What was once understood as the hangout spot for geeks, the internet has now become the platform for everyone. With the advent of smartphones, it is safe to assume that we are now interconnected with people and data constantly throughout our days. Everyone relies on this minute piece of technology in every facet of their lives, such as finding the best hotspots in the area, live streaming important events, or even hailing rides from Uber. As more streams of data pile onto the internet, managing data are becoming a pressing issue, especially with regards to data security.

Digital identity is simply a digital medium, (proofs) derived from various data attributes for the purpose of attestation and authentication. Authentication has evolved into three methods over the years: password, hardware tokens (OTP), and biometric scanning. Although the evolution of such technology has enabled for more security from a person to device standpoint, risks for managing and transacting with such data are still prevalent in the internet.

Against the backdrop of the information age, data management are becoming essential. The number of applications and businesses entering into the online space are rising faster than ever before. Since most online businesses cannot handle every process of their operation wholly on their own, most inter-operate through a standardized interface called API. It allows two computer applications of different entities to communicate with the other, in order to execute a task or retrieve real-time data. Among many use cases, one of the most widely used API is Single Sign On, a federated identity system whereby users gain access to multiple service providers.

A federated identity model has definitely raised the bar in raising the quality of security in the online space. Unlike siloed database, it removes the burden of service providers by relying on identity providers to validate users. This shortens the registration quickly, without going through tedious rounds of KYC registration every time they want access to new services.

While the consequence of federated identity streamlined adoption process by improving user experience, it still has yet to find ways to solve the identity issue. That is because third-party identity providers (e.g. Google, Facebook, Naver) that service providers trust by default, still retrieve data from a centralized database for attestation. This method of verification can still lead to privacy issues (such as stealing or selling your data without consent), but more importantly, leave people disempowered.

One solution to this is self-sovereign identity, where users keep control of their attributes and provide blockchain signature or zero-knowledge proofs for authentication. This is quite a unique process unlike any other verification method, since issuers, registrars, and merchants are no longer the gatekeepers of people’s identity. In order to maintain both security and privacy in the openness of the internet space, I believe more leverage should be given to an individual.

SymVerse’s SymID

SymVerse is a platform which provides an open, self-sovereign digital identity, called SymID. Once created, a unique ID is created in form of public key hash in which multiple accounts can be created under it, allowing for various services to be used.

Every SymVerse user that creates SymIDs is notarized by server nodes called Citizen Alliance network. CA network is a group of servers with a data mirroring feature, responsible for issuing and authenticating IDs as well as facilitating KYC (Know Your Customer) and AML (AntiMoney Laundering). Under these IDs, it will allow users to access and use various services without having to go through redundant registration process.

Before creating SymID, one needs to create a public and private key in the wallet first, and then apply for an account with the CA server to record the ID, country, role, and public key in the Citizen block. Where the hash of Bitcoin’s public key is 20 bytes in size, we were able to reduce this by half.

The ‘public key’ hash is used to validate the signature of the user. The ‘country’ is used to distinguish transactions between countries. The ‘role’ is used to distinguish node characteristics such as industrial functions which is used for identifying the user group of dApp. Such attributes are recorded to further heighten the security and flexibility of incoming and outgoing data.

Once SymID is created, it becomes immutable and all of the accounts’ history is recorded in Citizen block. One of the major impediments to blockchain is key management. SymID has recovery options are available when users are met with theft or leakage of their private keys, by remotely locking or creating new accounts to redirect the amount to a new balance.

