Digital Identification on the Blockchain with Microsoft's ION

This article describes the concept of digital identification on the blockchain and the working mechanism of Microsoft's ION.

Introduction

From time immemorial, identification has been an integral part of the human race signified by many things such as tribal marks, body piercings, etc. In short, all humans have an identity, but how we identify ourselves has continually changed over the years.

Humans identify themselves through identification cards, which is important to confirm our identity relating to people or organizations. For instance, anyone opening a bank account, checking into a hotel, traveling out of a country, or even applying for a driver's license needs a form of identification card that is personal to the owner.

The advent of technology has reshaped how humans can identify themselves, especially online (digital) identification. As the way to represent identity changed gradually from analog to digital (internet), many people lost the liberty to manage their identity credentials online. This has prompted the belief in some people that blockchain could be the answer to the identity problem created by the internet since it is purely decentralized.

The identification on a blockchain will limit the control of people's identity to their own hands instead of a third party. Hence, they have complete control over their data.

This article goes beyond identity on the blockchain to exploring in detail the Microsoft ION identity solution. It defines identity on the blockchain, discusses how ION works and the various architectures and system features that make it unique from other identity networks on the blockchain.

What is Digital Identification in Blockchain?

Digital identification in the blockchain uses blockchain principles to create an identity card and provide management in such a way that gives control to the owner rather than a third party. Since the first blockchain implementation in bitcoin, it has been useful in various applications, including identity, healthcare, supply chain, etc.

Thanks to Bitcoin, a decade ago, that aroused the curiosity of developers, cryptographers, and distributed systems engineers to solve the problems associated with centralized identity systems. Today, cryptographers and other distributed system players are deploying identity solutions on various blockchains, viz; Bitcoin's ION, Cardano's Atala Prism, Ethereum's Element, and so on.

The distributed system community, through groups like Internet Identity Workshop IIW, World Wide Web Consortium W3-C, Rebooting Web of Trust RWoT, are exploring the ideas and technical processes of the traditional identity system. Hence, proposing decentralized identities to achieve a fully distributed and decentralized identity. The purpose behind DID, a foundational technical component of decentralized digital identity, is to give ownership and control to individuals.

While many solutions are proffered, the common denominator is finding a scalable, user-owned unique identifier to a set of cryptographic keys and routing endpoints. So many solutions thus far are not focused on achieving a scalable and decentralized network that doesn't require utility tokens, consensus mechanisms, and trusted validator nodes.

In response to the above-stated issue, Microsoft proposed and launched Identity Overlay Network, also known as ION. Before exploring the solutions, architectures, and killer features of Microsoft's ION, it is crucial to discuss in-depth more about identity.

Why Digital Identification on Blockchain?

Digital identification on the blockchain could solve some of the problems associated with our present identification process. These problems are:

Data Theft: Currently, most of our identity credentials are stored on a centralized database which can easily be attacked. The database operates with a single point of failure, which makes it a target for attackers. It also contains many people's "Personal Identifiable Information" (PII), which is accessible to hackers sometimes because the database might be weak and outdated. The hackers who access this information can sell it to the dark web marketplace and commit fraudulent activities with the data. In the first half of 2021, data worth about 18.8 billion records were breached, costing billions of dollars.
Inaccessibility: Identity card is not accessible to many people globally especially those in the rural areas of third-world countries. The process associated with getting an identity card, such as registration and cost, is an obstacle that has prevented many from getting one. Without an identity card, these people can't access many things such as banking, applying for an international passport, and applying for certain jobs.
Improvement of Cryptography and Smartphone Upgrade: The sophistication of smartphones has made it easier to build a digital identity on the blockchain. The digital identity will be readily available to many people as smartphones are becoming readily available to them.

Education Verification: Identification on the blockchain will block the loopholes of presenting fake certificates because it will verify the certificate's authenticity wherever it is used.
Banking: There would be no need for login details at all times before anyone can bank. It will eradicate that and make banking more secure.

Businesses: It will prevent a company from paying huge fines due to data breaches on their centralized database.

Healthcare: It makes it easy for health workers to operate as they can easily confirm data swiftly between themselves, providing quality care to their patients.
Previous Digital Identity Models: The earlier models were not the best as they exposed too much information to third parties.

