On December 12, 2023, the BSN real-name DID service launch conference was successfully held in Beijing, and the BSN real-name DID service was officially launched at the conference. This service fully integrates the two major infrastructures of the BSN blockchain service network and the CTID digital identity chain, meeting the management requirements of "anonymity in the front desk and real name in the back desk", and is of great significance to serving the development of the digital economy and supporting the construction of national data infrastructure.
He Yifan, executive director of the BSN Development Alliance, introduced specific application cases of BSN real-name DID services in various fields at the press conference. The following is a text summary of the BSN real-name DID service scenario case introduction. For ease of reading, the text has been edited and modified.
Whether it is BSN or CTID system, they are actually very backend systems. It is difficult to simulate what they do from the front end, so my job is to popularize science and try to explain the BSN real-name DID service in a way that everyone can understand.
To understand real-name DID, we must first understand a key term in the field of cryptography, namely the "public-private key pair" of asymmetric encryption. This is a set of cryptographic algorithms proposed by Americans in 1974 and has been used to this day. It is also the most important algorithm used for encryption in actual engineering in cryptography.
But I think technology is always simulating human behavior, and the logic of "public-private key pairs" actually appeared in China thousands of years ago. Let me give you two examples to make it clear. They are two idioms: "Broken Mirror Reunited" and "Stealing the Talisman to Save Zhao", one tells about something that happened 1,500 years ago, and the other about something that happened 2,300 years ago.
The story of the broken mirror reunited is about the time when the Sui Dynasty destroyed the Chen Dynasty. The princess of the Chen Kingdom was forced to flee. Before leaving, she split a mirror into two halves, and she and her husband each held one half. They agreed to recognize each other five years later with the halves of the mirror they each kept. Five years later, at a market, the princess's old servant held one half of the mirror, and her husband held the other half. The two of them recognized each other as expected. This is a public key and a private key paired together to confirm the identity and verify that one of them is the husband.
Everyone should be familiar with the story of stealing the military token to save Zhao. There are two military tokens, one in the hands of the King of Wei and the other in the hands of the general. One must take the King of Wei's half, which is equivalent to the private key, and find a pair on both sides of the general, which is equivalent to public key verification, before the troops can be dispatched. So Xinling Jun stole the King of Wei's military token.
So you can see that the "public-private key pair" is actually a very old logic that has existed for thousands of years, but it was only calculated using mathematical methods in 1974. Its logic is that two things must be put together to produce a series of effects.
So what can a public-private key pair do? The action initiated by the private key is equivalent to stamping, and the public key can be used to prove that the stamp was stamped with a specific seal. The public key is equivalent to a confidential box, in which files or data can be encrypted. After encryption, even the person who put the box cannot decrypt it, and it can only be decrypted using the private key.
The functions of the public and private key pairs are to do two things: stamp and verify the stamp, which is actually encryption and decryption. The story of the broken mirror is actually about encryption. The old servant holding the mirror is equivalent to an encrypted string. No one can recognize his true identity. However, the prince consort used his half of the mirror to verify that the old servant was actually the princess's agent. The military talisman in the story of stealing the talisman to save Zhao is equivalent to stamping with the private key of the King of Wei. After the general verifies it with his public key, he can dispatch troops.
The functions of the public and private key pair are actually these two actions: the private key stamps, the public key verifies; the public key encrypts, the private key unlocks. If you remember this formula, you will be a cryptography expert.
So what is the BSN real-name DID service? In fact, it is very simple. The public key must be easily accessible to everyone, so that anyone can verify that a certain seal is stamped with the corresponding private key; or when sending data, it is easy to use the public key to encrypt, and the recipient uses the corresponding private key to decrypt. Therefore, one of the characteristics of the public key is that it must be stored in a public environment for easy access by everyone.
Therefore, the BSN real-name DID service actually consists of two parts of logic. The first part is to connect to the CTID platform. After identity authentication on the CTID platform, a DID identifier is generated for addressing the public key, and the public key is stored in the real-name DID document corresponding to the DID identifier. This part of the logic implements two functions: first, it can prove that a public-private key pair has been generated for an individual; second, the public key is stored in a document that has been authenticated by real name, which also means that the public key is associated with the individual's real-name identity such as name and ID number. The second part of the logic is to save the public key in the public network environment of BSN, and the DID identifier is equivalent to an address in Web3.0, and can even be associated with a distributed domain name. Anyone can obtain the document through the DID identifier or distributed domain name, extract the public key, and then encrypt or verify it.
