Agent-Based Digital Identity Architecture

At PNSQC 2015, I highlighted the weaknesses of legacy identity schemes. Today's Internet remains far too dependent on server-centric identity solutions and password-based remote authentication. My research has led to the agent-based digital identity architecture described in this paper. This architecture decentralizes control over digital identities from web services to individuals using identity agents on their personal Internet devices. The agents manage digital identities and private data on behalf of owners to prove who they are, protect their private data, and securely collaborate. Digital identities are considered 'self-sovereign' because identity agents enable owners to tightly control them. Agents virtualize digital identities mimicking physical credentials found in one's wallet thereby facilitating technology adoption. Password dependency is reduced because digital identities have public-private keys used to strongly encrypt, digitally sign, and digitally seal digital identities, transactions, and private data. Owners can use their digital identities to collaborate peer-to-peer as well as online. A reference-model specification for this architecture supports open-source software development. The principal features and functions of the architecture are published in four US patents and an unpublished patent application. To discourage patent aggression, software licenses akin to Red Hat's 'patent promise' will be issued.

Topics:

  • What is meant by self-sovereign digital identities and how they can be used to reduce remote password dependency.
  • How identity agents can be used to create digital identities that are controlled by their owners.
  • How public-private keys embedded in digital identities can be applied to encrypt, digitally sign and digitally seal transactions, documents, consent tokens, and digital identities of other parties.
  • What is meant by identity proofing, attestation, and digital sealing, and how these mechanisms can be used to elevate identity assurances.
Paper | Presentation | Video Intro

Kal Toth

Kal Toth has authored several conference and journal papers on digital identity and published four US patents in this field. He is currently refining a proof-of-concept prototype for self-sovereign digital identity. He also provides technical expertise to law offices defending individuals claimed to have used BitTorrent to infringe digital media copyrights. Kal has technical and management experience working for Hughes Aircraft, Datalink Systems Corp., the CGI Group Inc., the Software Productivity Centre (BC), Intellitech Canada (Ottawa), and various Canadian federal departments including Defence, Transport, Revenue, External Affairs, and Communications Canada, and the Canadian Communications Security Establishment.  He is former Executive Director of the Oregon Master of Software Engineering (OMSE) program, and Associate professor delivering a range of software engineering and project management courses to working professionals in Oregon and several Canadian universities. He obtained his Ph.D. in computer systems and electrical engineering from Carleton University (Ottawa) and is a registered professional engineer with a software engineering designation in British Columbia.

Be sure to check out Kal's additional PNSQC 2024 contribution, a technical paper, and presentation titled 'Software and Methods Supporting Legal Proceedings', featured in the Process and Tools track.