Updated 12-06-2025
Q1. What are the key features of the architecture?
Identity agents deploy digital identities that are verifiably controlled by the owner (are “self-sovereign”). Digital identities are intuitive (easy to use) with embedded cryptographic keys enabling users and providers to mutually identity, mutually authenticate, and secure messages, transactions and private data. Identity agents deploy digital identities that reveal just enough identifying information to meet designated purposes; enable identity-proofing; and can digitally seal identities, documents and consent tokens. Identity agents help owners decide which digital identities, attributes, and private data to disclose.
Q2. How is mutual identification achieved?
Every digital identity is rendered in two distinct but closely coupled forms: the “sovereign copy” tightly controlled by the owner, and “public copies” derived from the sovereign copy, including identifying information, shared with other owners. When two owners elect to collaborate, they exchange their public copies thereby mutually identifying.
Q3. What if the other party has no identity agent?
When contemplating to connect with an unknown party, the owner’s identity agent conducts proof-of-possession and proof-of-custody challenges to assess whether they have an installed identity agent. If these tests fail, the owner can choose to connect “at risk” and/or opt to send a “noreply” or “incognito” message suggesting the remote party install an identity agent from a safe source.
Q4. How is mutual authentication achieved?
When digital identities are created they are self-sealed using the embossing key. Public copies derived from the sovereign copy of the digital identity are thereby identically self-sealed. Self-seals affixed to received public copies are verified using the inspecting key of the public copy thereby authenticating the originator. Identity assurance can be elevated by conducting proof-of-possession (PoP) testing verifying the originating identity agent holds the embossing key used to self-seal the received public copy. A proof-of-custody (PoC) demand issued by a receiving identity agent verifies that the originating owner verifiably controls the sovereign copy of the digital identity thus additionally elevating identity assurances.
Q5. What about digital identity containers and registering?
Exchanging and registering public copies of digital identities is somewhat analogous to registering accounts and hashed passwords prior to using them to sign into online web service providers.
[explanation goes here including JavaScript objects]
Q6. How is self-sovereignty achieved?
Identity agents decentralize identity, shifting responsibility and control over identity and privacy from service providers to device owners. They achieve verifiable owner control over digital identities by encapsulating owner authentication data and exposing a common authentication interface. By controlling locally enrolled biometric minutia, passwords and PINs, device owners are strongly bound to their devices, identity agents, digital identities, consent tokens, and documents.
Q7. Which keys are allocated to digital identities?
Motivated by Asokan, identity agents generate three (3) private/public key-pairs per digital identity: a signing/verifying key-pair; a decrypting/encrypting key-pair; and an embossing/inspecting key-pair.
Q8. How are sovereign and public copies used?
Tightly controlled by the owner, the “sovereign copy” of a digital identity includes owner-specified identifiers, attributes, images and the three (3) private/public key-pairs. The derived “public copy” of a digital identity inherits all the identitiers, attributes and images of the sovereign copy but only the public keys, namely, the verifying, encrypting, and inspecting keys. Owners share public copies with other users and providers thereby enabling mutual identification, mutual authentication, and secure collaboration.
Q9. Why not use standard digital certificates?
X.509 digital certificates (certs) issued by Certificate Authorities (CA) are used to cryptographically bind Internet browsers to the domain name and fixed IP address of service providers. This approach enables password-based user authentication possibly augmented by a 2nd factor. However, the user’s true identity is not revealed and certs are not inutitive. Digital identities address these shortcomings.
Q10. How do digital identities differ from digital certs?
Identity agents strongly bind owners to digital identities held in their devices (e.g. smart phones, tablets). Digital identities mimic physical credentials in one’s wallet hence are intuitive and easy to use. They can be used to securely collaborate with other users as well as with online providers. Unlike digital certificates, they are conveniently available, visually similar to physical credentials, and hence intuitive and easy to use.
Q11. How are digital identities structured?
Digital identities created by identity agents are based on a common data model specifying globally distinct identifiers, unique identifiers across a given context, or decentralized identifiers (e.g. W3C DIDs); creation and expiry dates; photos, icons, sealing images.; legal, informal names, or pseudonymous names; and email address(es) and telephone number(s). Digital identities specifying obfiscating or non-identifying information can be used for incognito browsing, posting, and messaging.
Q12. How are digital identities used?
