Taking Identity Management Seriously – Self Sovereign Identities

By Dawid Jacobs

Identity Management Specialist, on behalf of LexisNexis South Africa

Taking Identity Management Seriously – Self Sovereign Identities

As humans we have embraced the digital and electronic developments and changes of the last two decades with almost zero resistance. Trust has shifted away from where it was once necessary to meet people face to face to discuss critical issues, to where we use digital platforms on our computers and phones to do so.

Banking transactions, once only conducted within a brick-and-mortar environment, are now done easily from an electronic device linked to the internet, This explains why the financial inclusion of every person on earth has become a goal for every mobile bank and app developer. Creating fast and quick methods of access to mobile banks has driven start-ups and their developers to work feverishly to bring products to market, thereby gaining clients for their business and making money to satisfy their funders.

Know Your Customer (KYC) has formed part of these fintech developments, providing quick and easy solutions for institutions to use technology to authenticate the identity of their clients during transactions and comply with global regulations guarding against money laundering, terrorism funding and other identity related crimes.

Self-sovereign identities

As a counterpoint, these developments have given rise to a digital movement which recognises that individuals should be able to both own and control their digital identities in the same way –  and with the same freedom and capacity for trust – as they do in the real world. This is referred to as a Self-Sovereign Identity (SSI).

Suddenly a multitude of SSI management platforms have emerged which control the creation of digital identities for individuals. These ’identity authentication solutions’ allow individuals to self-register and to manage their identities as a self-sovereign identity on their platforms, by using the ‘selfie’ option especially. The platforms gather personally identifiable information (PII) from a multitude of ‘trusted sources’ to prove that the identity of the digital identity or SSI, is that of someone. Someone … but who?

The most important and critical part of identity management is the enrolment/registration part of the process. This is where the real-world human being must be linked to the cyber world digital identity with forensic proof.

The problem of digital proof

Throwing technology together with biometrics, liveness detection and every type of algorithm into an ‘identity authentication solution’ is not the answer to proving a human being exists, if you leave the essence of an identity behind. This is because an identity is the proof of the existence of a single human being.

Every person is first a human being before they can become a digital identity.

Every individual human being has only one human identity they can lay claim to.This identity is proof that a person actually does exist in the real world. As progress accelerates towards providing every individual with a digital identity which they manage using their self-sovereign identity, so the necessity of linking each human to a single digital identity and single self-sovereign identity becomes critically important.

The threat of fraudulent and especially synthetic identities (SI) is real for every institution. If the importance of linking a human being to a single digital entity or single self-sovereign identity is not recognised now, an avalanche of crimes relating to identity theft, fraud and especially synthetic identities, will continue in the future.

Proving a human identity exists before proving it corresponds with a digital identity

The only way to link a human being to an identity, either in the real-world or as a digital identity in the cyber world, is by enrolling/registering/capturing the human’s fingerprints with forensic protocol into a referenceable system.

An Identity can be proven using various methods, but the decisive proof is to link a human being’s specific body attributes (fingerprints) to an identity as evidence. It is the fact of being who or what a person or thing is.

The term ‘Identity’ further refers to properties based on the

• uniqueness and
• individuality

which make a person distinct from others.

Human beings cannot exist without an identity, no two humans - not even identical twins - are genetically identical. A human being is also born with physical identifiable markings, which are only relevant to that one unique human body.

(Fingerprints and DNA are currently the only human attributes accepted as forensic evidence in a court of law.)

An individual must be able to attest that the identity they claim in the real world or cyber world belongs to them and if refuted, must be able to reference such claim to a proof of existence. The only way to prove such a claim, is to present evidence of an established and non-compromised link between the claimed identity (real world or cyber world) and a corresponding single existing human body (real-world).

It is critical to recognise that a claimed identity in the real world can only belong to a single existing human being and that there must always be evidence to attest to such a claim. If there is no clear evidence, the claim cannot be proven.

An identity is therefore proof of existing evidence of a single existing real-world human being.