Therefore, the BSN real-name DID service associates the public key with personal identity authentication and places it in a public environment so that everyone can retrieve it. This is the logic.
Next, I will introduce the application cases of BSN real-name DID services.
First, BSN personal data rights confirmation service. You can generate a file yourself, no matter what kind of file it is, PDF, picture, Word document or email, how to prove that the file is yours after sending it out? There is actually no way to prove this on the Web2 Internet.
But now it can be proved that we can always generate a public-private key pair, and stamp any file with the private key. Of course, some hash algorithms will also be used. The corresponding public key is put into the real-name DID document after authentication. Through the real-name DID document, anyone can use the public key to verify that the file belongs to you.
The BSN real-name DID service has brought something to the Internet that has never appeared before, that is, a file can always be proven to belong to someone. And this process is imperceptible to everyone. For example, when a digital camera is activated, a public-private key pair is generated. Then the camera directly connects to the BSN real-name DID service system, registers the public key, and automatically stamps the photo with the private key when taking a photo, which is equivalent to putting a real-name watermark on it. In this way, it can always prove who took the photo. In addition to photos, it also includes PDF documents and emails. Now it has given people a way to start confirming the ownership of data. I think this is a great change.
Second, the flow of personal data. A real-name DID document can store not only one public key, but many public keys. A business platform can generate public and private keys and store the public key in a real-name DID document; a bank can also generate public and private keys for withdrawal services, store the public key in a DID document, and give the private key to individual users. Everyone can manage many public and private keys. Two business parties can each store a public key in a real-name DID document, and the data transmission between the two parties can be completely encrypted. And no one except the other party can decrypt it. This provides everyone with a service for absolute encryption of data flow on the Internet, which can be applied in many confidential scenarios, such as sending emails between two staff members in certain confidential industries, which can achieve absolute encryption throughout the process.
Third, privacy protection login, which I think is the most important. 30 years ago, our login method was called username and password login, 10 to 15 years ago it was mobile phone verification code login, and in the next 10 years it will be public and private key pair login. Now with BSN real-name DID service, when registering, you only need a DID identifier or an address, and then you can log in using the private key signature generated by your mobile phone. All services are processed using DID identifiers.
In this way, zero collection of personal information is achieved. Usernames and passwords are no longer needed. Usernames and passwords are private data, and mobile phone numbers are also private data. These private data no longer need to be provided. Instead, only the DID identifier, which is not private data, needs to be provided. This will form a new situation. On the website, personal privacy data and business data are completely decoupled, which can completely prevent the application platform from reselling user data, because this data has no connection with personal identity and has no value.
I think within 10 years, many countries will legislate to prohibit large Internet platforms from storing everyone's private data, and instead require real-name DID means to log in. The current EU GDPR law stipulates that users can ask Internet platforms to delete data, and Internet platforms must delete it, including backups. The reason for this regulation is that there is no way to achieve fully anonymous login on the Internet today. With the real-name DID technology, I believe that this law will definitely be changed to directly prohibit Internet platforms from storing user data, and must use the real-name DID issued by the EU to handle all business and solve all problems. This is a huge change that directly changes the way people use websites. This has already been achieved. If a website wants to provide anonymous login services, it can be provided now.
Fourth, custom business DID. The real-name DID document mentioned above is called the official DID document. This document can only write the public key to verify the identity and private key, and other information cannot be verified. However, the business party can generate its own business DID document, and it can be many business DID documents, and write various business information.
Just like there are virtual people in the metaverse, the state will definitely require that virtual people can be linked to real individuals. So we have such a scenario, where an individual has an official real-name DID document, and he creates 20 virtual people, which can generate 20 corresponding business DIDs, which is equivalent to configuring a permanent ID for each virtual person, but the business DID document does not need to write the public key, but the modeling data of the virtual person. This will make the image of the virtual person in any metaverse, any game platform, and any website consistent, because the data called by all platform parties is not stored in a certain background, but in a public environment for anyone to call.
This is also a core value of real-name DID technology, that is, through DID technology, the data flows of many businesses can be connected, allowing everyone to share a set of data flows.
Fifth, personal identity certificate. The certificate technology is actually a derivative of the real-name DID technology, which is mainly a file signed with a private key. The most important function is to be issued by the business party to prove the identity of the user. It contains not only the user's DID information and real-name information, but also the signature information of the business party, such as the signature information of a bank.
