Hedera Hashgraph Decentralized Identity- Bye Bye Fraud and Mundane ProcessesEver since the inception of stationary, it has been put to good use by the visionaries, however, mal...
Ever since the inception of stationary, it has been put to good use by the visionaries, however, malicious practitioners always tend to find a way to forge a replica while unflinchingly putting the patience to test of the stakeholders involved in the multi-billion dollar industry, i.e., Identity Management Systems.
- A billion people without any identity
- Bureaucratic failure
- Mounting losses
- Long queues for the basic rights
What if all that can get prevented by distributed ledger technology, decentralized identifiers, a bunch of cryptographic algorithms, and a few million dollars?
That’s true. It can get done. And what’s better than the public-permissioned Hedera Hashgraph running on the most secure Asynchronous Byzantine Fault Tolerant (ABFT) algorithm, which is mathematically the best in Distributed Ledger Technology (DLT).
Hedera network is extremely fast, scalable, incurs a low cost, and offers a great interoperability scope while storing fungible & non-fungible tokens along with sensitive files in a transparent, data compliant, robust, and smart system that boasts of a private ledger with the public trust.
From gaming to healthcare, from education to real estate, from governments to small-scale entrepreneurs, Hedera is already making some serious heads turn at the global stage while following Proof of Stake technology among its 39 governing council members hosting Hedera Mainnet nodes. The native cryptocurrency is HBar, which is worth roughly 18 cents when writing this blog.
Coming to SSI, Hedera’s objective is outlined as bringing credibility to credentials using decentralized identifiers while making the process of creating, issuing, and revoking credentials, fairly simple.
Also, the lifecycle and logs related to a credential get recorded in an immutable fashion, which is imperative for legal and administrative purposes while mitigating any looming crisis.
In case of any fraudulent access from inside or the outside, the credential can get revoked with finality in a split second, which is almost superficial when compared to tortoise speed of Bitcoin blockchain, i.e., 7 transactions per second (TPS), and Ethereum’s 15 TPS, whereas in Hedera, it is 10-100K TPS with fees well below a dollar.
An important fact to mention here is that Hedera’s DID framework got built as per the W3C standards; hence, the process of digital credential management becomes straightforward without friction, and thus the issuance, revocation, and verification could get done in a few moments.
Subsequently, the credentials and Hedera network can get used to club sections of individuals as per their skill set to assign roles, responsibilities, and power.
The ID wallet type can be non-custodial or custodial depending upon the business requirements; however, experts recommendation is to use a non-custodial wallet as a custodial wallet holds the keys of all the users and is vulnerable to hacks or data thefts — whereas, in non-custodial wallets, keys get distributed amongst the users, thus, hackers will have a hard time carrying out the attack.
The revoking right for credentials stays unaffected by the wallet type and always rests with the issuing authority.
With SSI over Hedera, users have the control of what to share and who all can see their data, and verifiers can stay assured that the credential is authentic, validated by the hash of the original document stored over the Hedera network and the attestation provided by the issuing authority attached as a signature or stamp or both.
All the documents shared across have public-private key pairs associated with them to ensure that only intended receivers can view them.
SSI can bolster efforts in multiple industries such as -
Verify credentials of a new joiner and issue documents to the patient and staff wallets
Easily manage data and give/revoke authorization accesses
With Hedera, no centralized control on your game winnings or in-app purchases; the power lies with the user as it should be.
Perhaps the most evident use case of SSI, giving students privilege to access and share credentials on the go and universities appropriate rights to award or revoke them
As per the Hedera website, their open DID specifications & Consensus Services provide developers necessary tools to handle credentials through their entire lifecycle in a standard, secure and privacy-respecting fashion.
Apart from that, we have already seen that Hedera is super-fast with low latency and guaranteed finality within seconds. It also follows the best security algorithm and keeps the logs of key events in a credential’s lifecycle.
Embed KYC into the platform, share data with the authorities, freeze assets, and a lot more; Hedera is clamping down hard on the shady areas in crypto & DLT, one fraudster at a time.
Enterprise chain without centralized control is what Hedera offers. E.g., its use-case in the supply chain system is quite astonishing (product provenance, track & trace, timestamping, fair transactions ordering, etc.).
Also, interoperability with Hedera and other CRM, ERP, and other software is remarkably simple, and migration is even more so. Hedera can get connected to Hyperledger Fabric or R3 Corda.
- The data has verifiable timestamps
- The data is tamper-proof
- The transactions reach finality within moments, so one can rest assured that all are looking at the same data.
- Auditable and legal complaint network
Scaling Decentralized Identity
Both interacting actors can verify each other’s decentralized identifier (DID) over the DLT by retrieving the identity metadata for validation.
Most of these metadata have been previously written or are almost identical to another; hence they take less time to be read, e.g., University credentials, whereas when it comes to the Internet of Things (IoT), the data is enormous as each associated device may have separate DIDs and a significant logs/events history.
The identity lookups can get done by sending a query to the DLT node, which allows many subsequent reads without a significant load on the system if the identity has been written to the DLT, ensuring great throughput. E.g., A University issuing a credential on the DLT node which the student can share with multiple HRs.
