Avast pitches decentralized digital ID and FIDO integration at Authenticate 2022
An Authenticate 2022 session Wednesday explored the open standards and cryptography behind self-sovereign identity (SSI) and how they can complement FIDO and WebAuthn to enable greater privacy and security.
In the talk, Dmitry Barinov, VP of technology and digital trust services at Avast, starts by defining SSI as an emerging approach to digital identity that puts individuals in control of their digital identity data and experiences.
Barinov then highlights the advantages of SSI and provides an overview of current SSI government and industry projects, including the European Self-Sovereign Identity Framework (ESSIF), the eIDAS (Electronic Identification, Authentication and Trust Services) regulation, and the International Air Transport Association (IATA) travel pass (developed in collaboration with Avast), among others.
Barinov describes the “SSI credential flow” and how authentication fits into this process. At a basic level, he says, authentication first involves the credential issuer, which passes a credential to the wallet (whether device, cloud or a combination) which the user sends to the relying party. Once identity has been confirmed, an identity recovery flow can also be carried out.
He highlights the difference between FIDO and distributed (or decentralized) identifiers (DIDs), saying that while the former allows an individual to prove control over a public key, the latter allows them to demonstrate control over a DID, which in turn resolves to public keys.
Further, while FIDO is used directly for authentication to the relying parties (and for transaction signing), DIDs enable individuals to prove they are the subject of verifiable credentials, which may later be used for authentication by relying parties.
Avast took a dramatic step from cybersecurity into decentralized digital identity with the acquisitions of Evernym and SecureKey over the past year. The company then joined the FIDO Alliance in September.