Digital identities mimic identifying and financial credentials in one’s wallet. For example, meeting attendees use their smartphones to exchange digital business cards sharing identifying and contact information to reliably identify oneanother and securely collaborate. Members of a social network share their personal identity cards enabling friends and family to reliably contact each otherby snail-mail, e-mail or telephone. Credit union members use their digital bank cards to pay bills and transfer funds online. Having obtained a digitally notarized copy of her rental agreement from her bank manager, a driver uses this document and her digital drivers license to access the department of motor vehicle’s online system to renew her driver’s license. Having a digital healthcard card a member asks her pharmacist to affix a digital seal attesting to recently received vaccinations for upcoming international trip.
Q13. Where are sovereign and public copies held?
The identity agent of an owner has a wallet object used to hold sovereign copies of the owner’s digital identities and a contacts object for holding public copies of digital identities of other owners. Public copies derived from sovereign copies can be stored in the contacts object.
Q14. How are digital seals created and verified?
A digital seal is like a physical seal affixed to a document by a notary using an embosser. Digital seals include a “sealing image“, attestation, issue date, digital identity identifier, artifact identifier, and digital [seal] signature. An identity agent owner can use the [private] embossing key and sealing image of a digital identity to create a digital seal affixing an attestation to a digital artifact binding the owner, attestation and artifact. The public inspection key of the owner’s public copy verifies the digital signature.
Q15. How do digital seals elevate identity assurances?
A digital seal elevates non-repudiation strength over traditional digital signature. This is because identity agents tightly bind their owners their devices as well as their digital identities when digital seals are created. This implies that when an owner creates a digital seal affixing their attestation to the digital identity of another owner, identity assurances associated with the other owner are thereby elevated.
Q16. How are public copies securely exchanged?
Having securely exchanged public copies of digital identities, identity agents focus on mutually identifying and authenticating owners, and securing messages, transactions and private data. When sending, the private signing key of the sender’s sovereign copy is used to digitally sign payloads, and the public encrypting key of the receiver’s public copy is used to encrypt payloads. When receiving, the private decrypting key of the receiver’s sovereign copy is used to decrypt payloads, and the public verification key of the sender’s public copy is used to verify digital signatures attached to payloads.
Q17. How do digital identities secure transactions?
Mimicking a notary public’s embosser, an owner having a digital identity can create a digital seal affixing an “attestation” to a digital artifact. Every digital identity has “sealing image”, a private embossing key, and a paired public inspecting key. The private embossing key can be used to cryptographically affix the sealing image, an owner attestation, and a digital signature to a selected artifact thereby digitally sealing the artifact. The paired public inspection key can be used to verify the digital seal. When a digital identity is created it is “self-sealed” using the embossing key. When a notary identity-proofs and digitally seals a document it is said to be “notarized”.
Q18. How are digital seals used to notarize documents?
The prototype demonstrates a use case where a notary public collaborates with a customer to notarize an identifying document. The customer scans or photographs the identifying document, uses her identity agent to select a digital identity, and uses the embossing key to digitally seal the document. The notary public verifies the document and the digital seal affixed by the customer, and uses his digital identity and embossing key to digitally seal the document thereby notarizing the customer’s identifying document.
Q19. How do identity agents protect private data?
An owner can direct her identity agent to use the public encryption key of a selected digital identity to encrypt private and identifying information. Stored locally or remotely, such private data can only be decrypted by the owner’s private decryption held by the sovereign copy. To secure bulk data, randomly generated symmetric keys are used to encrypt and decrypt the data while the paired encryption and decryption keys are used to encrypt and decrypt the symmetric keys.
Q20. When can proof-of-existence be used?
A “proof-of-existence” registry can be leveraged to verify the integrity of public copies of digital identities sent in-the-clear (unencrypted). When an identity agent creates a digital identity, the sovereign copy is self-sealed (public copies inherit this self-seal). The hash of the public copy and the self-seal are combined into a record and written into the proof-of-existence registry. An identity agent receiving a public copy in-the-clear uses the inspection key of the public copy to verify the self-seal. If the self-seal verifies, the hash of the received public copy is computed and used to locate a record in the registry. The computed hash and self-seal matching the the contents of the located record verifies the integrity of received public copy. In the case of unsuccessful matching, the received public copy is discarded. The proof-of-existence registry does not reveal private information given only hashes of public copies are written into the registry.
Q21. How does the Diffie-Hellman work?
