SlideShare a Scribd company logo
1 of 36
Download to read offline
Decentralized Key Management System
(DKMS): An Essential Missing Piece of
the Self-Sovereign Identity (SSI) Puzzle
Drummond Reed @drummondreed
Chief Trust Officer Evernym and Sovrin Foundation Trustee
July 2018
Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/
Three Models of
Digital Identity
SSIMeetup.org
#1: Siloed (Centralized) Identity
OrgYou
Account
Standards:
SSIMeetup.org
#2: Third-Party IDP (Federated) Identity
Standards:
OrgYou IDPAccount
SSIMeetup.org
#3: Self-Sovereign Identity (SSI)
PeerYou
Distributed Ledger (Blockchain)
Connection
SSIMeetup.org
#3: Self-Sovereign Identity (SSI)
Peer
Distributed Ledger (Blockchain)
Connection
Issue credential
Verify credential
Digital
wallet
#1
DIDs
#3 DID Auth
#4 Verifiable
Credentials
#2
DKMS
SSIMeetup.org
Emerging Open Standards for SSI
DID (Decentralized Identifier)
DKMS (Decentralized Key
Management System)
DID Auth
Verifiable Credentials
SSIMeetup.org
What is a DID?
SSIMeetup.org
did:sov:3k9dg356wdcj5gf2k9bw8kfg7a
047d599d4521480d9e1919481b024f29d2693f27
2d19473dbef971d7d529f6e9
Private
Key
Public
Key
cc2cd0ffde594d278c2d9b432f4748506a7f9f251
41e485eb84bc188382019b6
SSIMeetup.org
10 SSIMeetup.org
11
You will not have just one DID.
You will have thousands.
One per relationship.
SSIMeetup.org
12
Each one will give you a
lifetime encrypted private channel
with another person, organization,
or thing
SSIMeetup.org
13
So how will you manage all those
DIDs and private keys?
And what will you do
if you lose them?
SSIMeetup.org
Introducing DKMS
SSIMeetup.org
15
DKMS (Decentralized Key
Management System) is an
emerging open standard
for managing your DIDs and
private keys
SSIMeetup.org
16
DKMS applies to the wallets
where you store your DIDs
and private keys and to the
agents that read/write from
those wallets
SSIMeetup.org
17
The whole idea of DKMS is to
standardize wallets so you
never have to worry about
security, privacy, or vendor
lock-in
SSIMeetup.org
DID Layer
The decentralized identity stack
Identity Owners
Cloud LayerCloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Edge Layer
Edge Wallet Edge Wallet
Edge Agent Edge Agent
DKMS DKMS
DKMS DKMS
SSIMeetup.org
What goes in a
DKMS Wallet?
SSIMeetup.org
20
#1: DIDs
#2: Key Pairs
#3: Endpoints
#4: Link Secrets
#5: Credentials
#6: Tokens
SSIMeetup.org
21
One of the primary reasons
for cloud agents is to make
it easy for you to have
multiple DKMS wallets
across different devices
SSIMeetup.org
22
The other primary reason is
backup and recovery
SSIMeetup.org
DKMS Key Recovery
SSIMeetup.org
24
DKMS key recovery supports both
offline recovery (“paper wallet”)
and social recovery (“trustee”)
methods
SSIMeetup.org
25
Both are based on cloud agents
continuously storing a backup copy
of your wallet encrypted with a
special recovery key
SSIMeetup.org
DID Layer
The decentralized identity stack
Identity Owners
Cloud LayerCloud Wallet Cloud Wallet
Cloud Agent Cloud Agent
Edge Layer
Edge Wallet Edge Wallet
Edge Agent Edge Agent
SSIMeetup.org
27
Offline recovery lets you backup
your recovery key using paper or
“cold storage” hardware
SSIMeetup.org
28
Social recovery lets you shard your
recovery key into pieces that you
share with your choice of trustees
SSIMeetup.org
DKMS
Standardization
How did DKMS happen?
1. Conceived in 2016 by Evernym as part of
our initial contract with U.S. Dept of
Homeland Security S&T to develop DIDs
2. DKMS Design and Architecture
developed over a 1-year contract w/DHS
3. Published in Hyperledger Indy repo for
announcement at IIW #26 in April 2017
30 SSIMeetup.org
31
The initial DKMS architecture is
now in open public review in the
Hyperledger Indy github:
http://bit.ly/dkmsv3
SSIMeetup.org
32
The plan is to form a DKMS
Technical Committee at OASIS,
currently the home of the KMIP
(Key Management Interoperability
Protocol) open standard
SSIMeetup.org
33
Work on the DID specification has been funded in part
by a Small Business Innovation Research (SBIR) grant
from the U.S. Department of Homeland Security
Science and Technology Directorate.
The content of this specification does not necessarily
reflect the position or the policy of the U.S. Government
and no official endorsement should be inferred.
Thank You
SSIMeetup.org
Questions?
SSIMeetup.org
Trust Frameworks and SSI:
An Interview with CULedger on the
Credit Union MyCUID Trust Framework
Drummond Reed with Rick Cranston, COO, and Julie Esser, Chief
Engagement Officer of CULedger
July, 2018
SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Decentralized Key Management System
(DKMS): An Essential Missing Piece of
the Self-Sovereign Identity (SSI) Puzzle
Drummond Reed @drummondreed
Chief Trust Officer Evernym and Sovrin Foundation Trustee
July 2018
Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/

