Abstract
A considerable number of people worldwide start their second lives in the digital world soon. The 3D Internet reflects the digital world. Metaverse, the most famous example of the 3D Internet, is very popular and practical in people’s daily lives. However, combining Metaverse with newly-emerging technologies (e.g., blockchain) provides new user-friendly features such as autonomy, accessibility, removing central authorities, etc. Despite the mentioned attractive features, blockchain-based metaverses suffer various challenges, such as one user with multiple identities, certificate issuing for users in Metaverse, authentication-related issues, and arresting malicious users. Generally, identity management in a distributed environment where no central authority exists is a challenging issue. This study focuses on the challenge of distributed identity management in Metaverses to strike a balance between users’ privacy and regulation. The study proposes the use of Non-Fungible Tokens (NFTs) as a tool for managing identities in metaverses, as they are considered an excellent choice for this purpose. In addition to explaining the importance of this idea, this paper identifies its challenges, including distributed identity management, authentication issues, and security and privacy aspects. It then proposes possible solutions (e.g., using cryptographic tools). Despite existing challenges, there are many opportunities in the popularization of Metaverse, such as relying on blockchain technology, emerging many Metaverse-related jobs, in-Metaverse investments for huge revenues, and applying digital twins to provide realistic senses. This study also highlights the critical role of artificial intelligence (AI) in metaverses.
Article Highlights
-
People in the the digital world should be managed as in the real world.
-
As with people’s biometrics in the real world, NFTs are unique in the digital world and Metaverse.
-
Every user appears as an NFT-based avatar in the Metaverse to be unique.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
Identity is a traditional and unique item assigned to people for thousands of years. Attributes of people related to their identities have been used for authenticating their claimed validity [1]. In the last two centuries, physical paper-based identity cards proved users’ identities and validations, which should be kept secure by owners.
Computers and the growth of wireless communication increased the concept of digital identity, mainly used for remote connection and authentication, or digital works [2]. After that (in 1992), a new attractive concept emerged named Metaverse [3] (in this paper, known as traditional Metaverse, which was managed fully centralized). The traditional Metaverse simulated the real world, which allowed users to have remote purchases, meet with cooperators or families, and most daily behaviors of people.
In digital communications, assigning a digital string to a user’s real identity in the real world is a way to identify and authenticate their digital identity, thus proving their validity. This string is the same user’s identity card in the digital world, generally called the user’s certificate. As with the real world, it is essential to manage users’ certificates in the digital world [4], for example, issuing certificates for new users, checking expiration times, revoking invalid certificates, etc. However, like the real world, digital identity management suffers various challenges [5, 6]. To solve challenges, central authorities have much access to control, new registration, revocation, and managing users’ identities in traditional networks so that they quickly and easily add/remove users. Though, these wide accesses are not preferred by the users.
In 2008, Satoshi Nakamoto practically implemented blockchain, a technology providing autonomy, as the Bitcoin infrastructure [7]. It should be highlighted that the concept of blockchain emerged much earlier than Bitcoin. For example, it was applied for filtering spam emails [8]. Although blockchain technology has notable features such as transparency, autonomy, open-source, and accessibility, it has some challenges [9]. Although mentioned features can be assumed as opportunities for the blockchain or challenging properties for governments, it is challenging to provide a robust trade-off between security, decentralization, and scalability issue for blockchain technology.
Based on blockchain technology, new types of metaverses emerged [10, 11] (in this paper, we call them modern metaverses, which are managed distributedly). As with public blockchains, users can join by numerous pseudonyms or public addresses to modern metaverses. They can commit fraud and disable their previous identities, which are hard to trace and arrest by government agencies [12, 13]. People believe that managing identity in distributed or blockchain-based systems presents a critical challenge, particularly in modern metaverses, which offer a suitable environment for criminals, as seen in the previous example of fraud.
The regulation of user monitoring and control within each community is a crucial aspect that governments strive to oversee. Presently, modern metaverses lack adequate regulatory frameworks in this regard. To address this gap, this study presents a general concept for managing users’ identities in metaverses, aiming to establish an infrastructure that incorporates this feature into contemporary metaverses. Various existing related works have emerged to manage digital assets and metaverse-based entities within metaverses, with some of them have leveraged NFTs to accomplish their objectives. The following briefly reviews some of these works.
