Digital identity verification shifting towards SSI with marketplaces and ZKP

The landscape of digital identity verification is undergoing a significant transformation in an era dominated by concerns over data privacy and security. Traditional methods often involve sharing sensitive personal information with third-party entities, raising risks of data breaches and identity theft. However, new technologies are emerging to address these challenges, offering users greater control over their personal data while ensuring compliance with regulatory standards.

In on the action is Privado ID, a spinout of Polygon, focused on pioneering technology that upholds user privacy through identity verification methods, Chief Product Officer Sebastian Rodriguez tells Biometric Update in an interview.

Privado ID implements a framework to safeguard user data at every stage of the verification process, Rodriguez says.

All user information is encrypted locally, instead of sharing raw data, Privado ID employs ZKPs (zero-knowledge proofs) to enable verifiers to validate information without exposing unnecessary details, and the company utilizes pairwise DIDs (decentralized identifiers) to prevent cross-application tracking.

Recently, the company partnered with crypto payment gateway company Transak to provide a KYC sharing service that would improve the process of decentralized identity verification.

“Our core principles revolve around self-sovereign identities. This means putting users in control of their data from end to end. We’re committed to creating a marketplace of interoperable credentials, where verifiers can choose issuers based on their specific data privacy needs,” Rodriguez emphasizes.

Challenges in data minimization

One of the primary challenges in identity verification is minimizing the data shared with relying parties. Rodriguez explains, “We empower applications to request only essential data through ZKPs, ensuring that user privacy is maintained without compromising verification integrity.

“The identity verification process is performed by the issuer of the credential and depends on the use case. As an example, in KYC the credential provider is mandated to collect very specific information and retain that information for a period of time. By law, KYC providers must share this information with the authorities in case of an investigation. This is not a technical decision, but a legal requirement.

“In other use cases (e.g. Age Verification, Proof of Humanity), the issuer is not required by law to keep this information stored for a period of time — for these use cases the issuer could just simply send the credential to the user identity wallet and delete all the information obtained during the assessment process (some providers like Synapse already do this for proof of humanity).”

Privado ID performs both proof of humanity and age checks with a 3D biometric face scan.

Rodriguez adds that Privado ID does not decide the data policies of the issuers, but works with them to create a marketplace of interoperable credentials, so the relying parties (verifiers) can choose the issuer that adapts better to their needs.

“On the other hand, we do provide mechanisms for data minimization on the relying party side — the application that asks the user to present credentials can do it with a flexible ZK query language that turns a data request into a yes/no answer (supported by verifiable cryptography),” he continues.

To prevent third-party companies from scraping personal data, Privado ID collaborates with trusted credential issuers who comply with stringent privacy standards, such as eIDAS 2.0 in the EU. “Trust Registries govern issuer trust levels,” Rodriguez adds, “ensuring adherence to data privacy regulations.”

Technological infrastructure and user experience

Privado ID leverages Iden3, an open-source protocol for decentralized self-sovereign identities, to facilitate secure identity verification. Their platform includes tools like Verifier SDKs and Identity Wallets, streamlining integration and enhancing user accessibility without compromising security.

Looking ahead, Privado ID aims to integrate advancements like on-device attestations and Fully Homomorphic Encryption (FHE) to further enhance data security and user privacy. “These innovations will redefine how identities are verified,” Rodriguez predicts, “offering users more control and transparency over their personal data.”

The future of identity verification

In the next five to ten years, Rodriguez envisions a paradigm shift towards a decentralized Internet of self-sovereign identities. “We’re moving towards a world where users manage and share verifiable data,” he concludes, “transforming transactions and interactions into more secure and efficient processes.”

As technological advancements continue to reshape the landscape of identity verification, Privado ID aims to set new standards in identity verification, with the goal of paving the way for a more secure and privacy-respecting digital future.

Article Topics

biometrics  |  data privacy  |  decentralized identifiers (DIDs)  |  face biometrics  |  identity verification  |  Privado ID  |  self-sovereign identity  |  zero knowledge  |  ZKP cryptography