How Biometrics Could Be the Key to Decentralized Identity
Polkadot founder Gavin Wood envisioned that Web 3.0 would transform the Internet into a decentralized privacy preserving network through P2P smart contracts. Although different people define Web 3.0 differently, Web 3.0 and its privacy security are the characteristics of private rights that everyone agrees on.
Biometrics + decentralized identity solutions would be the best solution for the current tech invasion of user privacy and internet monopoly. However, we haven’t seen a real breakthrough identity solution yet. Password-free authentication tools including hardware devices or one-time password generators, biometric authentication technologies are expected to flourish in the following huge growth wave of this bull market.
Consumer liberalism continues to fuel the DID boom
In any case, increasing regulatory policies and centralization initiatives will be the main drivers of change in the KYC/AML industry. Large centralized databases are commonly used as the basis for KYC/AML and national databases for digital identity cards. And government-backed digital currencies are likely to further sacrifice citizens’ privacy rights, a clear departure from mainstream consumer liberalism values.
2022 will be the year that truly changes the identity power game. DID can be the only bridge between the user and the sovereign platform. Thanks to immutability and hash encryption, decentralized identity (DID) gives control of personal information back to the user. Users can create unique numeric identifiers and hold unique keys for themselves through a trusted system.
These identifiers can be verified by means of encryption such as digital signatures. In this way, both users and Internet service providers can benefit from a more trusted and secure solution for the use and management of personal information enabled by blockchain. Users will actually own their personal data and decide how to use it. The government can no longer steal your information through centralized servers or databases. Maybe the trace on the chain will give you clues, but you can quickly choose a new identity.
New identity in the Web3.0 era
On Web 1.0, a user creates a numeric identity using a combination of a username and password. On Web 2.0, users can still create accounts with a username and password, but they can choose other ways to log in, often asking for their real name, phone number, E-mail address, or identification. The problem is that doing so could compromise users’ data security.
Users have no control over how their personal data is used, and Internet service providers can profit from it. Not only are people being given free access to their personal data by big tech companies and governments, but when tech companies use that data for targeted push ads, those AD dollars simply don’t go back to users.
Thus, although DID can serve as a bridge between users and Internet service providers, we need to find ways to create digital identities that are both secure and efficient, and achieving this goal requires technological innovation in biometrics.
Why is biometrics the way to go?
In essence, DID is a string of address identifiers directly owned and controlled by the user. Each identifier has a corresponding DID file that can be used to verify login names, encrypt messages, and so on. With a cryptographic proof, such as a digital signature, the user can prove ownership of these identifiers. Individuals or entities may also approve these identifiers for use by others through encrypted proof methods, such as digital signatures.
The structure of DID is shown in the figure below:
In sum, DID marks the beginning of the end for traditional centralized Internet service providers and will return absolute control over their digital identities to users. Meanwhile, the blockchain only needs to verify the user’s identity without asking them to provide any additional personal information. This option increases the level of privacy. With the widespread adoption of DID, barriers between different DID solutions will be broken down and people will not be isolated in separate ecosystems.
Biometrics and DID go hand in hand all the time. This solution allows the protocol to collect the user’s biometric data and match it with the data in the shared verifiable credentials. For example, a photo of a passport holder, taken from a verifiable certificate by his digital passport could be matched with a live photo of the person taken on site by a biometric service. Most importantly, data must be transferred to a decentralized cloud service or storage solution for processing.
DID Process of biometric identification
When users first access such services, they are asked to share verifiable credentials that support biometric matching. The service will require users to agree to biometric registration and matching. If they agree, they will be redirected to the biometric matching service. The biometric service will also take data from the user’s biometric capture for validation to see if they match.
If they match, it creates verifiable credentials using the user’s biometric profile and sends them back to the user for decentralized storage. Subsequent biometric matching simply compares real-time biometric capture with biometric profiles in verifiable credentials and can be used multiple times with many different services. Therefore, biometric identification has great compatibility.
In addition, the development of AI (artificial intelligence) has also greatly improved the accuracy of biometric identification by quantum neural network and other technologies. We can even expect biometric accuracy to rise to the cellular and molecular level. At the same time, based on the combination of various technologies, such as mathematics, information security, network security, biometrics, in vivo detection, zero-knowledge proof (ZKP) technology, data from biometrics can be encrypted.
The highly encrypted data is used only to see if the user is registered and, if so, to grant them access to the various services to which the user is bound. A user’s body essentially becomes their own password, and unless someone can hijack the user’s brain or body, it’s hard for a third party to “be you.”
The challenges of biometrics
First, decentralization, security and efficiency are mutually exclusive and cannot be had at the same time. Whether it’s blockchain, DID or Web 3.0, a lot of innovation and breakthroughs still need to happen before we can make blockchain efficient enough to meet the needs of users. On the other hand, although DID is all about connecting real world people to their virtual world identities and guaranteeing anonymity in doing so, our current DeFi solution still fails to connect addresses to real world users.
As a result, many of the economic activities that are now commonplace in the real world are almost impossible to take place in the virtual world. The classic example is unsecured lending. Biometrics naturally have such advantages. The success of decentralized identity will depend on widespread adoption and how quickly it builds a mature global ecosystem.
Biometric systems provide equality of each individual node by deriving only one node from a biometric identity and mitigate any power disproportion due to individual reward equality. Biometrics are therefore a catalyst for pervasive decentralized identity that can be used while preserving security and privacy.
