An offline mobile access control system based on self-sovereign identity standards

Abstract

Self-sovereign identity (SSI) is a new paradigm to digital identity management that is built on decentralized technologies and can exist without centralized third-parties for managing the identity data. Within the SSI model, a digital identity wallet enables a user to establish relationships and interact with third parties in a secure and trusted manner. At present, the existing SSI solutions rely on the Internet connection for carrying out the necessary operations such as messaging and credential verification. However, there are many places the Internet may not be accessible and other means for communication is needed. The objective of this paper is to design a proof-of-concept that would allow for secure, trustworthy, and decentralized peer-to-peer communication without the need for any external networking infrastructure. For this, we investigate a particular case involving DIDComm and Bluetooth Low Energy (BLE). We identify requirements for the architecture and propose an architectural framework that allows two entities to securely communicate and exchange verifiable credentials. Furthermore, we look at a specific use case, namely, how offline access control can be enabled within SSI between two mobile devices. We present and evaluate the implementation of offline access control system based on the proposed architecture. Through this research, and experimentation we can conclude that this approach has the potential to enable a wide range of interesting use cases and can be integrated into existing digital identity wallet solutions to extend the capabilities of offline messaging in a secure and decentralized manner that goes beyond the current models that rely on the Internet connectivity.