The future-oriented industry around the Internet of Things offers a multitude of improvements on all levels. To increase productivity, strengthen infrastructure or calculate vulnerability indices we rely on information. It must originate out of trustworthy sources, which can reliably provide data without filters, intermediaries, or manipulation by unauthorized third parties. When devices, working in an autonomous sector, make decisions based on external information, there is no room for mistakes, especially considering that a significant part of the future’s infrastructures will be managed by self-sufficient machines and devices. To illustrate by example: A future vehicle should have to stop at an intersection, react to speed limit signs, and unexpected obstacles such as potholes or passing deer. At the same time, it will have to forward this data on to surrounding entities in the mesh network of the IoT machine and data economy. Enabling this has not been fully possible in the past because the mutual trust among each other was not completely feasible and has therefore been a challenge. However, the emerging and differentiated World Wide Web Consortium (W3C) standard for Decentralized Identities and Verifiable Credentials has overcome the drawbacks associated with establishing trust for the first time.

DID’s and VC’s? An Explanation:

Decentralized Identifiers (DIDs) are identifiers which uniquely determine a person or an object. They consist of a non-manipulative string of characters that refers to an identity information resource, like the function of a website address. The key difference to other identity systems, which delegate the creation and administration of these unique identifiers to a single authority, is that the DID remains under the control and management of the individual entity.

What a unique identifier can look like:

As you can see in the picture above, a DID is split into three parts. The schema describes that it is a DID. The DID method refers to the Distributed Ledger which also allows a multitude of ledgers to co-exist and interoperate with each other in an SSI ecosystem. The method-specific identifier points to the resources within the specific Distributed Ledger.

By searching the DID on the ledger, the identity origin, the DID Document, of the person or object is found. The DID Document contains endpoints, as well as parameters that allow a third party to verify an identity and establish a trusted interaction with it. The DID and the DID document form the decentralized identity.

The Distributed Ledger Technology (DLT) is based on the fact that information is not stored centrally (e.g., on a server). Therefore, the database is virtually always accessible for participants, as availability does not depend on individual servers. Instead, identical copies of the data are distributed to network participants. The copies are continuously updated so that each participant always has a valid version of the ledger. In the Distributed Ledger eco system, many complete copies of the data history exist, therefore tampered data can be immediately detected by participants. These characteristics are important in terms of Decentralized Identities since we use the Distributed Ledger as an identity repository by securely storing identity information in the form of the DID Document.

A Verifiable Credential is a provable statement about an identity, acting just as documents such as diplomas or driver’s licenses would. In the real world, credentials depend on the trust and proof of the authority of the respected issuer, such as a government, university, or employer. Those Documents are supposed to be printed in sophisticated and tamper-proof ways, but unfortunately, there are multitudes of security weaknesses and the authenticity is difficult to determine. In the digital world, verifiable credentials have been developed and designed to provide the same functionality as their physical counterparts, but due to additional technologies, like distributed ledgers, they are more tamper-proof and trustworthy than their physical counterparts.

The Self-Sovereign Identity triangle of trust

The Issuer

The issuer may be a person or organization, such as a government, university, employer, or other entity that creates a verifiable credential and provides (i.e., issues) it to a holder.

The Holder

The holder is the owner of a Decentralized Identity and credential and has control over the way these elements are managed or issued. The Holder could be a person, an organization, or an IoT device.

The Verifier

A verifier is an entity that validates a credential and ensures that it is from a trusted issuer, has not been tampered with, and is valid.

Example based on a car-sharing use case

In our daily routine people want to move faster and more comfortably, which generally leads to a more expensive lifestyle. Sharing vehicles is one way to provide wide access to transportation services at a low cost. However, current car-sharing models and services are often fraught with strict contracts of use, long-term commitments, and hardware dependency due to the presence of physical car keys. A solution approach that includes Decentralized Identities could be a keyless mobility concept that can be applied to car sharing scenarios. A proposed model would remove all physical keys and passwords and replace them with Decentralized Identities and Verifiable Credentials to make the service more user-friendly, yet secure, for all stakeholders.

So how does this work?

The Holder, in this case the car-sharing customer, wants access to a car. Therefore, the mobility provider checks the customers identity and gives access permission to enter the car via a Verifiable Credential.

The car-sharing customer now walks up to the car he wants to use and requests access with the Verifiable Credential, which is stored directly on the customers smartphone. Afterwards, the smart car, which is our Verifier, verifies the given credential with permission, issuer, and signature on the Ledger. If the credential is valid, the door opens.

Benefits

This keyless method opens completely new car sharing business models and blurs the distinction between rental vehicles and private vehicles. In the described use case, decentralized identity will be the base elements with the needed flexibility, interoperability, and security. With our filancore Identity Gateway, we can make a variety of use cases like this possible by managing these SSI elements for secure access and authenticity checks of devices and services.