More Related Content

What's hot

Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSSIMeetup
 
Blockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsBlockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsStrategyWorks
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Evernym
 
PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3SSIMeetup
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloSSIMeetup
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksEvernym
 
Hyperledger Fabric in a Nutshell
Hyperledger Fabric in a NutshellHyperledger Fabric in a Nutshell
Hyperledger Fabric in a NutshellDaniel Chan
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...SSIMeetup
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityEvernym
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
Digital Guardianship in Self-Sovereign Identity
Digital Guardianship in Self-Sovereign IdentityDigital Guardianship in Self-Sovereign Identity
Digital Guardianship in Self-Sovereign IdentityEvernym
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventAraf Karsh Hamid
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Gokul Alex
 

What's hot (20)

Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher AllenSelf-Sovereign Identity: Ideology and Architecture with Christopher Allen
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
 
Blockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsBlockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and Credentials
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
Why The Web Needs Decentralized Identifiers (DIDs) — Even if Google, Apple, a...
 
PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3PolygonID Zero-Knowledge Identity Web2 & Web3
PolygonID Zero-Knowledge Identity Web2 & Web3
 
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus SabadelloDID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
DID Resolution: Given a DID how do I retrieve its document? – Markus Sabadello
 
Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
 
Digital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For BanksDigital Identity Wallets: What They Mean For Banks
Digital Identity Wallets: What They Mean For Banks
 
Hyperledger Fabric in a Nutshell
Hyperledger Fabric in a NutshellHyperledger Fabric in a Nutshell
Hyperledger Fabric in a Nutshell
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
Digital Guardianship in Self-Sovereign Identity
Digital Guardianship in Self-Sovereign IdentityDigital Guardianship in Self-Sovereign Identity
Digital Guardianship in Self-Sovereign Identity
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they work
 
Blockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - ClaventBlockchain HyperLedger Fabric Internals - Clavent
Blockchain HyperLedger Fabric Internals - Clavent
 
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
Hyperledger Indy Platform - Privacy, Security and Power for Digital Identity ...
 