In [14], Ryu et al. have developed a robust system model that ensures secure communication and transparency within metaverse environments. Their proposed model leverages blockchain technology to effectively manage user identification data. Additionally, they have introduced a mutual authentication scheme that utilizes biometric information and Elliptic Curve Cryptography (ECC). This scheme guarantees secure communication between users and platform servers, as well as secure avatar interactions between avatars themselves. By combining these elements, Ryu et al.’s model establishes a reliable framework for maintaining the integrity and privacy of user interactions within metaverse environments. Nadini et al. conducted a comprehensive analysis of NFTs data from the WAX blockchain, focusing specifically on the features of users’ avatars, which serve as their identities within the Metaverse [15]. They constructed a network of interactions that revealed interesting patterns in trading behavior. The analysis demonstrated that traders often specialize in NFTs associated with similar objects, forming tight clusters with other traders who engage in the exchange of the same types of objects. A key aspect of their study involved clustering objects associated with NFTs based on their visual features, ultimately showcasing that collections typically consist of visually homogeneous objects. This work sheds light on the underlying structure of NFT trading and highlights the prevalence of visually coherent collections in the Metaverse. Dong and Wang recognized the profound impact of NFT digital works on the existing copyright system, leading to the necessity of timely amendments and responses [16]. Acknowledging this reality, they conducted an analysis of the key attributes of NFT digital works within the framework of intellectual property law. In addition, they delved into pertinent legal issues and proposed corresponding countermeasures. These included considerations surrounding the exhaustion of rights held by right-holders, the responsibilities of platform management, and the assumption of tort liability arising from transactions involving NFTs. The primary contribution of their study lies in advocating for the cautious utilization of NFT-based artworks within legal systems, facilitating their responsible incorporation in the foreseeable future. Ho and Song conducted a comprehensive examination of the impacts of NFTs on metaverse communities [17]. Their research aimed to enhance understanding by exploring the practical application and theoretical implications of NFT usage within the metaverse. By analyzing the current usage scenarios, their work shed light on the various ways in which NFTs are utilized within metaverse environments. This study contributes to a deeper comprehension of the potential and significance of NFT integration in the metaverse ecosystem.
1.1 Contribution
This study relies on an idea called NFT-based digital identity management. This idea offers to link users’ real identities to NFTs or create a new NFT for each real user in metaverses. The NFT-based digital identity management states the creation of an NFT equal to the user’s real identity and managing the newly-created NFT instead of the user’s identity, in metaverses. Inherent features of NFTs, such as uniqueness, non-fungibility, transparency, and accessibility, are the main reasons for proposing this idea.
To clarify the margins of the mentioned idea, this paper explains the necessity of using NFT as a tool for identity management in digital worlds, especially in metaverses. Discussing the challenges of this idea shows that it is a considerable but challenging idea. However, possible solutions indicate that all obstacles can be solved using cryptographic tools, tricks, and networking concepts. In the following, opportunities are reviewed for using NFTs as management tools indicating that experts in various fields can play notable roles in this regard.
1.2 Organization
The remainder of the paper is organized as follows. Section 2 presents paper preliminaries. The main part of Sect. 2 is the explanation of the system model and describing the workflow of our contribution which is summarized in Fig. 1. As the main section of this paper, Sect. 3 identifies the importance of identity management in the Metaverse, reviews challenges and possible solutions of using NFTs as a management tool in the Metaverse, and presents some opportunities for this idea. Section 4 discusses solutions and tries to propose a general method. Finally, Sect. 5 concludes this paper and guides researchers for future studies.
2 Preliminaries
This section presents the paper’s prerequisites, used components, and their roles in this study. Figure 1 illustrates the relationship and workflow of using the preliminaries presented in the paper’s main idea.
2.1 Identity and Authentication
Identity, as a string assigned/linked to a user, should prove the validity of the user and whatever it claims. Authentication refers to proving the user’s identity or validity [18]. In traditional computer-based user authentication, only a password (what the user knows) was used. In the next evolution of authentication, two-factor and three-factor were applied (what the user is, e.g., biometric, and what the user has, e.g., smart card). In modern authentication methods, AI [19], and machine learning (ML) are also used to identify users (e.g., users’ typing or mouse-moving patterns) [20, 21].
To launch a manageable digital environment, monitoring and controlling existing users are the primary requirements. Therefore, a unique identity and reliable authentication method are necessary to identify valid users and implement the paper’s idea (see Flows 7 to 10 in Fig. 1).
2.2 Blockchain
As an immutable and distributed ledger, blockchain technology records users’ data and cryptocurrencies’ transactions [7, 9]. In the last five years, blockchain has been applied as the infrastructure of distributed systems to record data and execute smart contracts. Modern metaverse is one of these distributed systems providing digital environments similar to the physical ones (for detail, see Sect. 2.4).
This applies blockchain as the metaverse infrastructure and a database responsible for users’ authentication requests (see flows 4, 5, 8, and 9 in Fig. 1).
2.3 Non-fungible Token
Generally, NFTs are unique token-looking strings mainly linked to a valuable thing [22, 23] (e.g., artworks, music albums, or games [24]). The \(ERC-721\) standard (Ethereum Request for Comments), as the most famous, determines conditions for tokens launched in the Ethereum blockchain to be non-fungible (called NFT).
Most NFTs have been established based on this standard. However, developers releasing NFTs on other blockchains should follow standards related to the selected blockchain. Table 1 lists several other famous NFT standards with their hosting blockchain (it is highlighted that BRC-721, BRC-69, SRC-721, DRC-721, SRC-721, LRC-721, etc., as newly-proposed standards, are currently highly discussed on social media).
