Today digital identity is typically managed at enterprise or application level. What that means is that when you sign up for a service or get hired by a company, your digital identity is created for you, and it is stored at a centralized database owned by a service provider. To access service or corporate resources, we have to prove our digital identity by presenting username / password combination.
These central credential stores become honeypots for attackers, who target these databases with persistence and advanced tools in order to steal our personal information and monetize it by committing identity fraud or selling it on a dark web. At the same time centralized model is not desirable for service providers - credentials get compromised and lead to costly cyber breaches, or they simply get forgotten which leads to password resets and costly support calls.
We architected idemeum to be different. When users install and set up idemeum mobile app, they are effectively creating a digital identity on a mobile device that they can then present to a service provider (company or application). All personal information that is used to set up idemeum (email address, phone number, or driver's license) are securely stored on a mobile device only.
When you create your idemeum on a mobile device, you are assigned a Decentralized Identifier (DID) that uniquely represents your digital identity among others. You DID is a globally unique persistent identifier that does not require a centralized registration authority because it is generated and registered cryptographically.
idemeum also generates an asymmetric cryptographic key pair that will be unique for your digital identity. Also known as public-key cryptography this style of cryptography uses a public key to encrypt data that can only be decrypted with a paired private key. Public key, which can be known to public, is stored in idemeum backend and is associated with your DID. Private key, which must be kept secret, is safely stored on your mobile device and is protected by hardware based security.
idemeum uses asymmetric cryptography to authenticate your identity. When you log in to an online resource, idemeum backend sends your app a challenge with the request to sign it with your private key. By scanning your biometric with idemeum app you automatically unlock your private key, sign the requested challenge, and send it back to our backend. This way we can always know that you are who you claim to be.
No passwords needed - instead we leverage the power of asymmetric cryptography and biometric based authentication.