Prototype for Self-Sovereign Digital Identity

Empower people with identities that are tightly held within their smart phones and used to reliably prove who they are

Mission: Countless persons world-wide do not have practical means for proving who they are.  Our technology empowers users with digital identities they can use to reliably identify themselves when they meet in-person or online.  NexGenID’s “privacy by design” solution enables users to acquire attested “self-sovereign digital identities” from persons they know and trust, and can be used to secure their transactions.

Leverages Smart Phones: Our identity solution leverages smart phones which are becoming increasingly affordable and ubiquitous worldwide.  Their processing capabilities are considerably superior to smart card solutions, and they are equipped with friendly human interfaces, useful cameras, performant encryption mechanisms, and several wireless connectivity options.  Many also support local authentication using biometrics, and have trusted computing features.  This means that personally held smart phones are increasingly attractive platforms for protecting and deploying personally identifying and private information.  They represent a compelling alternative to server-centric identity schemes that promise to protect our private information, and sometimes even our biometric data, yet fail to prevent large-scale breaches and surveillance.

Self-Sovereign Digital Identity:  Rather than relying on service providers to safeguard our private data, self-sovereign digital identities are held within smart phones.  Digital identities are virtualized to look much like physical identities in our wallets, and they have encryption keys used to secure our private date.  We can specify a range of identities including digital photo IDs and electronic business cards.  When face-to-face, we can use the screen of our smart phone to identify ourselves and exchange our digital identities wirelessly.  And when accessing an online service, we can select a suitable digital identity to prove who we are.  We believe  that self-sovereign digital identities will be much more secure and easier to use than passwords.

Identity Engine:  A user starts by installing an “identity engine” (an intelligent agent app) on her smart phone.  The identity engine carries out the heavy lifting of managing her identities and private data.  It also protects her biometric data and private keys in a secure area within the smart phone, and most importantly, authenticates her by one or more factors to protect her smart phone and digital identities from loss and misuse.  Other work performed by her identity engine includes creating, updating, presenting, and verifying identities, integrating with email, messaging, teleconferencing and other collaborative applications, and attesting the digital identities of collaborators including family, friends and associates.

Collaboration: When one collaborates with another person or a web service, the owner’s identity engine presents a selected digital identity to prove who he/she is.  When receiving a digital identity, the identity engine verifies that it was presented by the originator rather than an impersonator.  Users can also use their identity engines to securely exchange digital identities, proof and attest them, and secure transactions.

Prototype and Video:  Our submission to Mission Billion proposes to construct an operational prototype that supports the usage scenario described in our video where an undocumented person, accompanied by an “introducer”, acquires a digital identity from a medical doctor, and visa from an immigration officer.

Our identity solution promises to significantly decrease the use of passwords to identify and authenticate people while elevate identity assurances.  It accomplishes this by leveraging intelligent agents and cryptography, and encapsulating authentication data.  Instead of using passwords, owners intuitively select one of their self-sovereign digital identities to prove who they are.  Identities are tightly controlled by their owners, and for ease-of-use, are virtualized to look much like physical identities.  Owners can freely exchange their digital identities without needing to worry that they might be counterfeits.  And they can use them to encrypt their transactions and attest each other’s identities.

Our solution enhances privacy by means of intelligent agents (“identity engines”) that deploy “self-sovereign digital identities”.  Our architectural design solves critical privacy problems.  For example, when the association between an owner and his or her private information is compromised, the private information may become publicly known or misappropriated by an identity thief.  Such risks of lost privacy can be significantly reduced by establishing and maintaining strong bindings between owners and their private data - whether the data is stored in their smart phones, directly transferred to another smart phone wirelessly, transferred over the Internet, or stored in remote repositories.  NexGenID solves privacy problems by installing trusted identity engines on the smart phones of owners enabling them to create and tightly control their digital identities.  Their identity engines are tamper-resistant, while their digital identities are resistant to counterfeiting due to their cryptographic properties.  Another privacy preserving aspect of the design is that each identity engine encapsulates the owner’s authentication data enabling it to verify that the rightful owner is in control.  They have been designed to mutually-verify that owners are indeed controlling their smart phones, attest owners’ digital identities, encrypt transactions end-to-end, and reliably delegate access to their private data.

