The current approach to digital identity management is unsustainable. It’s become necessary to move away from intermediary and provider-controlled models toward user-controlled digital identity. Last week, challenges to this undertaking, along with potential solutions, were discussed at K(NO)W Identity Conference in Washington, DC. These are my top five takeaways.
1. Identity is a critical element of any business transaction or social interaction.
Your identity is essential because it tells people who you are. When you buy something online, your payment card is linked to funds as well as identifying information that the business can verify. When you apply for a loan to buy a house or a car, the bank must ensure you will be able to pay it off. When you meet someone new, you have to make sure they are who they say they are before you reveal anything too personal. Participants in both social and business networks must know who they are dealing with. If they don’t, it’s difficult to guarantee a transaction will be completed according to the terms that have been set.
Most institutions have KYC (know your customer) requirements for identifying and verifying the identity of anyone they interact with. However, an individual’s identity is not defined by a single attribute such as a name, user ID or address. Various attributes, including work, financial and social history, are used to define a person. Figuring out how to manage these attributes in the digital age is a formidable task.
2. Digital identity fraud and personal data theft are primary challenges for both individuals and businesses.
Identity-related crimes can have far-reaching legal, monetary and emotional consequences. Every day, sham businesses deceive consumers out of their hard-earned cash while fraudsters hijack payment card details and accounts. Both individuals and businesses are at risk of becoming victims. With every data breach that hits the news, it becomes clearer how easily personal information can be fabricated, misrepresented or stolen.
To combat the rise of identity fraud and theft, companies of all sizes are being required to implement measures to comply with federal privacy laws to safeguard non-public information about customers, patients, clients and employees. However, traditional methods of protecting identity are quickly becoming ineffective. Lost revenue and having to pay penalties for non-compliance are powerful incentives to finding a new approach.
3. Decentralized identity can be better managed with blockchain, a distributed ledger technology.
By default, identity is decentralized: individuals must give their personal information to various companies and government entities to interact with them, but then they have little to no control over how that data is used. Thus, it’s critical to establish trust among users, identity providers and relaying parties. With blockchain, all participants can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to engage in transactions. An individual can also control access to personal data, while presenting a single, cohesive view of his or her identity to those that need to know it.
4. Permissioned blockchain can deliver the capabilities needed to meet the security, privacy and consent requirements of identity management systems.
A permissioned blockchain framework such as The Linux Foundation’s Hyperledger Fabric — one of the open-source community projects maintained by The Linux Foundation’s Hyperledger — has the following features:
A shared, immutable ledger with one version of the truth.
Smart contracts ensure verifiable and signed business logic is executed in each transaction.
Known participants verify transactions and ensure records are valid.
Privacy and security measures grant access only to permissioned parties.
With open, interoperable platforms, identity can be verified in a more robust manner. To learn more about building trusted identity networks on blockchain, read this report from the IBM Institute for Business Value.
5. Established as well as emerging technology vendors are innovating around identity management with blockchain.
In Canada, SecureKey Technologies is working with IBM to enable a new digital identity and attribute sharing network using IBM Blockchain service and built on Hyperledger Fabric. The benefits of such a network are twofold: network members can control what identifying information they share, while organizations can efficiently validate the customer’s identity and arrange new services.
The internet has facilitated new ways of interaction and communication, but it has also increased our vulnerability to fraud. Individuals and businesses are looking to blockchain to protect and manage identities in the digital age.
If you missed these sessions, be sure to check out the replays here:
Hello, and welcome to our special Think 2021 edition of Blockchain News You Can Use. This issue focuses on the blockchain sessions at Think 2021 and some of our special guests. Mark your calendar for May 11 (Americas) and May 12 (APAC, Japan and EMEA) and: Register for Think Sign up for Think 2021 emails […]
The insurance industry at its core is built on the legal promise to pay a compensation in case of a loss. Trust is at the core of this promise. However, the level of trust consumers have on their insurance provider is average. The IBM Institute for Business Value (IBV) surveyed 1,100 business insurance executives in 34 countries […]
Technology innovations like IoT, autonomous systems and mobile solutions invariably bring with them increased risks and security threats. Today’s news cycle features a constant stream of stories on hackers commandeering household nanny-cams, smart thermostats and video-enabled doorbells. The expansion of the Internet of Things has dramatically increased the attack surface. As the number of connected […]