DECENTRALIZED IDENTITY AND CERTIFICATION SYSTEM
DOI:
https://doi.org/10.28925/2663-4023.2019.6.1931Keywords:
blockchain technology, public key infrastructure, integrity, authenticity, decentralized system, identification, certificationAbstract
This article describes an approach to identification and certification in a decentralized environment. The protocol defines the way to integrate blockchain technology and web-of-trust concepts to create a decentralized public key infrastructure with easy user ID management. The essence of the scheme is to differentiate the entire infrastructure into 2 levels: the level of certification authorities (service providers) that jointly keep track of events related to user certificates; and the level of end users, systems and applications. During creating, updating, and revoking certificates, higher-level members reach a consensus on the confirmation of transactions associated with them, which ensures a higher level of validity of the certificates and synchronization of their status between certification centers. In turn, lower-level members do not need to perform complex verification procedures for a corresponding certificate: unlike the classic X.509 architecture and web-of-trust approach, the maximum number of checks in a chain can be two. An important feature of such a system is its ability to refuse certification centers: in the case of failure and / or compromise of the keys of one certification center, other network members continue to work seamlessly with others, and blockchain technology may make it impossible to add a certificate to a center whose keys have been compromised, because all the events in the system are connected by cryptographic methods. In particular, such a system can be used on the Internet of Things. Each individual sensor must communicate properly with other components of the system as a whole. In order to enable the secure interaction of these components, they must exchange encrypted messages to verify their integrity and authenticity, the provisioning scheme of which is in the described scheme.