Similar to Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed

Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed SSIMeetup
 
Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...
Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...
Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...SSIMeetup
 
Identity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel HardmanIdentity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel HardmanSSIMeetup
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 
Windows 10 CredentialGuard vs Mimikatz - SEC599
Windows 10 CredentialGuard vs Mimikatz - SEC599Windows 10 CredentialGuard vs Mimikatz - SEC599
Windows 10 CredentialGuard vs Mimikatz - SEC599Erik Van Buggenhout
 
DLT analytics and AI workshop 13 march 2019
DLT analytics and AI workshop   13 march  2019DLT analytics and AI workshop   13 march  2019
DLT analytics and AI workshop 13 march 2019Stavros Zervoudakis
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainErik Van Buggenhout
 
Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained
Cisco Connect Ottawa 2018 cloud and on premises collaboration security explainedCisco Connect Ottawa 2018 cloud and on premises collaboration security explained
Cisco Connect Ottawa 2018 cloud and on premises collaboration security explainedCisco Canada
 
Blockchain R&D to Decentralized Identity Deployment
Blockchain R&D to Decentralized Identity DeploymentBlockchain R&D to Decentralized Identity Deployment
Blockchain R&D to Decentralized Identity DeploymentAnil John
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataMirantis
 
Highlights of Internet Identity Workshop #28 with Drummond Reed
Highlights of Internet Identity Workshop #28 with Drummond ReedHighlights of Internet Identity Workshop #28 with Drummond Reed
Highlights of Internet Identity Workshop #28 with Drummond ReedSSIMeetup
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huangKen Huang
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Kaliya "Identity Woman" Young
 

Similar to Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed (20)

Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed Self Sovereign Identity (SSI) Open standards with Drummond Reed
Self Sovereign Identity (SSI) Open standards with Drummond Reed
 
Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...
Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...
Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCU...
 
Identity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel HardmanIdentity and the quest for Self-Sovereign Identity - Daniel Hardman
Identity and the quest for Self-Sovereign Identity - Daniel Hardman
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
 
Windows 10 CredentialGuard vs Mimikatz - SEC599
Windows 10 CredentialGuard vs Mimikatz - SEC599Windows 10 CredentialGuard vs Mimikatz - SEC599
Windows 10 CredentialGuard vs Mimikatz - SEC599
 
DLT analytics and AI workshop 13 march 2019
DLT analytics and AI workshop   13 march  2019DLT analytics and AI workshop   13 march  2019
DLT analytics and AI workshop 13 march 2019
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
 
Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained
Cisco Connect Ottawa 2018 cloud and on premises collaboration security explainedCisco Connect Ottawa 2018 cloud and on premises collaboration security explained
Cisco Connect Ottawa 2018 cloud and on premises collaboration security explained
 
Blockchain R&D to Decentralized Identity Deployment
Blockchain R&D to Decentralized Identity DeploymentBlockchain R&D to Decentralized Identity Deployment
Blockchain R&D to Decentralized Identity Deployment
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container DataSecuring Your Containers is Not Enough: How to Encrypt Container Data
Securing Your Containers is Not Enough: How to Encrypt Container Data
 
Highlights of Internet Identity Workshop #28 with Drummond Reed
Highlights of Internet Identity Workshop #28 with Drummond ReedHighlights of Internet Identity Workshop #28 with Drummond Reed
Highlights of Internet Identity Workshop #28 with Drummond Reed
 
Spring boot-vault
Spring boot-vaultSpring boot-vault
Spring boot-vault
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Up 2011-ken huang
Up 2011-ken huangUp 2011-ken huang
Up 2011-ken huang
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure usin...
 

