On December 12, 2023, the BSN real-name DID service conference was successfully held in Beijing, at which the BSN real-name DID service was officially released. This service fully integrates the two major infrastructures of BSN blockchain service network and CTID digital identity chain, meets the management requirements of "front-end anonymity and back-end real-name", which is of great significance for serving the development of the digital economy and supporting the construction of national data infrastructure.
He Yifan, executive director of BSN Development Alliance, introduced the specific application cases of BSN real-name DID service in various fields at the press conference, and the following is the relevant ** and text collation of BSN real-name DID service scenario case introduction, in order to make it easier to read, the text part has been edited and modified.
Whether it's BSN or CTID system, it's actually a very back-end system, and it's hard to simulate what they do from the front end, so my job is to popularize science, and strive to explain the BSN real-name DID service in a way that everyone can understand.
To understand real-name DIDs, we must first understand a key term in the field of cryptography, that is, the "public-private key pair" of asymmetric encryption, which is a set of encryption algorithms proposed by the Americans in 1974 and has been used to this day, and is also the most important algorithm used for encryption in practical engineering in cryptography.
But I think technology is always simulating human behavior, and the logic of "public-private key pairing" actually appeared in China thousands of years ago. Let me give you two examples, it is clear that there are two idiom allusions: "Breaking the Mirror and Reuniting" and "Stealing Talismans to Save Zhao", one tells about things 1500 years ago, and the other is about things 2300 years ago.
The reunion of the broken mirror is to say that when the Sui Dynasty destroyed Chen, the princess of Chen was forced to flee, and before leaving, she divided a mirror into two halves, held half of it with the horse, and agreed to recognize each other with half of the mirror kept by each of them after 5 years. Five years later, in a bazaar, the princess's old servant held half of the mirror, and the colt held half of the mirror, and the two of them were a pair, and sure enough, they recognized each other. This is a pair of public and private keys that confirm the identity and verify that one of them is a colt.
Everyone should be familiar with the story of stealing talismans to save Zhao, there are two talismans, one is in the hands of the King of Wei, and the other is in the hands of the general, you must hold the half of the King of Wei, which is equivalent to the private key, and find a pair on both sides of the general, which is equivalent to the verification of the public key, so you can send troops, so Xinlingjun stole the talisman of the King of Wei.
So you can see that the "public-private key pair" is actually a very old logic, which has existed for thousands of years, and was only calculated mathematically in 1974, and its logic is that there must be two things put together in order to produce a series of effects.
So what exactly can a public-private key pair do?The action initiated by the private key is equivalent to stamping, and then the public key can be used to prove that the seal is stamped with a specific seal. The public key is equivalent to a security box, which can encrypt files or data in this box, and after encryption, even the person who packs the box cannot decrypt it, and only the private key can be unlocked.
The role of the public-private key pair is to do these two things: stamping, verifying the seal, and actually encrypting and decrypting. The story of the reunion of the broken mirror is actually about encryption, and the old servant holding the mirror is equivalent to an encrypted string, and no one can recognize his true identity anymore, but the colt used his own half of the mirror to verify that the old servant turned out to be the princess's **. Stealing the talisman to save Zhao is equivalent to stamping a seal with the private key of King Wei, and after the general verifies it with his public key, he can transfer troops.
The function of the public-private key pair is actually these two actions: private key stamping, public key verification;The public key is encrypted, and the private key is unlocked. If you remember this mantra, you are also an expert in cryptography.
So what is BSN real-name DID service?In fact, it is very simple, the public key must be easy for everyone to get, so that anyone can verify that a certain chapter is covered with the corresponding private key;Or when sending data, it can be easily encrypted with the public key, and the receiver can use the corresponding private key to decrypt it. Therefore, one of the characteristics of the public key is that it must be stored in a public environment for everyone to obtain.
Therefore, the BSN real-name DID service actually consists of two parts of logic. The first part is to connect to the CTID platform, and after the CTID platform performs identity authentication, a DID ID is generated for addressing the public key, and the public key is stored in the real-name DID document corresponding to the DID ID. This part of the logic fulfills two functions: first, it can be proved that a public-private key pair has been generated for an individual;Second, the public key is stored in a real-name authenticated document, which also means that the public key is associated with the individual's name, ID number, and other real-name identities. The second part of the logic is to store the public key in the public network environment of BSN, and the DID identifier is equivalent to Web30 can even be associated with a distributed domain name, and anyone can use the DID ID or distributed domain name to obtain the document, extract the public key, and then encrypt or verify it.