In this study, NFTs are assumed as tools for identity management in modern metaverses in such a way that they are linked to users’ real identities and play the role of users’ digital identity in the Metaverse (see flows 2 and 3 in Fig. 1).
2.4 Metaverse
Metaverse is a joint digital space that enables users to remotely interact [10, 11]. Modern metaverse, the focus of this study, refers to a virtual three-dimension space where people can join using virtual reality (VR) glasses, smartphones, personal computers, and gaming consoles. In addition to the attractiveness of the metaverse technology, it suffers various challenges [25], such as the existence of many malicious users, the absence of regulation, users with multiple identities, and users’ identity management.
2.5 The Concept of NFT-based Identity Management (system model and work flow)
Figure 1, as the system model of our idea, involves several entities linked together. They are able to send/receive data over public channels. This section describes the concept of our idea which provides identity management in metaverses using NFTs.
2.5.1 Entities and Components
In the following, they and their roles in our system model are defined.
-
Metaverse and virtual entities: Concerning the preceding subsection, the notion of an optimal Metaverse entails the creation of a digital replica of the physical world. Consequently, this specific facet of the proposed system model is referred to as a virtual realm, analogous to the concept of the metaverse, which encompasses digital representations of tangible entities found in the real world, including financial institutions, cinemas, gaming establishments, fashion hubs, and more.
-
Blockchain: As an established component in the realm of technology, the blockchain assumes a crucial role within the proposed system model by serving as an unalterable and transparent database for storing information and facilitating transactions. Its primary function encompasses the handling of all inquiries within the system. Notably, the blockchain allows for universal participation, wherein any individual is capable of submitting data to the network and accessing the entirety of recorded information stored within it.
-
Metaverse owner or government: Typically, the development of a metaverse on a public blockchain involves a multidisciplinary team comprising proficient experts in various domains, including 3D design, computer science, security, marketing, management, economics, and more. While the management of blockchain-based technologies inherently leans towards decentralization, there are instances where this team may collaborate with government entities or regulatory agencies to establish specific access privileges.
These collaborative efforts aim to accommodate the unique requirements and concerns of governing bodies, ensuring compliance with applicable regulations and fostering an environment of responsible usage. By forging partnerships with relevant authorities, the team seeks to strike a balance between decentralized principles and necessary regulatory measures, thereby promoting a harmonious coexistence between the metaverse and the established governance frameworks.
-
User(s): They are participants in metaverses from both the real world and the digital network, who actively engage in these immersive virtual environments and avail themselves of the various virtual services offered within. These individuals can be classified as customers, market owners, service provider owners, or even teenagers seeking to participate in metaverse-based gaming experiences. Each participant assumes distinct roles and objectives within the metaverse, contributing to the overall dynamism and functionality of the virtual ecosystem.
-
NFT generator/issuer service: Within our proposed system model, there exists a comprehensive NFT issuer service, such as Rarible or OpenSea (or others), which serves as a centralized platform for generating and managing NFTs. In compliance with relevant regulatory policies, the NFTs commissioned by the metaverse owner through this designated service attain legal validity exclusively within the corresponding metaverse. As a result, it becomes imperative for each metaverse owner to diligently select the NFT issuer service that aligns with their specific requirements and adheres to the regulatory standards governing their jurisdiction. This proactive determination of the NFT issuer service ensures the lawful and authorized utilization of NFTs within the designated metaverse environment.
2.5.2 Work Flow
As previously mentioned, every Metaverse owner or expert team has the capability to conceive and construct a Metaverse on a public blockchain. This Metaverse encompasses a range of elements such as business models, smart contracts, digital twins, and monitoring entities, all of which are meticulously designed. The interconnections among these entities and components are visually depicted in Fig. 1 through ten numbered arrows. Figure 1 visually captures the intricate relationships and interactions among these entities and components, forming a comprehensive and intelligently designed ecosystem within the Metaverse. In the following, mentioned relations are explained.
-
1.
Every user, who wants to join Metaverse, sends a request to the Metaverse owner with its real identity.
-
2.
By assisting an NFT issuer service, the Metaverse owner generates a digital identity for the user. The digital identity appears as an NFT.
-
3.
The generated digital identity related to the user’s real identity is returned to the metaverse owner by the NFT issuer service.
-
4.
The Metaverse owner submits the received NFT on the public blockchain hosting the launched Metaverse.
-
5.
Blockchain returns the address of the recording acknowledgment (e.g., block number or transaction ID) to the Metaverse owner.
-
6.
The Metaverse owner then sends the user’s sensitive information, involving log-in details and its digital identity as NFT, to the user through a secure channel.
-
7.
To enter the Metaverse, the user sends a log-in request to the Metaverse. This method is a fully digitizing form of authentication method, generally called “something the user has”. In other words, NFT is a digital thing user has, and to use it as its identity, the user should be able to prove its ownership.