More from SSIMeetup

ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...SSIMeetup
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentitySSIMeetup
 
SSI Adoption: What will it take? Riley Hughes
SSI Adoption: What will it take? Riley HughesSSI Adoption: What will it take? Riley Hughes
SSI Adoption: What will it take? Riley HughesSSIMeetup
 
Web5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBDWeb5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBDSSIMeetup
 
Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...SSIMeetup
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcareSSIMeetup
 
Cheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funCheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funSSIMeetup
 
Building SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersBuilding SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersSSIMeetup
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...SSIMeetup
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSISSIMeetup
 
Identity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolIdentity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolSSIMeetup
 
The SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaThe SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaSSIMeetup
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloSSIMeetup
 
Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackSSIMeetup
 
How to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenHow to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenSSIMeetup
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemsSSIMeetup
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterSSIMeetup
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)SSIMeetup
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeSSIMeetup
 

More from SSIMeetup (20)

ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
 
Value proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign IdentityValue proposition of SSI tech providers - Self-Sovereign Identity
Value proposition of SSI tech providers - Self-Sovereign Identity
 
SSI Adoption: What will it take? Riley Hughes
SSI Adoption: What will it take? Riley HughesSSI Adoption: What will it take? Riley Hughes
SSI Adoption: What will it take? Riley Hughes
 
Web5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBDWeb5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBD
 
Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...Portabl - The state of open banking, regulations, and the intersection of SSI...
Portabl - The state of open banking, regulations, and the intersection of SSI...
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for Healthcare
 
Cheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials funCheqd: Making privacy-preserving digital credentials fun
Cheqd: Making privacy-preserving digital credentials fun
 
Building SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product ManagersBuilding SSI Products: A Guide for Product Managers
Building SSI Products: A Guide for Product Managers
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...Solving compliance for crypto businesses using Decentralized Identity – Pelle...
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
 
The Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSIThe Pan-Canadian Trust Framework (PCTF) for SSI
The Pan-Canadian Trust Framework (PCTF) for SSI
 
Identity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic ProtocolIdentity-centric interoperability with the Ceramic Protocol
Identity-centric interoperability with the Ceramic Protocol
 
The SSI Ecosystem in South Korea
The SSI Ecosystem in South KoreaThe SSI Ecosystem in South Korea
The SSI Ecosystem in South Korea
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio AlamilloIntroducing the SSI eIDAS Legal Report – Ignacio Alamillo
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
 
Learn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stackLearn about the Trust Over IP (ToIP) stack
Learn about the Trust Over IP (ToIP) stack
 
How to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher AllenHow to avoid another identity nightmare with SSI? Christopher Allen
How to avoid another identity nightmare with SSI? Christopher Allen
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemseIDAS regulation: anchoring trust in Self-Sovereign Identity systems
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
 
Explaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matterExplaining SSI to C-suite executives, and anyone else for that matter
Explaining SSI to C-suite executives, and anyone else for that matter
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)The 2nd Official W3C DID Working Group Meeting (The Netherlands)
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
 

Recently uploaded

Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfAnushkaTripathi61
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appscristianmanaila2
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.Tortogel
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirtrahman018755
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfOndejSur
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresencePC Doctors NET
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 

Recently uploaded (16)

Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
Topology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdfTopology of the Network class 8 .ppt pdf
Topology of the Network class 8 .ppt pdf
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 

Decentralized Key Management (DKMS): An Essential Missing Piece of the SSI Puzzle - Drummond Reed