Models of Digital Identity Management

Centralized Federation Model: This is the first model of digital identity, which has a point of failure and is purely centralized. The sole identity provider (IdP) is the organization, which collects and assigns identity information to its users. So, each user always has a new digital identity for every new site or company they interact with, which results in a poor user experience.
Federation Model: The second model tries to solve the problems of the first model by allowing the digital identity of a large and trusted site that you registered on to be available for you to access an organization or website. An example of this model is Logging in with Google. The user can easily log in to a website by using their Google digital identification credentials. This model is still largely in use today.
User-Centric Model: This model requires a centralized device, where the information about a user is stored. In the user-centric model, a user needs a Personal Authentication Device (PAD) to store their credentials which can then be accessed through a PIN on the device. This model is used in our smartphones and similar gadgets.

The Self-Sovereign Identity (SSI) is the fourth digital identity model, based on blockchain technology. Since our focus is Self-Sovereign Identity, provided by the blockchain, we will dig deep and correlate it to Microsoft's solution.

What is Self-Sovereign Identity?

Before defining Self-Sovereign Identity, we should understand that the user-centric model cannot give autonomy, which users need. So, the SSI was introduced to provide sovereignty and put total control in the hands of users.

Self-Sovereign Identity (SSI) is a digital identity that people can store on their devices without relying on an external party. The concept of SSI is purely decentralized and gives the power to create and manage an individual's identity to the owner instead of a third party.

The Working Priciple of Digital Identity on the Blockchain

The digital identity in a blockchain is decentralized, and it operates based on the following components:

Decentralized Identifiers (DID): These are the identifiers that users create and control without any interference from centralized identity providers or authorities. DIDs are unique and global and could be used by companies, objects, or individuals.
Identity Management: This is a distributed ledger that gives everyone who is using the protocol, access to view the information about valid credentials. It also shows who endorsed the validity of the information without compromising the identity of the actual data.
Verifiable Credentials: These are statements made by an issuer to verify your identity without showing the actual data. For instance, a third party can confirm that you are a doctor without showing them your identity card or calling your issuer.
The issuer gives a user the verifiable credentials with their public DID attached. The blockchain also houses the DID for everyone to see. So, anyone who wants to verify the validity of a credential can do so by checking the DID on the blockchain and know the issuer. In essence, anyone can easily check the blockchain to know the organization that owns a specific public DID.

Advantages of Digital Identification in Blockchain

Blockchain identification has numerous advantages, which are elaborated on below.

Decentralized Public Key Infrastructure (DPKI): This is the powerhouse of blockchain identification. DPKI allows everyone to create cryptographic keys on the blockchain in an orderly fashion. These keys give access to others to confirm the data of an identity holder. The DPKI made all these possible because it creates a trusted medium that distributes the encryption keys and verifies the identity holders.
Decentralized Storage: Digital identification on the blockchain is safer and easily accessible when compared to ones stored on a centralized database. Identity storage on the blockchain limits identity theft, hence protecting an individual's private information. It also gives the user the privilege to use their data on multiple platforms and for different reasons.
Manageability and Control: A decentralized identification gives the users the sole control of their data, including security, and they can decide to do what pleases them. The scenario is not the same in a centralized identity system, where the identity's control and security are in the hands of the entity providing the identity.

What is ION?

The idea behind ION is to achieve a scalable, resilient, user-owned decentralized identity system where users do not need utility tokens, consensus, and trusted validated nodes. By implication, users own and operate their nodes. ION is a layer 2, public, permissionless, decentralized DID overlay network that runs atop the Bitcoin blockchain and leverages a deterministic DPKI protocol called Sidetree.

Before fully deploying ION in early March, Microsoft started exploring Sidetree between 2017 and 2018. During this period, they determined if it was worth investing in. Upon realization, the team worked in collaboration with SecureKey, Mattr, Consensys, Transmute, Gemini, Bitpay, Casa among others to codify Sidetree into a formal specification with the decentralized identity foundation.

ION Architecture

Microsoft's ION comprises a collection of microservices, including a Bitcoin Core, IPFS, and MongoDB (for local data persistence). Simply put, the majority of ION's code comprises Sidetree protocol. As a Sidetree based DID network, it combines Sidetree logic module; a chain-specific read/write adapter, a content-addressable storage protocol (e.g., IPFS), MongoDB, and an existing layer one protocol.

