Guest post: Andre Boysen, Chief Identity Officer, SecureKey Technologies
Identity has never been easy, but it’s particularly tricky in the digital age. For too long we’ve been forced to use outdated processes to prove who we are when we’re trying to get things done. It shouldn’t take a half-day off work and a trip to a government office to renew a passport, or an entire evening to update a smartphone plan, yet we’re being forced to do so because companies need controls to prove we are who we say we are and the gold standard for doing this today is a counter visit.
Thanks to blockchain, that’s changing. Distributed ledger technology is giving us the opportunity to do what we haven’t been able to do so far – prove with greater certainty that you are you, to immediately access the services you want online, in person or on the phone. Utilizing this approach, we can develop a digital identity and attribute sharing network designed to allow consumers to use digital credentials they already have with organizations they already trust (like their banks), and verify their identity quickly to access services from trusted institutions (like telcos, government services, even sharing economy companies) instantly and with certainty. No more need to create another username and password combination that will be easily forgotten, or dedicate hours on end to perform a simple task, like updating a driver’s license, setting up a new phone or checking your credit score.
SecureKey changed consumer single-sign-on for the better when we introduced the concept of triple-blind authentication with SecureKey Concierge. The simple idea was that using a single credential could actually increase privacy, because none of the transaction participants got a complete picture of the user’s transaction. The bank does not see your online destination, the government does not see which bank you used or your account details and SecureKey does not know who you are. The challenge for us when we moved beyond accessing services to registering for new ones was how to implement the triple-blind model for identity information.
While it was technically possible to do this with public key infrastructure (PKI), there were some difficulties. For example, if the receiver had to check the signature on the data for verification, the blinding broke. A possible solution to this was the introduction of a key exchange that effectively blinded the receiver. However, this created a fourth factor in the transaction system, which increased complexity and made it much harder to trace a transaction in the event of a compromised account.
Enter blockchain. The advent of this technology adds some key capabilities and allows us to solve our service registration challenges. Among its many benefits, blockchain allows us to implement triple-blind attributes, data signing for service integrity and resiliency to mitigate against a single point of failure.
The benefit goes beyond the individual citizen to the businesses they choose to use. In an age where everything is hackable and millions of customer records are stolen or dumped online every month, organizations are realizing that one of their most toxic assets can often be customer records. Organizations that can confidently verify the identity of their customers quickly without the need to store that customer’s data on their own networks experience a twofold benefit: not only is there a real world cost savings for their IT infrastructure, but there is also a massively reduced risk of being financially accountable in the event that bad actors attempt to steal their customer data, namely because the data never needs to reside on their servers in the first place. This greatly reduces the risk of customer data becoming toxic and negatively impacting a company following a breach or leak – something we’re seeing become much more frequent each and every month.
We’re still in the early days of blockchain, but through communities like Hyperledger Fabric, hosted by The Linux Foundation, we’re seeing how its applicability can be endless. From currency to identity and further afield, blockchain is moving quickly beyond the buzzword stage and becoming critical to the evolution of services in the digital age. There is a lot of blockchain hype to be sure, but for identity blockchain is going to be really helpful.