID will provide ‘verified authentication and authorisation combined with verifiable credentials’ for users to access online services via cloud based solutions that not only work for the consumer, but the business and the compliance team too.
A wide range of emerging technologies and techniques will lead to the creation of a true Self-Sovereign ID, or SSI. These include Decentralised Identifiers (DIDs), Verifiable Credentials (VCs), and Key Event Receipt Infrastructure (KERI). These solutions use cryptography, zero-knowledge proofs, and blockchain elements to create systems of identification that can be cryptographically proven without the need for centralised certification.
DIDs enable users to prove their credentials independent of any centralised body or without having to give away their personal data. Infrastructure approaches like KERI will allow identity verification with or without accessing a blockchain providing a self certifying root of trust. By combining these techniques with biometrics and unique identifiers, it’s possible to create financial transactions that are secure and tied to an individual's digital identity in a private and secure manner.
People want a sense of control. They want the confidence that no one can access their data without permission. And they want stronger authentication than a password that’s all too easily forgotten – or compromised. Of course, at the same time they wish to be ever more independent and versatile, all while staying connected and for the experience to be frictionless. All of this has to be delivered in a foolproof manner that doesn't require them to learn or understand digital safety guidelines or requirements.
This is where digital IDs stand to streamline all the different ways users already interact with the various technologies that enhance our lives today. Such an ID can act as a single, trusted user account that can then access a wide variety of platforms and services. Everything from ordering groceries, accessing special events or locations, and even travel procedures, can all be made private, secure and simple utilizing this technology.
To make things even better, these types of systems can help facilitate online purchases and delivery. In the future deliveries could be made to the person, wherever they may be at that time, rather than just relying on a home or office address.
By being biometrically secure, it will be incredibly difficult for attackers to hack or impersonate legitimate customers. This stands to massively improve the current situation where fraudulent chargebacks and other dishonest activities have become a serious issue for the online service industry, and fixing this could save businesses a significant amount of money.
Even more profoundly, this technology could benefit financial services required to take part in the Financial Action Task Force (FATF) travel rule, enabling AML compliance for Virtual Asset Service Providers (VASPs), such as Exchanges, Banks and other Financial institutions.
An underlying blockchain could support security by handling authentication of credentials as well as providing trusted transactions between users and businesses. This will make transactions cheaper, faster, verifiable and transparent, helping to protect both companies and their clients.
Ultimately, the current shift is one that goes beyond users and businesses needing to have faith in their specific device or even a single interface. This can bring individuals into a new level of intimacy with each other and the various services that they interact with regularly. This represents the latest step forward in bridging the distance that was put between users with the rise of technology. Furthermore, this isn’t some distant vision of tomorrow but is happening right now and could well be what's needed for the metaverse too.Source