It is noted that the detail of the authentication phase is out of this study’s scope; This phase is presented in a generic form, and every NFT-based authentication protocol can be applied in this phase (e.g., [14, 17] and many others).
-
8.
Using blockchain data, the related smart contract authenticates the user.
-
9.
Blockchain says ’the user is valid’ if the related NFT is found on its data; Else, the user is known as an invalid user who does not allowed for access to the Metaverse (the log-in request has been aborted).
-
10.
The user now can enter the Metaverse and use/enjoy the virtual services if its authentication process has been passed successfully.
2.5.3 Further Details
While our suggested system model represents a pioneering approach in this field, it is essential to address certain ambiguities that may arise. The subsequent sections aim to provide clarity on these concerns and uncertainties, ensuring a comprehensive understanding of our proposed model. By addressing these ambiguities and providing comprehensive responses, we aim to foster a clear understanding and build confidence in the viability and potential of our suggested system model within the emerging field of Metaverse technology.
-
The usage of NFTs for authentication: Within the context of NFTs, the central component is the ’Comment,’ which essentially represents a bit-string. This ’Comment’ possesses characteristics of being publicly accessible and immutable, enabling a wide range of information to be encapsulated within it. In the suggested idea put forth in this study, the ’Comment’ is regarded as the user’s authentic identity, containing pertinent associated information. In essence, every minted NFT serves as the user’s digital identity, providing authentication capabilities for their participation in Metaverse applications. Consequently, Metaverse-based services, including smart contracts and entities, can leverage these NFTs to authenticate users effectively.
-
How can embed confidential information in public NFTs? The aforementioned ’Comment’ can also encompass confidential information within its digital string representation. While visually nonsensical and ambiguous, this type of Comment serves as a means for anonymous authentication, among other potential applications. It should be noted that the primary focus of this item is not limited solely to anonymous authentication, but rather highlights the capability of the digital string to accommodate confidential information securely. This feature enables the utilization of the ’Comment’ in a wider range of applications beyond authentication.
-
Why should use NFTs for identity information? Transparency and reliability are paramount objectives in blockchain-based technologies, particularly within the context of Metaverse environments, as emphasized in this study. To achieve these goals, NFTs are deemed an optimal choice for assigning users’ identities. By employing NFTs as digital identities in Metaverse-based environments, a range of benefits is attained, including enhanced transparency, immutability, and verifiable proof of ownership for identity holders. These attributes contribute to a more trustworthy and accountable ecosystem within the Metaverse, fostering greater confidence among users and stakeholders.
3 Challenges and Opportunities of the NFT-based Identity Management in Metaverse
This Section first explains the importance of using NFTs as a tool for identity management in Metaverses. It then reviews the challenges of this idea and presents possible solutions for them. Finally, the opportunities are identified in this Section for NFT-based identity management in Metaverse (Fig. 2).
3.1 The Importance of Applying NFT
In this section, the explanation of the idea of using NFTs as tools for identity management in metaverses will be now described.
3.1.1 Uniqueness
Each human has its unique identity or biometrics. Hence, in the present study, it was tried to find a similarity between humans’ unique attributes (e.g., biometrics) and the uniqueness of NFTs. As mentioned previously (Sect. 2.3 and [22, 23]), NFTs are assumed as immutable and unique strings that are considered in the present study equal to users’ real identities.
3.1.2 Revocation
Assuming NFTs as digital users’ identity cards in metaverses provides features of NFTs for them. If suspicious behavior is observed, one of the features of NFTs is that they become invalid in public [26, 27]. Although no one can remove NFTs from blockchains, worthless and scam NFTs are assumed invalid. Consequently, the created digital identity will be invalid to the public. Although the constructed unique digital identity will continue to exist in the metaverse, its importance is considered revoked and no longer assumed.
3.1.3 Loyalty and Reputation
Loyalty is a parameter for determining the allegiance of the users, and reputation presents the level of validity and a user’s past behavior [28] (both parameters can be assumed as quantitative parameters, e.g., 0 to 10). Therefore, the value of an NFT linked to the user’s real identity can be directly related to the user’s loyalty or reputation. Hence, the value of the NFT increases if the user accumulates a higher reputation. Consequently, NFTs price analysis (only the NFTs assumed as users’ identities, not all) is replaced instead of metaverse monitoring to illustrate the situation of digital communities. The analysis of the average prices of mentioned NFT by data scientists indicates the status of digital communities.
3.1.4 Monitoring
Uniqueness makes monitoring easy since authorities know that each user only has a unique identity. This property is suitable for distributed systems in which there is no centralized administration because any misbehavior is detected and attributed to its source [29]. Therefore, regular network users or groups of authorities (who manage a distributed system) are enabled to monitor users with unique digital identities (NFTs) in metaverses. Additionally, tracking NFTs is more straightforward than managing anonymous users, who may be malicious, with multiple identities.