The content-addressable storage protocol like IPFS helps replicate data between nodes. The above combine to form the Sidetree protocol that enables the creation of layer 2 DID networks that run atop existing blockchains (layer 1) at thousands, or even tens of thousands, of PKI operations per second. The Sidetree requires no additional consensus like several other layer 2 solutions. It simply relies on a decentralized chronological ordering of operations provided by the underlying blockchain. Unlike monetary units and asset tokens, IDs are not intended to be exchanged and traded. To achieve greater scalability without relying on additional layer 2 consensus schemes, trusted validator lists, or special protocol tokens. Also, the Sidetree is designed to allow all nodes of the network to arrive at the same Decentralized Public Key Infrastructure (DPKI) state. This allows an identifier based solely on applying deterministic protocol rules to chronologically ordered batches of operations anchored on the blockchain, which ION nodes replicate and store via IPFS.

ION Working Mechanism

Source

ION leverages a single on-chain transaction, blockchain-agnostic Sidetree protocol to anchor tens of thousands of DID/DPKI operations on a Bitcoin chain. The ION node processes and encodes transactions with a hash used to fetch, store, and replicate the hash-associated DID operation batches via IPFS. Without requiring an additional consensus, the nodes process the hash associated DID operation batches following a DIF's set of deterministic rules, enabling them to independently arrive at the correct DPKI state for IDs in the system. The nodes are designed to fetch, process, and assemble DID states in parallel, and also, the aggregate capacity of nodes can run at tens of thousands of operations per second.

How to Run ION and Create DIDs

To run ION, you need to meet certain hardware and software requirements.

Hardware requirement;

i5 processor (2017+ models)
6GB of RAM
1TB of storage

Software requirement

Make sure you have running on your machine, Windows, or Linux operating system. Upon meeting the listed prerequisites, follow the below to run ION and create DIDs;

Generate a DID locally. To do that, use the command line here, for Linux users.
Run ION node via Docker
Install an ION node natively

Conclusion

Though digital identification in the blockchain is a field that is still new, it gives an assurance of more tight and user-centered control of one's data than centralized databases. It reduces the risk of getting people's information to hackers who use it for different nefarious activities. Microsoft proffered a scalable, resilient, user-owned identity management system that doesn't require utility tokens, trusted validator nodes, and additional consensus mechanism through ION, a layer two solution to decentralized identity.

ConsenSys Quorum Blockchain: A Comprehensive Review

Overview

The financial industry is considered the first to be disrupted Blockchain technology, and ConsenSys Quorum Blockchain seems to be the culprit. However, we need to understand that emerging technologies often experience slow adoption. The primary reason is that organizations seek to better understand the technology and how to use it better.

ConsenSys is a Blockchain software technology founded in 2014 by the co-founder of Ethereum Joseph Lubin. It develops decentralized applications and other infrastructure for the Ethereum Blockchain. Some of the applications created by ConsenSys include Metamask, uPort, Gnosis, etc.

J.P. Morgan developed the ConsenSys Quorum chain. It is one of the significant steps towards the common adoption of Blockchain by financial industries. In this post, we shall explore the ConsenSys Quorum Blockchain, its features, and use cases.

What Is ConsenSys Quorum Blockchain?

The ConsenSys Quorum chain is an enterprise-focused and permissioned Blockchain network specifically built for financial use cases. It is a fork of “GoQuorum,” a lightweight of geth designed to leverage the R&D inside the Ethereum community. “Geth” is a public Ethereum client. It has lots of protocol-level enhancements created to support business needs. The goal of this Blockchain is to create an enterprise Ethereum client that empowers businesses to adopt and leverage the benefits of Blockchain technology.

We can also see ConsenSys Quorum as Ethereum-based decentralized ledger technology. It offers a permissioned way to apply the Ethereum network to support the privacy of contracts. The ConsenSys Quorum chain like Ethereum but with minor differences. It differs from Ethereum in:

The management of its network and peer permissions.
Its better transaction and contract privacy
The voting-based consensus mechanism
It has a better performance than Ethereum

Read about Binance Ecosystem.

The Features Of ConsenSys Quorum Blockchain

1. Permissioned

The ConsenSys Quorum chain is designed to be permissioned. It means that all the networks using Quorum will not be open to all, unlike Ethereum. Therefore, permissioned Blockchain networks operate differently. There are completely different expectations of trust between approved nodes in the network compared to permissionless ones.

