An Architecture for Distributed Digital Identities in the Physical World

• URL: http://arxiv.org/abs/2508.10185v1
• Date: Wed, 13 Aug 2025 20:41:12 GMT
• Title: An Architecture for Distributed Digital Identities in the Physical World
• Authors: René Mayrhofer, Michael Roland, Tobias Höller, Philipp Hofer, Mario Lins,
• Abstract summary: We design, analyze, and build a distributed digital identity architecture for physical world transactions.<n>This architecture combines (biometric and other) sensors, (established and upcoming) identity authorities, attribute verifiers, and a new core component we call the emphPersonal Identity Agent (PIA)<n>We present a first protocol between these parties and formally verify that it achieves relevant security properties based on a realistic threat model including strong global adversaries.
• Score: 1.1303195606272813
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Digital identities are increasingly important for mediating not only digital but also physical service transactions. Managing such identities through centralized providers can cause both availability and privacy concerns: single points of failure and control are ideal targets for global attacks on technical, organizational, or legal fronts. We design, analyze, and build a distributed digital identity architecture for physical world transactions in common scenarios like unlocking doors, public transport, or crossing country borders. This architecture combines (biometric and other) sensors, (established and upcoming) identity authorities, attribute verifiers, and a new core component we call the \emph{Personal Identity Agent (PIA)} that represents individuals with their identity attributes in the digital domain. All transactions are conducted in a completely decentralized manner, and the components for which we currently assume central coordination are optional and only used for assisting with service discovery and latency reduction. We present a first protocol between these parties and formally verify that it achieves relevant security properties based on a realistic threat model including strong global adversaries. A proof-of-concept implementation demonstrates practical feasibility of both architecture and initial protocol for applications that can tolerate end-to-end latencies in the range of a few seconds.

Related papers

• Interoperable Architecture for Digital Identity Delegation for AI Agents with Blockchain Integration [0.0]
  We introduce a unified framework that enables bounded, auditable, and least-privilege delegation across heterogeneous identity ecosystems.<n>The framework includes four key elements: Delegation Grants (DGs), first-class authorization artefacts that encode revocable transfers of authority with enforced scope reduction.<n>It also includes a layered reference architecture that separates trust anchoring, credential and proof validation, policy evaluation, and protocol mediation via a Trust Gateway.
  arXiv  Detail & Related papers  (2026-01-21T13:29:23Z)
• Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
  BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
  arXiv  Detail & Related papers  (2025-12-19T13:01:54Z)
• DIRF: A Framework for Digital Identity Protection and Clone Governance in Agentic AI Systems [2.4147135153416195]
  Digital cloning, sophisticated impersonation, and the unauthorized monetization of identity-related data pose significant threats to the integrity of personal identity.<n>Mitigating these risks requires the development of robust AI-generated content detection systems, enhanced legal frameworks, and ethical guidelines.<n>This paper introduces the Digital Identity Rights Framework (DIRF), a structured security and governance model designed to protect behavioral, biometric, and personality-based digital likeness attributes.
  arXiv  Detail & Related papers  (2025-08-04T02:27:14Z)
• Information-Theoretic Decentralized Secure Aggregation with Collusion Resilience [98.31540557973179]
  We study the problem of decentralized secure aggregation (DSA) from an information-theoretic perspective.<n>We characterize the optimal rate region, which specifies the minimum achievable communication and secret key rates for DSA.<n>Our results establish the fundamental performance limits of DSA, providing insights for the design of provably secure and communication-efficient protocols.
  arXiv  Detail & Related papers  (2025-08-01T12:51:37Z)
• Zero-Trust Foundation Models: A New Paradigm for Secure and Collaborative Artificial Intelligence for Internet of Things [61.43014629640404]
  Zero-Trust Foundation Models (ZTFMs) embed zero-trust security principles into the lifecycle of foundation models (FMs) for Internet of Things (IoT) systems.<n>ZTFMs can enable secure, privacy-preserving AI across distributed, heterogeneous, and potentially adversarial IoT environments.
  arXiv  Detail & Related papers  (2025-05-26T06:44:31Z)
• Proof of Humanity: A Multi-Layer Network Framework for Certifying Human-Originated Content in an AI-Dominated Internet [0.0]
  We propose a conceptual, multi-layer architectural framework that enables telecommunications networks to act as infrastructure level certifiers of human-originated content.<n>We outline how each OSI layer can contribute to this trust fabric using technical primitives such as SIM/eSIM identity, digital signatures, behavior-based MLs, and edge-validated APIs.
  arXiv  Detail & Related papers  (2025-04-02T00:02:51Z)
• Distributed Identity for Zero Trust and Segmented Access Control: A Novel Approach to Securing Network Infrastructure [4.169915659794567]
  This study assesses security improvements achieved when distributed identity is employed with ZTA principle.<n>The study suggests adopting distributed identities can enhance overall security postures by an order of magnitude.<n>The research recommends refining technical standards, expanding the use of distributed identity in practice, and its applications for the contemporary digital security landscape.
  arXiv  Detail & Related papers  (2025-01-14T00:02:02Z)
• ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Combining Decentralized IDentifiers with Proof of Membership to Enable Trust in IoT Networks [44.99833362998488]
  The paper proposes and discusses an alternative (mutual) authentication process for IoT nodes under the same administration domain. The main idea is to combine the Decentralized IDentifier (DID)-based verification of private key ownership with the verification of a proof that the DID belongs to an evolving trusted set.
  arXiv  Detail & Related papers  (2023-10-12T09:33:50Z)
• Networked Communication for Decentralised Agents in Mean-Field Games [59.01527054553122]
  We introduce networked communication to the mean-field game framework.<n>We prove that our architecture has sample guarantees bounded between those of the centralised- and independent-learning cases.<n>We show that our networked approach has significant advantages over both alternatives in terms of robustness to update failures and to changes in population size.
  arXiv  Detail & Related papers  (2023-06-05T10:45:39Z)
• Decentralized Zero-Trust Framework for Digital Twin-based 6G [8.01618424103984]
  The article presents a new framework that integrates the zero-trust architecture in DT-enabled 6G networks. Unlike conventional zero-trust solutions, the proposed framework adapts a decentralized mechanism to ensure the security, privacy and authenticity of both the physical devices and their DT counterparts. The article also discusses current solutions and future outlooks, with challenges and some technology enablers.
  arXiv  Detail & Related papers  (2023-02-06T20:13:19Z)
• Towards a trustful digital world: exploring self-sovereign identity ecosystems [4.266530973611429]
  Self-sovereign identity (SSI) solutions rely on distributed ledger technologies and verifiable credentials. This paper builds on observations gathered in a field study to identify the building blocks, antecedents and possible outcomes of SSI ecosystems.
  arXiv  Detail & Related papers  (2021-05-26T08:56:22Z)
• Federated Generalized Face Presentation Attack Detection [112.27662334648302]
  We propose a Federated Face Presentation Attack Detection (FedPAD) framework. FedPAD takes advantage of rich fPAD information available at different data owners while preserving data privacy. A server learns a global fPAD model by only aggregating domain-invariant parts of the fPAD models from data centers.
  arXiv  Detail & Related papers  (2021-04-14T02:44:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.