A Decentralized Authentication Solution: Metaverse and Bitident

November 12 01:45 2019

Bitident chose Metaverse blockchain as the platform to support its authentication system on the blockchain.

Implemented in MyETPWallet v0.8.0, Bitident protocol enables users to login to compatibles websites or applications in a fully decentralized way, using their Metaverse Avatar.

Bitident protocol makes identification easy to implement for developers looking for a decentralized authentication solution.

How does it work

In order to verify the identity of a user, a request is sent to him or her. The user can then use his Metaverse wallet to sign it and the requester can finally verify that the signature is matching the one of the Avatar.

Bitident published a working demo on their official website. This protocol can be integrated into any website that desires to use Metaverse Avatars in order to login, instead of the classic email/password pair, or as a decentralized 2FA instead of Google Authenticator or other 2FA solutions.

Step by step

First, the user has to specify which Avatar he wants to use in order to login. In that example, I will login using my Avatar ‘metaverse’:

A QR code will be generated: it contains my request, which is valid for 5 minutes.

The next step is to sign the request with the private key of my Avatar. This can be done in the Authentication page of MyETPWallet.

I can then scan the QR code using MyETPWallet app, or copy/paste the request if I’m using my desktop.

The request will be decoded in order to verify its information before signing. The main information are:

  • Source: it is the Avatar who created the request. in that example, the Avatar is ‘bitident’ and the request was signed by him. My wallet has already automatically verified that the request is indeed correctly signed by the Avatar ‘bitident’. If the signature is wrong, an error message will appear.
  • Avatar: the Avatar trying to authenticate, in this case ‘metaverse’. Only this Avatar can sign the request. If I do not own this Avatar, the wallet will notify me that I can’t sign this request.
  • Host: the request will be returned to the host after being signed.
  • Remaining time: remaining time till the request expires.
  • Callback: the full URL where the signed request will be returned.
  • Time of request: when the request was created by the source.
  • Timeout: the host can decide for how long the request is live. In this demo, it expires after 5 minutes (300 seconds).

After verifying the request information, mainly the source and host, you can type your password and sign the request which will be sent back to the callback URL. This step only signs the request using your private key, but never reveals your private key or any other information to the requester. Signing the request is sufficient for the requester to verify that you own the Avatar.

I can now go back to bitident and see that my identification was successful:

In a real use case, this can be used to login to an exchange or any other website using my Avatar as an authentication system.

Using Metaverse Avatars is an easy way to login and a powerful alternative to Google Authenticator. Indeed, anyone can easily prove ownership of an Avatar, and the reputation linked to it, without having to provide any personal information or use a centralized system.

We welcome any project interested in integrating Bitident protocol to get in touch with us if they need support on its integration:

Metaverse

Metaverse is an open-source public blockchain creating a decentralized ecosystem of digitized assets and identities. Through Blockchain as a Service (BaaS), Metaverse provides enterprises and individuals access to customized, convenient, and secure blockchain services.

Twitter: @MVSDNA

Facebook: facebook.com/MVSDNA

Media Contact
Company Name: Metaverse
Contact Person: Media Relations
Email: Send Email
Country: United States
Website: https://mvsdna.com/