The current approach to digital identity management is unsustainable. It’s become necessary to move away from intermediary and provider-controlled models toward user-controlled digital identity. Last week, challenges to this undertaking, along with potential solutions, were discussed at K(NO)W Identity Conference in Washington, DC. These are my top five takeaways.
1. Identity is a critical element of any business transaction or social interaction.
Your identity is essential because it tells people who you are. When you buy something online, your payment card is linked to funds as well as identifying information that the business can verify. When you apply for a loan to buy a house or a car, the bank must ensure you will be able to pay it off. When you meet someone new, you have to make sure they are who they say they are before you reveal anything too personal. Participants in both social and business networks must know who they are dealing with. If they don’t, it’s difficult to guarantee a transaction will be completed according to the terms that have been set.
Most institutions have KYC (know your customer) requirements for identifying and verifying the identity of anyone they interact with. However, an individual’s identity is not defined by a single attribute such as a name, user ID or address. Various attributes, including work, financial and social history, are used to define a person. Figuring out how to manage these attributes in the digital age is a formidable task.
2. Digital identity fraud and personal data theft are primary challenges for both individuals and businesses.
Identity-related crimes can have far-reaching legal, monetary and emotional consequences. Every day, sham businesses deceive consumers out of their hard-earned cash while fraudsters hijack payment card details and accounts. Both individuals and businesses are at risk of becoming victims. With every data breach that hits the news, it becomes clearer how easily personal information can be fabricated, misrepresented or stolen.
To combat the rise of identity fraud and theft, companies of all sizes are being required to implement measures to comply with federal privacy laws to safeguard non-public information about customers, patients, clients and employees. However, traditional methods of protecting identity are quickly becoming ineffective. Lost revenue and having to pay penalties for non-compliance are powerful incentives to finding a new approach.
3. Decentralized identity can be better managed with blockchain, a distributed ledger technology.
By default, identity is decentralized: individuals must give their personal information to various companies and government entities to interact with them, but then they have little to no control over how that data is used. Thus, it’s critical to establish trust among users, identity providers and relaying parties. With blockchain, all participants can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to engage in transactions. An individual can also control access to personal data, while presenting a single, cohesive view of his or her identity to those that need to know it.
4. Permissioned blockchain can deliver the capabilities needed to meet the security, privacy and consent requirements of identity management systems.
A permissioned blockchain framework such as The Linux Foundation’s Hyperledger Fabric — one of the open-source community projects maintained by The Linux Foundation’s Hyperledger — has the following features:
A shared, immutable ledger with one version of the truth.
Smart contracts ensure verifiable and signed business logic is executed in each transaction.
Known participants verify transactions and ensure records are valid.
Privacy and security measures grant access only to permissioned parties.
With open, interoperable platforms, identity can be verified in a more robust manner. To learn more about building trusted identity networks on blockchain, read this report from the IBM Institute for Business Value.
5. Established as well as emerging technology vendors are innovating around identity management with blockchain.
In Canada, SecureKey Technologies is working with IBM to enable a new digital identity and attribute sharing network using IBM Blockchain service and built on Hyperledger Fabric. The benefits of such a network are twofold: network members can control what identifying information they share, while organizations can efficiently validate the customer’s identity and arrange new services.
The internet has facilitated new ways of interaction and communication, but it has also increased our vulnerability to fraud. Individuals and businesses are looking to blockchain to protect and manage identities in the digital age.
If you missed these sessions, be sure to check out the replays here:
As a utility economic developer, I’m the last person you might suspect to be leading the blockchain charge in Oklahoma and western Arkansas. However, after more than 24 years in the utility industry, it’s exactly where I find myself, organizing the first Blockchain for Business in Oklahoma conference. I couldn’t be more excited about this […]
Midwest universities have been playing an integral role in technology since the development of the modern internet and the browser wars. This paradigm has not waivered with the emergence of blockchain technology. Despite the downturn in market prices of top cryptocurrencies, the interest continues to grow amongst the academic communities, led in large part by […]
Whether you are a startup or a large enterprise, IBM Blockchain Garage Services can help you navigate your blockchain journey, find the very best blockchain use cases, build a minimal viable product (MVP) with the speed of a startup, then deploy and scale in production like an enterprise. We use the proven IBM Garage Method, […]