Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

Today, the usual point is the independent verification of user credentials by each system individually (or by an organization to which the system owner has entrusted user identification). Very often, these methods are not very different from each other: users transmit the same set of personal data, confirm registration using traditional methods (mail, phone, etc.), as a result of which they receive a “local” identifier that is valid only within the boundaries of the selected system.

The main disadvantage of this approach is that the user must go through the same identification and registration process again and again, even if an identical data set is provided. In addition to the resource costs of these processes, this entails that identifiers obtained in different systems are in no way interconnected: information about identifiers and PII confirmations is not synchronized between identity providers, which in some cases can lead to the use of different identifiers to manipulate user permissions. Moreover, at the same time, the data is not stored in a single unified format and is not signed by the user when they are transferred, which entails the difficulty of finding the custodian of certain data and the inability to confirm their integrity and authenticity.

Global services such as Google [ 1 ], Facebook [ 2 ], Twitter [ 3 ], GitHub [ 4 ] and others allow users to sign in to other services through the OAuth protocol [ 5-8 ], but this protocol does not provide the required cryptographic reliability and uses session mechanisms to gain access to user data [ 9 ]. Existing decentralized payment systems have shown that the best practice is the cryptographic signature of each request sent to the accounting system and the signature of each response that the system returns [ 10 ].

The global digital identification system involves binding all user`s PII and his public key (as an option - a set of keys) to a unique global identifier. Where it leads: • All information about confirmations of personal data is stored in a single system.

Using mechanisms of digital signature and linking transaction sets to each other will ensure the authenticity of specific PII confirmations with time-bound events; • The integrity and authenticity of the data binded to the account is checked exclusively by cryptographic methods (control root hash value); • The management of personal data is completely controlled by its owner, all other participants in the system can only confirm a user-defined data set. To obtain personal data about a particular participant in the system, an identity provider must contact him directly and obtain either the necessary data set or permission to receive this data from another identity provider. 2

A global identifier is a unique entity within the identification system that represents a specific subject and is associated with information identifying this subject. The identifier is bound to: the public key of the owner of the identifier, a set of hash values from the identifiers of other accounting systems, as well as a set of hash values from PII, which is tied to the account owner. All of the listed data is linked into one structure an account (see Fig. 1).

“Account (global) identifier” is an immutable and unique value within the identification system, represented as a byte string. This value is generated when the identity provider creates the new user`s account. The main requirement is the uniqueness of this value within the system (this can be either randomly generated or not randomly selected).

“Public key” is a public key value, with the private key of which all transactions initiated by a particular account are signed.

“Readable identifier list” is a set of hash values from identifiers in other systems, such as email address, facebook id, etc. Also, each hash value is associated with a specific set of confirmations from other network members that they checked that the account owner owns the specified email, facebook_id, etc., which correspond to the specified hash values.

“Merkle Root for main data” is the root value from the user's main set of personal data [ 11 ]. It is assumed that the values included in this set will not be updated frequently and therefore they will remain confirmed even if other account fields are changed.

“Main data confirmation list” consists of a set of records consisting of the identifier of the provider and information about the set of main data they have verified.

“Merkle Root for additional data” is the root value of an additional set of user personal data. It is assumed that the values that are included in this set will change, and correspond to confirmations more often than the main set.

“Additional data confirmation list” consists of a set of records consisting of the identity of the provider and information about the set of additional data they have verified.

“Recovery providers list and recovery power” determine the set of identity providers (and their amount) needed to restore access to the account and change the public key. 3

The global digital identification system provides that each participant (who has an account) can send a transaction to the network. Transactions are stored as an ordered set of blocks (see Fig. 2), each of which contains a cryptographic hash value of the previous one [ 12 ], which provides the ability to control the integrity of the entire history of events associated with global identifiers.

A transaction, in turn, consists of a set of defined operations. There are four main types of operations: the operation of creating an account; the operation of changing / adding data associated with a specific global identifier; confirmation operations of data associated with the identifier; the operation of restoring access to the account (changing the public key and the set of parties for recovery).

The account creation operation can be initiated by any existing account. As a result of the operation, a new account is created in the identification system and its identifier and public key are determined (you can additionally define fields containing hash values of personal data and their confirmations).

Data change operations include operations whose purpose is to change / add main and additional personal data of the user, as well as change the values of identifiers associated with external systems. Such transactions can only be signed by the account owner and verified using the public key value specified in the account. In fact, each user personally determines the data set that he wants to associate with the global identifier; identity providers, in turn, have the right only to confirm the data set by the user.

Data verification operations include operations whose purpose is to confirm main and additional personal data. Such transactions can be sent by identity providers (in fact, by any member of the network) in relation to a particular account. Such a transaction contains information about the identifier of the account to which the confirmation is carried out, about the value of Merkle Root, to which the data verified by it belongs, as well as about the set of data itself that has been verified.

The operation to restore access to the account can only be signed by the owners of the identifiers that were defined by the user at the time of creating or updating the account. In fact, the user personally determines the set of trusted parties (and their required number), which can confirm his identity and sign the transaction to update the public key of the account. In fact, carrying out all types of operations described constitutes the life cycle of the account (see Fig. 3). In order to create an account in the global digital identity system, the user needs to contact with identity provider. This can be either a separate independent entity, or tied to a specific accounting system. The registration process may differ depending on the individual provider (this can be either the personal presence of the user or remote registration), but it is worth identifying its main features [ 13 ]. In the process of creating an account, the user provides the provider with a set of personal data that must be confirmed, the Merkle Root value from the entire data set, as well as the Merkle Branch value to prove that the particular set is in the root value [ 11 ]. This allows the provider to check only specific data and agrees that they are included in the general set, and all this without providing the entire set of personal data.