3.2 Challenges and Possible Solution
This section reviews the most critical challenges that NFT-based identity management suffers; Additionally, possible solutions that can wholly or partially solve the mentioned challenges are offered.
3.2.1 Multiple Metaverse - Multiple Identity
One of the main challenges of metaverses is the conflict between different programming languages in different metaverses so that a generated object in a metaverse is unknown in another one [31, 32]. This challenge can be generalized to creating NFTs that are considered equivalent to users’ real identities in multiple metaverses on different blockchains. As a result, each real user could link numerous valid digital identities to its unique real identity, which is equal to the number of launched metaverses. Unfortunately, this is against to uniqueness of real identity, and each user can be assumed loyal in a certain metaverse and malicious in another one.
The utilization of the same NFT for authentication purposes across multiple metaverses presents a potential increase in linkability risk. This scenario could enable collusion among metaverse providers, enabling them to compile user profiles, leading to unintended consequences. In response to this concern, it should be noted that different metaverses adhere to distinct NFT standards, as outlined in Table 1. Consequently, even if two NFTs possess the same “Comment” attribute, they are inherently dissimilar. These differences encompass various aspects, including standards, headers, mint time, issuer, and more. Consequently, any attempt by a hacker to engage in fraudulent activities by leveraging the same NFT across multiple metaverses would be futile, as the divergences in key attributes would prevent successful manipulation. Indeed, in this perspective sheds light on the fact that even if NFTs appear distinct based on technical attributes such as standards, headers, mint time, issuer, and more, the potential risks arise from the content encapsulated within these NFTs. If these NFTs contain identity information that can be correlated across metaverses, the risk of users’ activities being tracked and collusive behavior remains a valid concern.
The basic solution is to unify metaverse codes or propose a method to allow metaverses to call other codes. In more detail, offering a unique standard focusing on creating NFTs related to users’ real identities and forcing metaverse developers to follow is the best solution. As the metaverse landscape evolves, it is crucial to expand our examination beyond technical disparities and take a holistic view of identity management and associated risks. By acknowledging the referee’s insightful observation and considering their suggestions, researchers and practitioners can work towards devising comprehensive solutions that address privacy, security, and user experience concerns in the context of multi-metaverse interactions.
It is highlighted that the suggested solution is one of the general challenges in blockchain-based systems, especially in Metaverse environments. Providing a unified code for multiple blockchains or metaverses will be known as a revolution in this field and transforms these types of technologies.
3.2.2 Key Management and Certificate
Even centralized systems suffer key and certificate management problems (e.g., issue, revoke, revival, security, expire, etc.) [33]. When no individual authority exists in a distributed system and many users are registered, this issue becomes more critical. This challenge’s importance is the need for management, otherwise, everyone can generate numerous public and private key pairs, for example, in the Bitcoin community. However, this study reviews the identity management challenges in somewhere that expect to be safe and provide orderly organization.
Using certificateless systems is a conventional method that solves most certificate problems [34]. However, designing these schemes in distributed systems can solve the above problems. Based on this solution, it is suggested to create NFTs as users’ digital identities, using users’ real identities and their certificateless public keys. This solution provides security against curious or malicious insiders and solves certificate problems.
3.2.3 Decentralized Management
Decentralized and mainly distributed systems suffer distribution challenges such as delay, consensus, responsibility, and security. Blockchain-based systems are no exception to mentioned challenges [30]. Identity management in metaverses is also a challenging issue where no central authority exists, and group consensus/decisions require the trust of the majority, in addition to delay and scalability issues.
Threshold schemes are generally suggested for groups of members that cannot be presented partially, and a threshold number of them handle the process [35]. Designs using threshold schemes (e.g., encryption, signature, secret sharing) are suitable for applying in distributed systems, and managing metaverses, for example. Accordingly, these schemes should be used in metaverses with owners’ duties assigned to groups of authority. As a result, a group of leaders manages users’ digital identities in metaverses to provide distributed management and reliability.
3.2.4 Authentication and User Privacy
As with all identity management systems, user authentication methods and verifying users’ validity are essential. Nevertheless, in infrastructures that welcome a considerable number of users, the need for users’ privacy is requested. In general, it is recommended to use anonymous authentication protocols [18]. Although centralized systems have mainly addressed this challenge, it still persists in distributed systems with no central authority, where identity management is of great concern.
Based on the idea of assuming users’ digital identities as NFTs, the proof of NFTs’ ownership is equal to users’ authentication. Additionally, to support anonymous authentication and users’ privacy simultaneously, zero-knowledge protocols can provide much assistance in this regard. By applying these protocols, users prove their validity without revealing details of NFTs (without revealing bits of knowledge about their identities).
3.2.5 Malicious Insiders and Users
Connecting users expect to be safe in which no one abuses their information. Various cryptographic tools and protocols provide privacy-preserving in such a way that no insider or outsider can obtain users’ sensitive information [5, 36]. However, specializing them to be worked in metaverses to satisfy identity management’s policies is still open.