In other words, the ConsenSys Quorum Blockchain system is a consortium Blockchain. It is only implemented between participants that have been pre-approved by a designated authority. Although consortium Blockchain systems run in the same manner and with the same features and protocols of a normal Blockchain, it relies only on permitted nodes. The implication is that organizations can consider the feasibility of Blockchain technology without the possibility of failure.

2. Privacy

Financial institutions have always prioritized the confidentiality of records. This is one of the issues that regular Blockchain systems like Ethereum failed to resolve. When it comes to corporations and industries, the pseudonymous nature of the transaction can be easily undermined. Aside from its permissioned nature, the ConsenSys Quorum chain further improves privacy by integrating private and public on-chain transactions.

While the public transactions function like that of Ethereum, the private transactions are verified. However, the details of the private transactions are not disclosed. With the use of a system known as Constellation, ConsenSys Quorum is able to manage much of its secure message transfers. In simple terms, Constellation is a general-purpose mechanism that is not entirely Blockchain-related. The ConsenSys Quorum chain owes its superior speed to Constellation and the architecture it supports.

Aside from the privacy in transactions, it also offers privacy for smart contracts. Smart contracts are something banks and other financial institutions are wary of exposing due to security reasons. These smart contracts could contain sensitive information like investment strategies, transaction data, or internal information. In addition, ConsenSys Quorum has been partnering with Zcash to integrate the zero-knowledge security layer (ZSL) into the ConsenSys Quorum protocol. Both of them have released a proof-of-concept technical design document detailing the project.

3. The Consensus Mechanism

Its consensus mechanism is called the ConsenSys QuorumChain. It is initiated inside the genesis block. The ConsenSys QuorumChain is a simple, straightforward majority voting protocol. The fact that consortium chains are permission means there is no need to have an expensive PoW mechanism. However, ConsenSys QuorumChain offers different consensus mechanisms suitable for private Blockchain networks. These mechanisms include the following:

• RAFT-based Consensus

RAFT achieves consensus through an elected leader. The leader is saddled with the responsibility of executing log replication to the followers. In this form of consensus mechanism, the leader can decide on placing new entries and establishment of data flow to other servers without consulting those servers. The leader continues to lead until it fails or disconnects, and then a new leader is elected.

• The Istanbul BFT Consensus:

Since this is a Byzantine fault tolerance algorithm is based on the Practical Byzantine Fault-tolerant (PBFT) consensus algorithm, the PBFT supports immediate transaction finality and provides liveness and safety under the standard Byzantine fault threshold assumptions.

• The Clique Consensus

This is a Proof-of-Authority (PoA) consensus algorithm. It is readily available with “geth,” the Go Ethereum client.

The Use Cases Of ConsenSys Quorum Chain

There are many use cases of the ConsenSys Quorum Blockchain. It is used but not limited to healthcare, identity, payments, property, capital markets, etc. Here is a list of some of the projects and brief descriptions:

• Tokenized Cash

It is a distributed ledger developed by HIS Markit. The project helps you to keep track of all cash movements.

• The JPM Coin

This project is designed to promote the immediate settlement of transactions. The transactions are basically between clients of the financial institution’s wholesale payment business.

• The Marketplace For Loans

This is a decentralized marketplace where people come to seek access to loans. StreamSource develops the platform.

• Interbank Information Network (IIN)

The project allows its member banks to exchange information at the same time in order to verify payments.

ConsenSys Quorum Chain Tools And Development

The ConsenSys Quorum system has a lot of tools that help to improve both user and developer experience. These tools are mainly made up of network management, deploying and monitoring utilities, and others. The tools include ConsenSys Quorum support in truffle, Blockchain explorer for ConsenSys Quorum by Web3 labs, Cakeshop. Also, this Blockchain is available on cloud platforms like Azure and Kaleido. There is also the reporting tool that provides convenient APIs that help to generate reports concerning contracts deployed to a particular network. Some third-party tools like Splunk and Prometheus are also very useful in the deployment of the ConsenSys Quorum Blockchain network.

Conclusion

The ConsenSys Quorum Blockchain offers an enterprise-grade Blockchain network with high performance and privacy. Myriads of features made this chain an excellent choice for enterprise use cases. At the moment, ConsenSys Quorum appears to be a great idea and approach that can revolutionize the financial industry. The acquisition of Quorum by ConsenSys is great news to the enterprise Blockchain community. It also reinforces the impact of Blockchain in the financial industry.

Also read Stellar Payment Network: Detailed Explanation.