The Diffie-Hellman key agreement method can be used to securely exchange public copies of digital identities between (say two) identity agent owners. Each identity agent uses Diffie-Hellman to generate a (distinct) public/private key-pair; exchange the public keys they each hold; and then combine the private key they each hold with the exchanged public key thereby creating the same symmetric key. Identity agents use the shared symmetric key to securely exchange their public copies. ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) is currently considered the most robust variant.
Q22. What about man-in-the-middle (MITM) risk?
The second Diffie-Hellman step where generated public keys are exchanged is vulnerable to man-in-the-middle (MITM) exploits by malicious actors. MITM risk is small when using flash drives, private WiFi routers, NFC or QR codes to exchange the public keys in-person. But MITM risk should be taken seriously when using email, SMS or similar messaging apps to exchange public copies generated by Diffie-Hellman.
Q23. How are OTPs used to detect MITM attacks?
When alternate channels are available, public keys generated by Diffie-Hellman are exchanged between the collaborating identity agents over the primary channel (say email), while a second channel (say SMS) is used to exchange one-time-passwords (OTPs). Once the OTPs are exchanged, the identity agents combine and hash them creating a fingerprint applied used to derive a symmetric key from the symmetric key generated by Diffie-Hellman. Man-in-the-Middle exploits are thereby detected.
Q24. How is HTTPS used to prevent MITM attacks?
Identity agents with pre-installed digital certificates can leverage https service providers to digitally sign, exchange and verify the public keys generated by Diffie-Hellman. If successfully verified, the remaining Diffie-Hellman steps can be executed to yield the shared symmetric key subsequently used to securely exchange the public copies. Man-in-the-Middle exploits are thereby prevented.
Q25. How is password dependency reduced?
Verifiable owner control (self-sovereignty) reduces and potentially eliminates the need for remote access passwords and the burden of maintaining online user profiles. Given a service provider has an installed identity agent, a user with an account/password for online access can use her identity agent to present the public copy of one of her digital identities to the provider’s identity agent. The provider’s identity agent verifies that the attributes of the public copy conform with her online user profile. If it conforms, her identity agent can subsequently present the public copy of her digital identity to identify herself and sign in without using her remote access password.
Q26. How does identity-proofing elevate assurances?
Users and providers can use their identity agents to proof, attest and digitally seal each other’s digital identities. An owner requesting elevated assurances submits a public copy of her digital identity plus identifying information to another owner. They meet in-person or online. If the identity-proofer confirms that the identifying information represents the requester, his identity agent uses the embossing key of his sovereign copy to create a digital seal affixing his attestation to her public copy. The digitally sealed public copy and the proofer’s public copy are returned to the requester’s identity agent which merges the affixed digital seal with her sovereign copy. This process elevates identity assurances associated with her digital identity. Owners deciding whether to trust her digital identity can use their identity agents to verify the digital sealing signature of the digital seal by using the inspection key of the identity-proofer’s public copy. Multiple seals affixed to digital identities establishes a “web of mutual trust” among owners.
Q27. How are digital seals used to delegate consent?
In contrast to server-centric consent models, the agent-based digital identity architecture decentralizes access to private owner data by circulating consent tokens that are digitally sealed by stakeholders attesting to their commitments. Resource owners use consent tokens to reliably grant and expire access to their private resources. Custodians hosting a given owner’s resources use consent tokens to clear and terminate access by requesters to owner resources. Requesters present access tokens to custodians to gain access to the resources they want to use. Consent tokens are archived to support possible audits.
Q28. How will owner data be backed up?
To mitigate risks, authentication data and digital identities including public/privacy keys will be encrypted and backedup/recovered to/from local and remote storage.
Q29. How will identities be copied across devices?
Generally speaking, users will have multiple devices, for example, a smart phone, a tablet PC and a laptop. Export and import utilities will be available for replicating digital identities across their devices.
Q30 How can identity agent software be hardened?
Formal methods can be applied to increase software trustworthiness. Trusted platform modules, secure enclaves, and trusted execution environments can be exploited to harden identity agent software and malware protection. It is feasible to mitigate data correlation and linkability risks threatening privacy (see W3C Verifiable Credentials and ABC4Trust). Quantum computing risks can be countered by using elliptic curve cryptography, lengthening encryption keys, rotating encryption keys, and generating ephemeral keys. See Analysis of Signal Messaging Protocol; also the ECDHE (Elliptic Curve Diffie-Hellman Ephemeral method.