What effect can this have? The user can directly open an account at another cooperative bank with this certificate without providing any information. Because there is already a bank and CTID system to guarantee the user's identity, and the bank and CTID system must have the user's information, many businesses can be handled directly.
Sixth, personal identity information certificate. In fact, it is an electronic certificate with personal information. Its private key must be kept by the individual. The security level is very high and it can only be used after certain technical integration. You can use an electronic device to scan this certificate to verify who you are.
Seventh, customizing personal identity certificates. Business parties can freely define templates. For example, in order to participate in an auction, a bank needs to provide a deposit certificate, and the deposit amount must be included in the certificate. The bank can send an electronic letter of introduction based on the custom template, which contains the bank's signature, CTID verification serial number, and other items to prove the user's identity and deposit amount.
So, to sum up, the real-name DID is like a connector that helps everyone save public keys; and the certificate is equivalent to an electronic letter of introduction, which is issued to everyone through various private key signatures.
From a technical perspective, DID technology is actually very simple. Even a high school student can deploy a DID system on BSN or any public chain in 20 minutes.
However, real-name DID is very complicated. First of all, it must be issued by an authoritative organization. Including in the United States and European countries, when it comes to real-name DID, the state must authenticate the identity later.
Second, there must be legislation. Our country's legislation is already in place, namely the "Personal Data Security Law". Personal data must be protected at the legislative level to urge everyone to use new technologies.
Third, the private key must be controlled by the individual in the end. Of course, this is difficult to achieve at present, both at home and abroad, because people do not have the concept of private keys yet, and there is also a lack of tools to manage private keys. Therefore, in the next two to three years, there will be many private key management tools and private key hosting services to help everyone manage private keys. However, in the end, individuals must control their private keys to truly control their DIDs and identities.
Fourth, the real-name DID must be placed in a public environment, and anyone can call it at no cost. The BSN real-name DID service is placed on the Yan'an Chain, which is a public environment and is co-managed by multiple companies, including the Ministry of Public Security's Zhongdun Anxin, the National Information Center, and China Mobile, which means that no one company can shut down the Yan'an Chain. In the future, the Yan'an Chain will be co-managed by dozens of companies to ensure that it is always an open and transparent environment.
We believe that December 12, 2023, when the BSN real-name DID service is released, will be a landmark day. This not only refers to the BSN real-name DID, but all real-name DIDs in the future, which will change many architectural things and underlying logic of the Internet.
First, we will no longer use usernames, passwords, and mobile phone verification codes that expose privacy, and gradually switch to real-name DID and private key signatures for registration, login, and web browsing. The next ten years will be about the management of public and private key pairs. The concept of public and private keys will become stronger and stronger.
Second, data ownership is permanently confirmed. For example, in the future, when you generate a word document in the office, you only need to click Save to add a real-name watermark. And you don’t have to worry about disputes, because the watermark will have a timestamp. At the same time, its ownership can be transferred, and even in the future it can be layered, with ownership and usage rights separated.
The third is encryption. Giving individuals a lot of encryption methods can ensure which data can be viewed by whom, giving individual users a certain degree of control over the data.
I think the real-name DID system needs to be emphasized that it is not just the BSN real-name DID service, but will inevitably become a general technology in the future. From now on, people will no longer swim naked on the Internet. The Internet is like a surging river. Before, if you want to play in it, you must throw data in, and anyone who wants to see it can see it. Now the real-name DID system is equivalent to giving us a means to support what data we want to put and what we want to do, with a certain degree of control. This is a huge change in identity authentication on the Internet. Countries are currently studying the issue of distributed identity, but no one has achieved real-name distributed technology. Our project is indeed leading, but in 5-10 years, every country will launch real-name DID, and real-name DID will become a standard service on the Internet.
thank you all!
Author: Blockchain Service Network BSN; from the ChainDD content open platform "DeDehao", this article only represents the author's point of view, not the official position of ChainDD. For all "DeDehao" articles, the originality and authenticity of the content are guaranteed by the contributors. If the manuscript is plagiarized, falsified, etc., the legal consequences caused by the contributors themselves are responsible. If there is infringement, violation of regulations and other inappropriate content in the articles published on the DeDehao platform, please supervise the readers. Once confirmed, the platform will be offline immediately. If you encounter any problems with the content of the article, please contact WeChat: chaindd123
