Password-less Authentication using Decentralized Identity Management
Updated: May 23
Introduction of regulations such as General Data Protection Regulation (GDPR) has enhanced the focus on data protection and privacy for the citizens. Individuals might have multiple digital identities for social and business engagements that they are involved with. Each of these identities require login credentials to get connected and individuals need to remember these credentials. Thus, it is a big hassle when they are not used often. Quite often it results in poor password management policies making these identities a soft spot for hackers.
Block chain based Decentralized Identity Management solution helps resolve this issue by building an additional security layer to the existing login processes that enables Password-less authentication. This is achieved by using DID based authentication services. This service utilizes DID based proofs to permit authentication and grant access to the respective system/application.
Triads in DID-based authentication services:
Triads refer to the roles permissible for an entity. They are -
Issuer: Organization which is authorized and accepted within the network to process claim request from Prover to issue proofs
Prover: An individual who establishes ownership of his digital identity by raising requisite claims
Verifier: A Business Organization which verifies the proofs shared by the Prover and confirms their authenticity
Proofs: The Proofs will be in the form of DID document. Individuals can secure the Proofs from the enterprises whose application is to be accessed. These proofs will be saved in the individual’s Wallet App on their mobile device.
DID based Authentication Services: The service will enable the transfer of proof from the individual to the enterprise. Post verification of the Proof, the user will be authenticated and can proceed to access the application / system. The service would employ a series of ZKP on the Verifier to verify the Proofs.
Security: The proofs will have expiry dates and post expiry, a new one needs to be secured from the enterprise for authentication purpose. Individuals will have different proofs for each of the applications they are trying to access.
Conceptual view is depicted below:
RTA (Issuer) – responsible to issue Identity Proof to Bob once he raises a claim with his Driving License details.
Bob (prover) – will hold the proofs shared by RTA and will share it with Bank XYZ to secure authentication to their web application
Bank XYZ (verifier) – will verify the proofs shared by the holder and verify the identity of Bob, then issue Proof to Bob to access its application.
Benefits from using DID-based authentication services:
Individuals need not worry about password management and necessity to create passwords for each online interaction.
More secure form of authentication as the Proofs are encrypted using the public key of the individual and can only be decrypted using the same.
This key information is only shared between two participants in a network when they establish a connection between themselves for communication.
It can be combined with other authentication methods for high risk-based application services by offering additional security.
Privacy of the individual is maintained by only saving the DID information of the Proof onto the Blockchain ledger
Password-less authentication enhances user experience
Conclusion: Password-less Authentication capability offered by Blockchain based Decentralized Identity management solution will help enhance security around authentication while confirming the identity of the individual who is attempting to authenticate. Apart from enhancing user experience, this solution also enables enterprises to comply to privacy regulations (like GDPR) more effectively.