These simple transactions can easily get handled by any blockchain framework, however, when IoT and huge data chunks along with frequent read/write mechanisms are involved, like in the case of IoT wherein it happens a lot, other DLTs won’t be able to efficiently support such transaction volumes as the data gets stored on the DLT itself, putting a significant load on the system architecture.
On the contrary, the Hedera Consensus Services (HCS) works on a model wherein identity metadata, e.g., Public keys, credential hashes, DID Documents, etc., are not stored on the Hedera mainnet nodes. Instead, they flow through the Hedera network to the connected computers on a business network, which helps prevent bottlenecks in the Hedera network as network nodes are not writing to the disks, courtesy of HCS.
Hence, Hedera network nodes focus only on the timestamping and the ordering of the transactions and assisting in the process of storing and updating the identity metadata on business network nodes. With this, Hedera network nodes can process transactions in the range of 10-100K TPS, while the business network nodes — without having to contribute to HCS can safely store, delete and update the data as per the commands.
Decentralized identifiers (DID) and the associated DID documents get managed using HCS messages. The participants over the Hedera network create, delete and update the DID documents based on the HCS messages submitted to that topic. These messages and the corresponding DID documents they carry are then timestamped and ordered by the network before they flow out of the network aided by mirror network (nodes) and into the business nodes of a partner network. The Relaying Parties (RPs) utilize the business network to resolve identifiers into associated DID documents.
In case of revocation, whenever a credential is revoked by the issuing authority, the query to read the same will fail, as the hash of the document that was previously stored on the business network would have been deleted by now.
Java DID SDK
Hedera has created an open-source Java DID SDK, which abstracts away the CRUD operations (Create, Read, Update, and Delete) and aids with integrating the messaging patterns mentioned above for DIDs and verifiable credentials using HCS into your app or framework.
The DID SDK serves as an extension to the existing HCS features offered by the Hedera Java SDK while adding the functionalities to record the issuance of a verifiable credential, revocation of a verifiable credential, etc.
HCS Components (Terminology)
- Client (Hedera) – It sends the transactions to a Hedera network node for consensus. The types of transactions may include creating, updating, accessing, or deleting a topic and submitting messages.
- Hedera network node – It receives transactions from the client and submits them to the Hedera network for consensus.
- Mirror node client – It subscribes to a topic to receive messages from a mirror node in the consensus order.
- Mirror node – It receives information from network consensus nodes but does not act as a participant in the consensus itself.
- Topic – It is the information’s subject that an entity would send messages to, and the clients will subscribe to
- Message – it is the content that gets published on the network of Hedera to that specific topic present in the consensus order.
- Subscriber – It is a client who desires to subscribe to a specific topic to be able to receive inherent messages
- Publisher – A publisher can publish messages onto the specific topic
- Generate a topic after having submitted the transaction from the Hedera client to the network node
- Mirror node client then subscribes to that topic from the mirror node
- Publish that message to the topic by submitting the transaction for consensus from the Hedera client to the Hedera network node
- The mirror node client then receives the message from the mirror node that got published to that topic.
The API used for consensus is the Hedera Consensus Service API, which does verifiable timestamping and ordering of the events for an app or the permissioned blockchain framework.
The major reason why permissioned blockchains and DLTs such as Hyperledger Fabric or R3 Corda are unable to deliver the expected results when it comes to enterprise blockchain is that most of the parts are siloed (isolated) with complex centralized architecture for transactions ordering, hence despite being low in cost, privacy-respecting, and flexible in a larger sense, they still lack the layer of public trust that is pivotal to web 3.0.
HCS, on the other hand, works like a consolidated trust layer for any app or permissioned network that allows for the propagation and generation of verifiable and immutable logs of messages. These messages receive a trusted timestamp & fair ordering once they get submitted to the Hedera network for consensus. Hence an equitable inter-mix of permissioned DLTs and Hedera is always considered fulfilling in every sense.
HCS has many applications in the real world scenario, such as – track and trace assets in the supply chain, generate auditable logs of crucial events in the advertising landscape, decentralized ordering services, etc.
It is also worth noting that apart from being able to perform many transactions within seconds with guaranteed finality, a single HCS message currently costs only $0.0001 whether used standalone or in combination with a permissioned blockchain. With Hedera, the entities only pay for what they submit minus the extras.
Hedera network has caused a ripple effect in the market, and almost every third of all the Non-fungible tokens (NFTs), Decentralized Finance(DEFI), and Decentralized Apps (DAPPS) projects are thinking of relying upon Hedera instead of other DLTs, as it is fast, secure, public and also offers an extra layer of security via encryption-decryption method for particularly sensitive messages.
The best part is public can view the digital media using the Hedera network and be assured that it is genuine in every sense.
We can understand if it’s a lot to take in at once, which is why we have expert Hedera Hashgraph consultants on the panel — who will help you understand, develop, and deploy not just SSI but any project on the Hedera network, given that it is feasible.