When creating our architecture for self-sovereign digital identity we analyzed the shortcomings of existing technologies, the capabilities of personal devices, the benefits of decentralizing identity, and the principles of privacy by design.

Our architecture deploys identity agents installed on personal devices that encapsulate, manage, control and protect the digital identities of their owners. Because they tightly bind digital identities to their owners they are called “self-sovereign” (see system concept and videos).

Each digital identity has a “sovereign image” that is solely controlled its owner. An owner’s identity agent presents the public copy of a selected identity to prove who she is. Other parties cannot use public copies to impersonate the owner.

Identity agents also leverage their owners’ digital identities to protect their private data and transactions, reliably delegate consent, securely exchange identities, and register identities to enable verification by others.

Furthermore, owners can use their agents to elevate identity assurances by using “digital seals” to affix attestations to the digital identities of other owners. Such attestations cannot be repudiated. Relying parties are assured that digital identities reliably characterize the person they purport to represent which reduces impersonation risk.

See publications and patents for technical details.