密码学、信息安全与区块链

Blockchian for Identity Management

自主身份 Self-Sovereign Identity solutions 的必要技术：

Blockchain，cryptography and zero-knowledge proofs
Verifiable Credentials
Decentralized Identifiers

::What is blockchain？::

Distributed Ledger Technology (DLT, 分布式账本技术), commonly simply called “Blockchain Technology”, refers to the technology behind decentralised databases【分布式数据库】 providing control over the evolution of data between entities through a peer-to-peer network, using consensus algorithms【共识算法】 that ensure replication across the nodes of the network.

不可篡改的性质
solve the double-spend problem of digital currency
considered a system with high Byzantine Fault tolerance

了解区块链的基本（第一部分）：拜占庭容错(Byzantine Fault Tolerance) - SegmentFault 思否

了解区块链的基本（第二部分）：工作量证明(PoW)和股权证明(PoS) - SegmentFault 思否

Permissioned Blockchain

Home - Sovrin

::What is Identity Management?::

Also known as “identity and access management”, or IAM, identity management comprises all the processes and technologies within an organisation that are used to identify, authenticate and authorize someone to access services or systems in that said organisation or other associated ones.

Identities need to be portable and verifiable everywhere, any time, and digitization can enable that.
Identities also need to be private and secure.

::Decentralized Identifiers (DIDs)::

Decentralized Identifiers are globally, unique and persistent（永久） identifiers.

They are entirely controlled by the identity owner 个人拥有数据

DID 独立于中央注册机构、权威机构或身份提供者。

Decentralized Identifiers (DIDs): A Beginners Guide!

A new spec is coming up in W3C:

Decentralized Identifiers (DIDs) v1.0

::Verifiable Credential 可验证凭证::

Verifiable Credentials: The Ultimate Beginners Guide!

The Blockchain acts as a verifiable data registry 可验证的注册数据表

A “phonebook” that anyone can consult to verify what organisation a specific Public DID belongs to.

::In identity management::, a distributed ledger (a “blockchain”) enables everyone in the network to have the same source of truth （大家都拿到的相同的真实数据来源）about which credentials are valid and who attested to the validity of the data inside the credential（自证明身份的有效性）, without revealing the actual data.（无需透漏实际的数据）。

主要角色 🎭：

identity owners ：🆔 身份所有者
- The identity owner can store those credentials in their personal identity wallet
- use them later to prove statements about his or her identity to a third party (the verifier).
identity issuer：身份颁发者
- can issue personal credentials for an identity owner (the user).
- the identity issuer attests to the validity of the personal data in that credential
identity verifiers：身份验证者

A Credential is a set of multiple identity attributes and an identity attribute is a piece of information about an identity (a name, an age, a date of birth).

凭证的有用性和可靠性完全取决于发行人的声誉/可信度。

Revocation means deleting or updating a credential.

How Identity Revocation on the blockchain works - Tykn

::Privacy and Security::

do not need to check the validity of the actual data, but can rather use the blockchain to check the validity of the attestation and attesting party

For example, when an identity owner presents a proof of their date-of-birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.

No personal data should ever be put on a blockchain.

What exactly goes on the Blockchain?

Only references and the associated attestation of a user’s verified credential are put on the ledger.
Public Decentralised Identifiers (Public DIDs) and associated DID Descriptor Objects (DDOs) with verification keys and endpoints.
Schemas: The formal description for the structure of a credential.
Credential definitions: The different (often tangible) proofs of identity or qualification issued by authorities
Revocation registries. 登记撤销
Proofs of consent for data sharing. 数据分享同意文件

Cryptography & Zero-Knowledge Proof

authentication: prove something about our identity – either our name, address or passport number.

A Zero-Knowledge Proof is a method of authentication that, through the use of cryptography

This is especially useful when and where the prover entity does not trust the verifying entity but still has to prove to them that he knows a specific information.

🔧 工具：身份钱包应用和开放 API

Tykn’s APIs and Mobile SDK let you quickly integrate decentralized identity tech into your app or web-based user journeys. The Issuer & Verifier Web Portal and Mobile Wallet App you see in this demo are “off-the-shelf” components you can whitelabel if you prefer a no-integration approach.

The Mobile Wallet Demo - Tykn

Decentralized Identity Product Suite