  • 1. Decentralized Key Management System (DKMS): An Essential Missing Piece of the Self-Sovereign Identity (SSI) Puzzle Drummond Reed @drummondreed Chief Trust Officer Evernym and Sovrin Foundation Trustee July 2018 Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/
  • 2. Three Models of Digital Identity SSIMeetup.org
  • 3. #1: Siloed (Centralized) Identity OrgYou Account Standards: SSIMeetup.org
  • 4. #2: Third-Party IDP (Federated) Identity Standards: OrgYou IDPAccount SSIMeetup.org
  • 5. #3: Self-Sovereign Identity (SSI) PeerYou Distributed Ledger (Blockchain) Connection SSIMeetup.org
  • 6. #3: Self-Sovereign Identity (SSI) Peer Distributed Ledger (Blockchain) Connection Issue credential Verify credential Digital wallet #1 DIDs #3 DID Auth #4 Verifiable Credentials #2 DKMS SSIMeetup.org
  • 7. Emerging Open Standards for SSI DID (Decentralized Identifier) DKMS (Decentralized Key Management System) DID Auth Verifiable Credentials SSIMeetup.org
  • 8. What is a DID? SSIMeetup.org
  • 11. 11 You will not have just one DID. You will have thousands. One per relationship. SSIMeetup.org
  • 12. 12 Each one will give you a lifetime encrypted private channel with another person, organization, or thing SSIMeetup.org
  • 13. 13 So how will you manage all those DIDs and private keys? And what will you do if you lose them? SSIMeetup.org
  • 15. 15 DKMS (Decentralized Key Management System) is an emerging open standard for managing your DIDs and private keys SSIMeetup.org
  • 16. 16 DKMS applies to the wallets where you store your DIDs and private keys and to the agents that read/write from those wallets SSIMeetup.org
  • 17. 17 The whole idea of DKMS is to standardize wallets so you never have to worry about security, privacy, or vendor lock-in SSIMeetup.org
  • 18. DID Layer The decentralized identity stack Identity Owners Cloud LayerCloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent DKMS DKMS DKMS DKMS SSIMeetup.org
  • 19. What goes in a DKMS Wallet? SSIMeetup.org
  • 20. 20 #1: DIDs #2: Key Pairs #3: Endpoints #4: Link Secrets #5: Credentials #6: Tokens SSIMeetup.org
  • 21. 21 One of the primary reasons for cloud agents is to make it easy for you to have multiple DKMS wallets across different devices SSIMeetup.org
  • 22. 22 The other primary reason is backup and recovery SSIMeetup.org
  • 24. 24 DKMS key recovery supports both offline recovery (“paper wallet”) and social recovery (“trustee”) methods SSIMeetup.org
  • 25. 25 Both are based on cloud agents continuously storing a backup copy of your wallet encrypted with a special recovery key SSIMeetup.org
  • 26. DID Layer The decentralized identity stack Identity Owners Cloud LayerCloud Wallet Cloud Wallet Cloud Agent Cloud Agent Edge Layer Edge Wallet Edge Wallet Edge Agent Edge Agent SSIMeetup.org
  • 27. 27 Offline recovery lets you backup your recovery key using paper or “cold storage” hardware SSIMeetup.org
  • 28. 28 Social recovery lets you shard your recovery key into pieces that you share with your choice of trustees SSIMeetup.org
  • 30. How did DKMS happen? 1. Conceived in 2016 by Evernym as part of our initial contract with U.S. Dept of Homeland Security S&T to develop DIDs 2. DKMS Design and Architecture developed over a 1-year contract w/DHS 3. Published in Hyperledger Indy repo for announcement at IIW #26 in April 2017 30 SSIMeetup.org
  • 31. 31 The initial DKMS architecture is now in open public review in the Hyperledger Indy github: http://bit.ly/dkmsv3 SSIMeetup.org
  • 32. 32 The plan is to form a DKMS Technical Committee at OASIS, currently the home of the KMIP (Key Management Interoperability Protocol) open standard SSIMeetup.org
  • 33. 33 Work on the DID specification has been funded in part by a Small Business Innovation Research (SBIR) grant from the U.S. Department of Homeland Security Science and Technology Directorate. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred. Thank You SSIMeetup.org
  • 35. Trust Frameworks and SSI: An Interview with CULedger on the Credit Union MyCUID Trust Framework Drummond Reed with Rick Cranston, COO, and Julie Esser, Chief Engagement Officer of CULedger July, 2018 SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  • 36. Decentralized Key Management System (DKMS): An Essential Missing Piece of the Self-Sovereign Identity (SSI) Puzzle Drummond Reed @drummondreed Chief Trust Officer Evernym and Sovrin Foundation Trustee July 2018 Background photo: Christoph Scholz https://creativecommons.org/licenses/by-sa/2.0/