An owner’s smart phone either has an identity engine pre-installed by the cellular network carrier, or downloaded by the owner from a certified “app” store.  When an owner meets another smart phone owner without an installed identity engine, the identity engine-enabled owner can provide a link either manually or wirelessly to the other owner who can use it to download and install a certified identity engine from the app store.  Web services can also be configured with identity engines to verify and attest digital identities presented to them by customers when enrolling their accounts and logging in.

Digital identities are rendered to mimic identities used in the physical world and virtualized to look like identities in your wallet.  Owners can easily populate them with text and selected images when creating and updating them, and intuitively select their digital identities by touching them on the screen of the smart phone.  An owner can intuitively select her identities stored in her wallet, and those of others in her rolodex of contacts.  She can inspect them, launch, and send them to collaborators who can proof them, attach an attestation with a digital seal, and return the attested digital identity. 

The identity engine of each smart phone operates between the Transport Layer and the Application Services Layer of the Internet protocol stack thereby effectively implementing the “identity layer”.  They interface directly with the owner using wireless options (Bluetooth, NFC, QR codes, etc.) so that owners can manage, present and verify their digital identities, and those of others.  Identity engines use the services of the Transport Layer to implement identity-related collaboration protocols and services used to reliably present and verify digital identities and secure transactions.  They also interface with email, messaging, teleconferencing and other collaborative services of the Application Services Layer.

Over time, smart phones will become as ubiquitous, affordable and easy-to-use in emerging nations as they are in the industrialized world.  Because our digital identities are virtualized to look much like physical identities, they are easy to select, manage, and use.  When people meet face-to-face, Internet connectivity is not needed.  They can use their smart phones to show their digital identities to prove who they are, and verify those that are presented to them.  Smart phone screens offer sufficient size and resolution for most applications.  They can be configured with large fonts, various character sets, and translation software. 

Over the first six months, we plan to update our commercialization plan to include our prototype supporting the usage scenario described in our 2-minute video.  Over the next 18 months we plan to secure partners and capital to deploy a focused product supporting face-to-face and email issuance of digital identities.  Over years three-to-five we would target sectors already implementing subscription services, such as a professional social network, to derive meaningful revenues.  We would aim to achieve a sustainable business by the end of this period, progressively expanding product-line capabilities and deriving revenues across the education, government, health, or financial sectors. 

We are not working with another organization at this time.  We are seeking partners and investors to bring our self-sovereign digital identity technology to market.

Kal Toth: Ph.D. from Carleton University, professional engineer, industry career includes Hughes Aircraft, Datalink Corp, CGI Group, late career professor of software engineering Portland State.

Alan Anderson-Priddy: Master of Software Engineering, Portland State University, software engineering and IT consulting, technology research, enterprise integration, prototype development.

Eric Hof: Corporate branding, marketing, fund raising, partnering including experience in legacy data center operations and customer management.

Curt Edmondson: Intellectual property, McGeorge School of Law, Electrical and Computer Engineering UCSB, engineering career with Lawrence Livermore Labs and Hughes Aircraft.

Fred Gillespie: Degrees in commerce, finance and marketing, strategy development for Herjavec, Amdahl, IBM ....

Our preliminary commercialization plan examines the competitive landscape, the markets that could be served, the business and revenue potential, and a feasible developmental roadmap.  Our plan derives revenues from existing subscription models.  Our plan calls for initially deploying digital identities by partnering with a professional social network.  Mission Billion would give us the opportunity to field trial our identities across a selected population of an emerging nation before considering larger markets.

Recently we began to research sources of grant funding.  The Mission Billion Challenge was the first opportunity we discovered that specifically addressed the problem NexGenID addresses, namely, to give individual persons digital identities that they control, and that they can use to identify themselves.  We anticipate that this grant would give us the opportunity to establish a field trial or pilot project, consistent with the example described in our video.  Winning this grant would help us overcome our next barrier to success.  

In the fall of 2018 we published our first conference paper and also had a related paper accepted by a major technical journal for publication in 2019. We have thereby begun to expose our identity technology to the public.  We believe that successful completion of our proposed prototype combined with credible publications and marketing collateral will enable us secure venture capital funding and partners.  A grant award from the Mission Billion Challenge will help us achieve the next step.