Some mentioned solutions, such as certificateless and threshold schemes [34, 35], are suitable to provide security against malicious insiders. However, to present methods for protection against both privileged insiders and regular users, it is needed to combine mentioned schemes with protocols providing conditional privacy for blockchain-based systems [37]. Therefore, applying a threshold scheme supporting conditional privacy is an excellent way to solve this challenge.
3.2.6 Trust
Joining each virtual system taking users’ information (e.g., real identities or maybe their sensitive information) requires ensuring the existence of trusted authorities. Users who join these systems expect that the system supports safety and reliability where perhaps malicious insiders exist [37, 38]. Similarly, users’ trust management is vital in using NFTs as identity management tools in which users have to register on metaverses using their real identities.
In the conclusion of this subsection, it can be said that attracting trust and reliability are the primary communications requirements. These items are more considerable when users face a newly-emerged infrastructure or environment such as modern metaverses. Manageable (regulation-supported) modern metaverses, which have been reviewed in this study, are similar to centralized metaverses. However, by implementing the suggested solutions, the desired balance between regulation and users’ privacy-preserving to attract users’ trust will be provided.
3.3 Opportunities
Against to mentioned challenges of using NFTs as a tool for identity management in the Metaverse, this paper believes that this idea provides various opportunities in this field for experts and the public. This section identifies some of their mains as below.
3.3.1 New Jobs
As with most fields of computer science, providing security in computer networks is a vital duty, and security officers play critical roles. Therefore, in addition to numerous newly-emerged jobs related to this study’s main idea [39, 40], cybersecurity is one of the prominent positions in this regard. Other jobs raised based on this idea are i) New field in NFTs to create unique digital identities based on users’ real identity, ii) Proxy as a user (PaaU) to do user’s works in metaverses by proxy user identity created based on the user’s identity and the proxy user’s identity, iii) Creating virtual real estate agencies to prepare documents based on users’ digital identities, iv) Releasing certificates issuing centers for creating users’ certificates based on NFTs, and v) Metaverse-atop digital ticket issuing based on users’ digital identities or NFTs.
3.3.2 Investment
The leading investment in this field is projects providing NFT-based identity, or in a clarified statement, projects relying on this paper’s main idea. Manager or staff training for handling these projects is another way for investing to earn.
3.3.3 Development
Developers are not left out of this idea in which they can develop and support software. Two examples of software assisting this idea, which should be launched by developers are identity (NFT)-based software working on metaverses and customer relationship management (CRM) software for metaverse-based markets working based on NFT.
3.3.4 Digital Twins
Digital twins [41], as highly-accurate simulations of physical things, play prominent roles in virtual worlds. The existence of digital twins in metaverses [25] assists in providing more natural senses in metaverses. However, their provable ownership right is an essential issue, which could be supported using NFTs. Therefore, assigning unique identities to physical things to create their related NFTs is an opportunity for developers and an advantage for industry owners to prove their product ownership rights.
3.3.5 Advertising
Advertising based on the history of users’ purchases and activities is a well-known issue in marketing and advertising for data scientists. Therefore, by having users’ unique identities in metaverses and monitoring them, data scientists can select the best ways for virtual companies’ advertisements to achieve the highest efficiency.
4 Discussion
According to the mentioned main idea, its challenges, proposed solutions, and identified opportunities, this section presents the final discussion of this paper and concludes the proposed solutions.
Blockchain and modern metaverses are newly-emerged technologies, mainly in the first or second evolutions. Therefore, it is obvious to have numerous main and marginal challenges and weaknesses. Concepts launched based on these technologies, such as NFTs, virtual cities [42], and other services,also suffer the same drawbacks. The challenges of applying NFTs as tools for identity management in metaverses, as mentioned earlier in Sect. 3.2, are mainly reduced to blockchain and metaverse challenges.
As a result, the improvements of basics get much assistance to the growth of outsider layers and applications. Therefore, it is anticipated that applying NFTs as proof of users’ digital identities will be the most popular idea for managing users in future metaverses. The next generations of blockchains and metaverses, empowered by AI [19], is accelerating the evolution of this idea to be more popular.
As a general solution for most challenges, this study believes that applying the robust idea named “Certificateless threshold secret sharing” suggested in [29] is the best choice. The use of advanced cryptographic tools is suggested as a means to strike a balance between preserving privacy and enabling regulation. This approach allows users to maintain their privacy while also facilitating monitoring by governments or privileged insiders.
5 Conclusion
This study presented a significant and cutting-edge proposition for managing identities within modern metaverses. The central idea revolved around utilizing NFTs as a means of identity management, as it offers a more streamlined approach compared to handling anonymous users with multiple identities. NFTs are uniquely suited for assigning to individual users’ real identities, providing a robust solution for identity management in metaverse environments. The study further examined the main challenges associated with this idea and proposed potential solutions to address them effectively. Additionally, the research identifies and discusses compelling new opportunities that have emerged in light of this approach, offering a comprehensive solution for managing identities within modern metaverses.