Also, the user needs to generate a key pair (private and public keys) and confirm ownership of the specified email address (or other identifier, depending on those specified in the account). The account creation process is shown in the following diagram (see Fig. 4). 1. The user sends the identity provider a set of personal data that must be confirmed, the Merkle Root value for the entire personal data set, Merkle Branch as evidence that the personal data set is included in the root hash value, public key, email address and the generated identifier value. The user also defines a list of accounts that can change the value of the public key and restore access to the account. 2. The identity provider checks the provided personal data and checks their relation to the root value. 3. The registrar sends a e-mail confirmation to the client (not necessary e-mail, another channel can be used). The confirmation contains Merkle Root (proof that the data received by the provider was not modified), the received public key (also that it was not modified), identifier, list of trusted providers and Nonce value. All values are signed by the provider's key; accordingly, an attack on message modification during transmission is excluded. 4. The user receives a mail, checks that all the data is valid, then signs the Nonce value with his own private key (as proof that he owns the public), and then sends the signed value to the provider. 5. The registrar verifies the signature, after which it initiates the creation of the account: it fills out the necessary fields, generates a global identifier and sends the corresponding transaction. 3.2

In order to meet the GDPR policy, it is necessary that PII users are transferred and processed only with the permission of their owners [ 15 ]. If personal data is transmitted directly by the user to the provider, everything is quite simple: when establishing a connection, the user gives permission to process his personal data. However, difficulties arise if the registrar does not request data directly from the user, but from the party that has previously authenticated it (for example, the user does not keep all the necessary data for registration on the service, however, this data was previously confirmed by the registrar and, accordingly, from him are stored).

Since the provider that stores PII users cannot distribute this data without first obtaining permission to do so, this permission must be provided by the user. Such permission must contain the date and time of its formation, the identifier of the PII owner’s account, the set of data that is allowed to be transferred to the second party, as well as the identifier of the recipient side. Note that the request must be signed with a private key that is tied to the user's account.

If the registrar receives a similar request from the user, he checks the signature value of the request using the public key that is specified in the user’s account. If the signature is valid, then he looks at what set of personal data is requested, and if he really has the required set of personal data, then he sends them and the Merkle Branch value to the requesting party (they must first establish a secure channel). The requesting party carries out a procedure similar to that described in 3: it checks that the received data is in the root hash value, and then confirms the personal data.

The timestamp in the request is necessary to ensure the confidentiality of the updated PII. If the user has updated his personal data set and does not want the party that previously received permission to access the old set to be able to receive updated data for the same permission. Therefore, when checking permission, the registrar compares the time of sending the transaction with the updated data and the time for obtaining permission, and if the time for obtaining permission is shorter, then access to personal data of users is not provided. 5

Using a native currency for the network to motivate validators and using proof-ofwork / proof of stake mechanisms for reaching consensus is not the best solution, since the quality of identification information and the reliability of the system, as practice has shown, will completely depend on the “value of this currency” [12; 16]. Moreover, a completely anonymous environment is not the most suitable for the construction of an identification system, where the level of confidence of the identification will depend on the processing power or the size of the stack of registrars, which does not exactly indicate their competence in issues of user identification.

It is not worth changing the model of trust relations to specialized providers of identification services, but you only need to expand it by combining these providers into a single network, which will contain information about issued identifiers and their confirmations. At the same time, leading identity providers will act as public sources of information about confirmed data, which will in no way affect the change in attitudes towards them. In other words, trusting the identification of a particular organization, you also continue to trust it, however, it no longer acts as an identifier provider for a specific local field, but as an identifier provider in the global system, which automatically expands the user area of activity. Thus, having confirmed the identifier with several major suppliers, the user gets rid of additional identification in local systems that trust these providers.

The most suitable model for achieving consensus for this system is the FBA algorithm [ 17 ], which is actually a projection of trust relationships between network participants at its level. Thus, the largest service providers will benefit from launching validator nodes and setting up communication between each other. Thus, each of them will be able to provide relevant information on the status of user identifiers, and relations between global suppliers will not allow one / several parties to cheat: in this case, there is a big risk of being outside the main quorums of the system, resulting in loss of trust from end users and using system identifiers.

The key issue at this stage is protection against spam attacks [ 18-22 ]: they cannot affect the decision-making mechanism regarding a specific identifier, since if a user trusts only a number of providers, they can (and should) be ignored by the voices of other participants in the system (this way we protect from the attack of Sybil); however, at the same time, since any user can add a transaction to the network, and in fact the number of such transactions is not limited, this can negatively affect the system’s throughput, therefore, a mechanism for protecting against this from the validators should be provided (for example, receiving rewards for adding transactions in the block - the same mempool, however, each registrar personally agrees with customers regarding the method of payment; we repeat that the internal currency in such a system should be absent). 6

Existing public key infrastructures were the first step in digitizing interactions between Internet users, which involved providing basic information services [ 23-28 ]. They showed that this interaction can be accomplished using cryptographic methods based on user certificates. However, such approaches are still not ubiquitous, since it is rather difficult to associate valid (in various accounting systems) user identifiers with their certificates. Integration is difficult when it comes to technical and legal compatibility (including the signature algorithms used), the need for direct trust in certification services, and problems associated with synchronizing information related to the creation / renewal / revocation of certificates.

The implementation of the identification system functioning scheme described in the document does not imply a mandatory abandonment of the existing X.509 infrastructure. Moreover, the simple integration of existing certificates is supposed by adding them to the account structure. The key idea of such a system consists precisely in transferring control of data into the hands of their owners and unifying access to various services through the use of cryptographic methods [ 29-33 ]. When user data is tied to a specific key, ownership of which proves the authenticity of the subject, only then can the system be sure of the authenticity of the requester.