Therefore, the BSN real-name DID service is to associate the public key with the individual's identity verification, and at the same time put it in a public environment, so that everyone can extract it, which is such a logic.
Next, I will introduce the application case of BSN real-name DID service.
First, BSN personal data confirmation service. You can generate a file by yourself, no matter what it is, a pdf, a word document or an email, how to prove that the document is your own after it is sentThere is actually no way to prove this on the web2 Internet.
But now it can be proved that we can always generate a public and private key pair, no matter what file is generated, it is stamped with the private key, of course, some hashing algorithms will be used, and the corresponding public key will be put into the real-name DID document after authentication, through the real-name DID document, anyone can use the public key to verify that the file belongs to you.
BSN real-name DID service has allowed the Internet to have something that has never happened before, that is, a document that can always be proven to belong to whom. And this process is imperceptible to everyone, for example, the digital camera generates a public and private key pair when it is activated, and then the camera is directly connected to the BSN real-name DID service system, registers the public key, and automatically stamps it with the private key when taking pictures, which is equivalent to a real-name watermark, so that it can always be proved that **was taken by whom. In addition to **, PDF documents, e-mails are also included. Now it's giving people a way to start being able to authenticate their data, and I think that's a really big change.
Second, the flow of personal data. A real-name DID document can store many public keys instead of only one public key. A business platform can generate a public and private key and store the public key in the real-name DID fileA bank can also generate a public and private key for the withdrawal business, the public key is stored in the DID file, and the private key is handed over to the individual user. Everyone can manage a lot of public and private keys. The two business parties each deposit a public key in the real-name DID file, which can completely encrypt the data transmission between the two parties. And no one but the other party can decrypt it. This provides you with the service of absolute encryption of data flow on the Internet, which can be applied to many secret-related scenarios, such as sending emails between two staff members in some secret-related industries, and absolute encryption can be achieved throughout the process.
Thirdly, privacy-preserving logins, which I think are the most important. 30 years ago, our login method was called username and password login, 10 15 years ago it was mobile phone verification code login, and in the next 10 years, it will be a public and private key pair login. Now with BSN real-name DID service, you only need a DID ID or an address when you register, and then you can log in by signing with the private key generated by yourself on your mobile phone, and all services are processed with DID ID.
In this way, zero collection of personal information is achieved. Usernames and passwords are no longer required, usernames and passwords are private data, and mobile phone numbers are also private data, and these private data are no longer required. Instead, you only need to provide a DID identifier that is not private data. This will form a new situation, on the ** personal privacy data and business data is completely decoupled, which can completely avoid the application platform to resell user data, because these data have no relationship with personal identity, and therefore have no value.
I think that within 10 years, many countries will enact laws prohibiting large Internet platforms from storing everyone's private data, and instead must use real-name DID means to log in. The current GDPR Act in the European Union stipulates that users can ask the internet platform to delete the data, and the internet platform must do so, including backups. The reason for this is that there is no means to log in completely anonymously on the Internet. With the real-name DID technology, I believe that this law will be changed to directly not allow Internet platforms to store user data, and the real-name DID issued by the EU must be used to handle all businesses and solve all problems. This is a huge change that directly changes the way people behave with **. This has already been achieved, and if there is a ** want to provide an anonymous login service, it can be provided now.
Fourth, customize the business DID. The real-name DID document mentioned above is called the official DID document, which can only write the public key to verify the identity and private key, and there is no way to verify other information. However, the business side can generate its own business DID documents, and it can be many business DID documents and write various business information.
Just like there are virtual humans in the metaverse, the state will definitely require that the virtual humans be able to be linked to actual individuals. So we have such a scenario, an individual has an official real-name DID document, he creates 20 virtual humans, you can generate the corresponding 20 business DIDs, which is equivalent to configuring a permanent ID for each virtual person, but the business DID document can not write the public key, but write the modeling data of the virtual person. This will make the image of virtual humans displayed in any metaverse, any game platform, and any ** consistent, because the data called by all platform parties does not exist in a certain background, but in a public environment for anyone to call.