Future directions: Solutions described in Sect. 3.2 are a good guideline for researchers and academics to carry out their basic and academic works. For example, proposing a method for unifying metaverse programming is an open problem, and presenting a secure fully-distributed key generation protocol solves numerous challenges in this field. On the other hand, Sect. 3.3 attracts developers, investments, traders, and industry owners who can invest in the mentioned fields.
Availability of data and materials.
The data that support the findings of this study are available from the corresponding author upon reasonable request.
References
Burrows Michael, Abadi Martin, Needham Roger (1990) A logic of authentication. ACM Trans Comput Syst (TOCS) 8(1):18–36
Abelson, Hal, Lessig, Lawrence, Covell, Paul, Gordon, Steve, Hochberger, Alex, Kovacs, James (1998) Digital identity in cyberspace. White Paper Submitted for 6.805/Law of Cyberspace: Social Protocols
Kemp, Jeremy, Livingstone, Daniel (2006) Putting a Second Life “metaverse” skin on learning management systems. In Proceedings of the Second Life education workshop at the Second Life community convention, vol. 20. CA, San Francisco: The University of Paisley
Ellemers Naomi (1993) The influence of socio-structural variables on identity management strategies. Eur Rev Soc Psychol 4(1):27–57
Ouaddah, Aafaf, Elkalam, Anas Abou, Ouahman, Abdellah Ait (2017) Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In Europe and MENA cooperation advances in information and communication technologies, pp. 523-533. Springer International Publishing
Dhamija Rachna, Dusseault Lisa (2008) The seven flaws of identity management: usability and security challenges. IEEE Secur Priv 6(2):24–29
Nakamoto, Satoshi (2008) Bitcoin: a peer-to-peer electronic cash system. Decentralized business review: 21260
Deng Weichu, Huang Teng, Wang Haiyang (2022) A review of the key technology in a blockchain building decentralized trust platform. Mathematics 11(1):101
Zheng Zibin, Xie Shaoan, Dai Hong-Ning, Chen Xiangping, Wang Huaimin (2018) Blockchain challenges and opportunities: a survey. Int J Web Grid serv 14(4):352–375
Ryskeldiev, Bektur, Ochiai, Yoichi, Cohen, Michael, Herder, Jens (2018) Distributed metaverse: creating decentralized blockchain-based model for peer-to-peer sharing of virtual spaces for mixed reality applications. In Proceedings of the 9th augmented human international conference, pp. 1-3
Duan, Haihan, Li, Jiaye, Fan, Sizheng, Lin, Zhonghao, Wu, Xiao, Cai, Wei (2021) Metaverse for social good: A university campus prototype. In Proceedings of the 29th ACM international conference on multimedia, pp. 153-161
Liu Yang, He Debiao, Obaidat Mohammad S, Kumar Neeraj, Khan Muhammad Khurram, Choo Kim-Kwang Raymond (2020) Blockchain-based identity management systems: a review. J Netw Comput Appl 166:102731
Yuntao Wang, Zhou Su, Ning Zhang, Rui Xing, Dongxiao Liu, Luan Tom H, Shen Xuemin (2022) Fundamentals, security, and privacy. IEEE Commun Surv Tutori Surv Metaverse. https://doi.org/10.1109/COMST.2022.3202047
Ryu Jongseok, Son Seunghwan, Lee Joonyoung, Park Yohan, Park Youngho (2022) Design of secure mutual authentication scheme for metaverse environments using blockchain. IEEE Access 10:98944–98958
Nadini Matthieu, Alessandretti Laura, Di Giacinto Flavio, Martino Mauro, Aiello Luca Maria, Baronchelli Andrea (2021) Mapping the NFT revolution: market trends, trade networks, and visual features. Sci Rep 11(1):20902
Dong Yupeng, Wang Chunhui (2023) Copyright protection on NFT digital works in the Metaverse. Secu Saf 2:2023013
Ho, Ree Chan, Song, Bee Lian (2023) User Acceptance Towards Non-Fungible Token (NFT) as the FinTech for Investment Management in the Metaverse. In Strategies and Opportunities for Technology in the Metaverse World, pp. 59-77. IGI Global
Ryu Jongseok, Son Seunghwan, Lee Joonyoung, Park Yohan, Park Youngho (2022) Design of secure mutual authentication scheme for metaverse environments using blockchain. IEEE Access 10:98944–98958
Haque AKM Bahalul, Islam AKM Najmul, Mikalef Patrick (2023) Explainable artificial intelligence (XAI) from a user perspective: a synthesis of prior literature and problematizing avenues for future research. Technol Forecast Soc Change 186:122120
Liang Yunji, Samtani Sagar, Guo Bin, Zhiwen Yu (2020) Behavioral biometrics for continuous authentication in the internet-of-things era: an artificial intelligence perspective. IEEE Internet Things J 7(9):9128–9143
