The IDIN platform is a Self Sovereign Identity (SSI) platform built upon a Decentralized Public Key Infrastructure (DPKI) that consists of the following main components:
- IDIN Blockchain — a decentralized ledger for immutably storing the records of Decentralized Identifiers (DIDs), Verifiable Credentials (VCs) and public keys.
- IDIN e-ID wallet — a digital wallet for securely storing VCs and managing private keys.
- IDIN SDK — a software development kit (SDK) for submitting transactions to the IDIN blockchain and exchanging valid VCs.
The IDIN blockchain is built with Tendermint that performs the Byzantine Fault Tolerant (BFT) consensus protocol. Tendermint is a software for securely and consistently replicating a deterministic state machine to multiple distributed nodes. Tendermint works even if up to 1/3 of all nodes fail in arbitrary ways, including failures from malicious behaviors. This means it requires at least 4 nodes for a reliable usage.
The IDIN blockchain immutably records all valid transactions—initiated by IDIN e-ID wallets—that involve DIDs, VCs and public keys. It is important to note that only Credential IDs (CIDs) of VCs are recorded in the blockchain. The VCs themselves could contain sensitive personal information and are securely stored in IDIN e-ID wallets.
A IDIN e-ID wallet securely stores VCs and provides an access to private keys that are kept in secure storages such as an iOS secure enclave or an Android keystore, depending on its user's operating system. The wallet is also protected and only becomes accessible with valid biometric authentication. The IDIN SDK is installed inside all e-ID wallets and provides an interface to the IDIN blockchain.
The IDIN software development kit (SDK) provides APIs to the IDIN blockchain. It has the following functionalities:
- 1.Submitting transactions to the IDIN blockchain. The types of valid transactions include (see IDIN Key Management for more details):
- DID registration.
- DID reset.
- Key series addition.
- Key series revocation.
- VC registration.
- VC revocation.
- Resetter registration.
- Resetter revocation.
- Resetter approval.
- 2.Exchanging VCs between different e-ID wallets. This include:
- Requesting for a VC.
- Generating a Verifiable Presentation (VP) from a VC.
- Presenting a VP.
- Verifying a VP with the IDIN blockchain.
- 3.Performing cryptographic protocols, including:
- Generating a digital signature from a private key.
- Generating a zero-knowledge proof.
- Performing selective disclosure.
In the IDIN platform, issuance and verification of a VC involve three parties, namely:
- Holder — a credential holder.
- Issuer — a trusted organization that issues a VC to Holder.
- Verifier — a service provider that trusts Issuer and provides a service to Holder.
An example journey is outlined as follows:
- 1.Issuer registers their public key to the IDIN Blockchain.
- 2.Holder requests for a VC from Issuer.
- Issuer generates and sign the VC with Issuer's private key.
- Issuer registers the VC on the IDIN Blockchain.
- Issuer sends the VC to Holder's IDIN e-ID wallet.
- 3.Holder registers their public key to the IDIN Blockchain.
- 4.Holder presents the VC to Verifier (online or offline).
- Holder generates a VP from the VC and then signs it with Holder's private key.
- Holder sends the VP to Verifier.
- 5.Verifier verifies the presented VP with the IDIN platform.
- Verifier verifies Issuer's digital signature to check that the VC is valid and has not been tampered.
- Verifier verifies Holder's digital signature to check that Holder is really the valid holder of the VC.
After a successful presentation, Verifier is certain that Holder really possesses a valid credential from Issuer. Verifier then trusts Holder for a business transaction.