This is also one of the core values of real-name DID technology, that is, through DID technology, the data flow of many businesses can be connected, so that everyone can share a set of data flows.
Fifth, personal identification certificates. Credential technology is actually a derivative of real-name DID technology, which is mainly a file signed with a private key. The most important function is to prove the user's identity by the business party, which not only contains the user's DID information, real-name information, but also the signature information of the business party, such as the signature information of a bank.
What effect does this have?Users can open an account directly with another cooperative bank with this voucher without even providing information. Because there is already a bank and CTID system to ensure the identity of users, and the user's information bank and CTID system must be available, which can directly handle many businesses.
Sixth, personal identification information credentials. In fact, it is an electronic certificate with personal information, and its private key must be kept by an individual, with a very high level of security, and it can only be used after a certain technical integration. You can scan this voucher with an electronic device to verify who you are.
Seventh, customize your personal identification credentials. The business side can freely define the template, for example, in order to participate in the auction, the bank needs to provide a deposit certificate, and the deposit amount needs to be added to the certificate. Based on the customized template, the bank can send an electronic letter of introduction, which contains a series of things such as the bank's signature, CTID verification serial number, etc., to prove the user's identity and deposit amount.
So, to sum up, the real-name DID is like a connector to help you save the public key;The voucher is equivalent to an electronic letter of introduction, which is issued for everyone through various private key signatures.
From a technical point of view, DID technology is actually very simple, and even a high school student can deploy a DID system on BSN or any public chain in 20 minutes.
However, real-name DID is very complicated, and it must first be issued by an authoritative organization. Including in the United States and European countries, when it comes to real-name DIDs, the state must be required to authenticate the identity later.
Second, there must be legislation. Our country's legislation is already in place, that is, the "Personal Data Security Law", and we must protect personal data from the legislative level in order to urge everyone to use new technologies.
Third, the private key must ultimately be in the hands of the individual. Of course, this is more difficult to achieve at present, including domestic and foreign, because we do not have the concept of private keys, and there is also a lack of tools to manage private keys, so in the next two or three years, there will gradually be many private key management tools, private key custody services, to help you manage private keys. But in the end, it is up to the individual to master the private key in order to truly control their own DID and identity.
Fourth, the real-name DID must be placed in a public environment, which can be called by anyone and does not require a cost. The BSN real-name DID service is placed on the Yan'an Chain, which is a public environment and is managed by a number of people, including the Ministry of Public Security, the State Information Center, China Mobile, etc., which means that there is no way for any one to close the Yan'an Chain. In the future, Yan'an Chain will have dozens of co-management companies to ensure that it has always been an open and transparent environment.
We believe that December 12, 2023, when the BSN real-name DID service is released, will be an epoch-making day, which does not only refer to BSN real-name DIDs, but all real-name DIDs in the future, which will change many architectural things and underlying logic of the Internet.
The first is to no longer use the username and password and mobile phone verification code that expose privacy, and gradually change to real-name DID and private key signature registration and network browsing. The next decade is the management of public-private key pairs. The concept of public and private keys will become stronger and stronger.
The second is that the data is always confirmed, for example, in the future, if a word document is generated on the office, it will be marked with a real-name watermark just by clicking Save. And you don't have to worry about disputes, because if there is a watermark, there will be a timestamp. At the same time, it is possible to transfer its ownership, and even in the future it can be stratified, and the ownership and use rights can be separated.
The third is encryption, which gives a lot of encryption methods to individuals, which can ensure that which data can be seen by whom, so that individual users have a certain degree of control over the data.
I think that the real-name DID system needs to be emphasized that it is not only the BSN real-name DID service, but also the general technology in the future. From now on, people will no longer swim naked on the Internet, the Internet is like a surging river, and if you want to play in it, you have to throw data into it, and anyone who wants to watch it can watch it. And now the real-name DID system is equivalent to giving us a means to support what data we want to put and what we want to do, and have a certain amount of control. This is a huge change in identity authentication on the Internet. At present, all countries are studying the problem of distributed identity, but none of them have achieved real-name distributed technology, and our project is indeed relatively leading, but in 5-10 years, each country will launch real-name DID, and real-name DID will become the standard service of the Internet.
Thank you!