Fu, Shen, Qin, Dong, Amariucai, George, Qiao, Daji, Guan, Yong, Smiley, Ann (2022) Artificial Intelligence Meets Kinesthetic Intelligence: Mouse-based User Authentication based on Hybrid Human-Machine Learning. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 1034-1048
Mofokeng N, Fatima T (2018) Future tourism trends: utilizing non-fungible tokens to aid wildlife conservation. Afr J Hosp Tour Leis 7(4):1–20
Dowling Michael (2022) Is non-fungible token pricing driven by cryptocurrencies? Financ Res Lett 44:102097
Far Saeed Banaeian, Bamakan Seyed Mojtaba Hosseini, Qiang Qu, Jiang Qingshan (2022) A review of Non-fungible Tokens Applications in the Real-world and Metaverse. Procedia Comput Sci 214:755–762
Far Saeed Banaeian, Rad Azadeh Imani (2022) Applying digital twins in metaverse: User interface, security and privacy challenges. J Metaverse 2(1):8–16
Mackenzie Simon, Bērziņa Diāna (2022) NFTs: digital things and their criminal lives. Crime, Media, Culture 18(4):527–542
Hetler, Amanda (2022) 8 ways to avoid NFT scams. TechTarget: [online] Available at https://www.techtarget.com/whatis/feature/8-ways-to-avoid-NFT-scams
Tayal, Swati, Rajagopal, Kannan, Mahajan, Vaishali (2022) Virtual reality based metaverse of gamification. In 2022 6th International Conference on Computing Methodologies and Communication (ICCMC), pp. 1597-1604. IEEE
Far Saeed Banaeian, Bamakan Seyed Mojtaba Hosseini (2022) Blockchain-based reporting protocols as a collective monitoring mechanism in DAOs. Data Sci Manag 5(1):11–12
Monrat Ahmed Afif, Schelén Olov, Andersson Karl (2019) A survey of blockchain from the perspectives of applications, challenges, and opportunities. IEEE Access 7:117134–117151
Harris, Richard (2022) Top metaverse challenges. App DEVELOPER Magazine: [online] Available at https://appdevelopermagazine.com/top-metaverse-challenges/
Adam, John (2023) Which Programming Languages Are Being Used To Code The Metaverse?. K & C: [online] Available at https://kruschecompany.com/programming-languages-metaverse/
Bammer Gabriele (2008) Enhancing research collaborations: three key management challenges. Res Policy 37(5):875–887
Al-Riyami Sattam S, Paterson Kenneth G (2003) Certificateless public key cryptography. In Asiacrypt 2894:452–473
Yu Keping, Tan Liang, Yang Caixia, Choo Kim-Kwang Raymond, Bashir Ali Kashif, Rodrigues Joel JPC, Sato Takuro (2021) A blockchain-based shamir’s threshold cryptography scheme for data protection in industrial internet of things settings. IEEE Internet Things J 9(11):8154–8167
Falchuk Ben, Loeb Shoshana, Neff Ralph (2018) The social metaverse: battle for privacy. IEEE Technol Soc Mag 37(2):52–61
Xingchen Liu, Haiping Huang Fu, Xiao Ziyang Ma (2019) A blockchain-based trust management with conditional privacy-preserving announcement scheme for VANETs. IEEE Internet Things J 7(5):4101–4112
Li Wenjuan, Jiyi Wu, Cao Jian, Chen Nan, Zhang Qifei, Buyya Rajkumar (2021) Blockchain-based trust management in cloud computing systems: a taxonomy, review and future directions. J Cloud Comput 10(1):1–34
Momtaz Paul P (2022) Some very simple economics of web3 and the metaverse. FinTech 1(3):225–234
Far Saeed Banaeian, Rad Azadeh Imani, Rajabzadeh Assar Maryam (2023) Blockchain and its derived technologies shape the future generation of digital businesses: a focus on decentralized finance and the Metaverse. Data Sci Manag 6:183–197
Tao Fei, Qi Qinglin (2019) Make more digital twins. Nature 573(7775):490–491
Haque AKM Bahalul, Bhushan Bharat, Dhiman Gaurav (2022) Conceptualizing smart city applications: requirements, architecture, security issues, and emerging trends. Expert Syst 39(5):e12753
Acknowledgements
We as authors appreciate anonymous reviewers for their insightful comments to improve this work.
Funding
The authors received no financial support for the research and/or authorship of this article.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethical Approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Conflict of interest
The authors declare that they have no conflict of interest in the publication of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Banaeian Far, S., Hosseini Bamakan, S. NFT-based identity management in metaverses: challenges and opportunities. SN Appl. Sci. 5, 260 (2023). https://doi.org/10.1007/s42452-023-05487-5
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s42452-023-05487-5