Flexible and Scalable Decentralized Identity Management for Industrial Internet of Things

We present FlexDID, a decentralized identity management system with flexible credential presentation and efficient revocation. FlexDID allows identity holders to perform both vertical disclosure and horizontal disclosure. Vertical disclosure allows an identity holder to derive a credential to prove only a subset of all attributes it holds. Meanwhile, horizontal disclosure allows multiple identity holders with the same attributes to aggregate their credentials for fast verification. We also introduce a three-layer architecture. Besides the roles of identity holders and issuers in conventional identity management systems, we introduce a layer of secondary brokers. The secondary brokers can be viewed as delegates for identity holders to perform flexible disclosure. Together with our system optimizations, such as batch verification, FlexDID is able to manage the credentials for a large number of identity holders, making it a perfect fit for applications, such as the Industrial Internet of Things. Our evaluation shows all the operations of FlexDID can complete in millisecond level and the most computationally extensive operation has a latency of up to 34% lower compared to existing identity management systems.