Blockchain has many use-cases today, and one of them is identity management. Today, there have been many measures to improve identity management, but most of them haven’t been able to live up to the mark.
However, with blockchain, there would be self-sovereign identities where people could manage their identity effectively. Before we go into identity management on the blockchain, let’s look at what blockchain technology is and how it works.
You can navigate to our in-depth guide to understand all about blockchain technology.
What is Blockchain?
Blockchain is commonly referred to as a Distributed Ledger Technology (DLT) – the technology behind decentralized databases offers control of data transmission through a P2P network, using consensus algorithms.
For more simplicity: Imagine a book where everyone can easily access everything written on it forever without paying a dime. It can also be cross-referenced with other books to check if everything is written in the book.
Why Blockchain Was Created?
Blockchain was created to ensure a decentralized system where digital assets or money can be sent directly to another user without the need for a central body to control the transaction. Such central entities include banks.
Blockchain started with Bitcoin, and its creator – Satoshi Nakamoto, ensured that people involved in the financial system trust themselves and that digital money couldn’t be copied, doubled, or even tripled.
Furthermore, we can also say that blockchain was made for the “Unbanked” – people who don’t have the means of collecting money. Blockchain is not owned by any country, state, or government.
What is Identity?
Personal identity is one of the fundamental human rights today. Your identity includes your name, date of birth, age, state of origin, nationality, passport number, SSN, and so on.
Your identity is what makes you, and without a valid form of identity, you might not be able to register for essential services, create a bank account, get employed, etc. This is one reason why you need to control your identity and ensure it is secure.
However, there is a big issue when it comes to identity management, and that is the fact that essential details of personal identity are stored in a central server. Details like SSN, passport number are stored in a central database, and they can be easily accessed and tampered with, resulting in identity theft.
Many industries suffer from inadequate identity management systems:
- Banking: Most banking systems and apps need login details to access, which exposes the identity of banking users.
- Education: More than 200,000 fake academic certificates are issued every year in the United States alone. Hence, it is difficult to ascertain the authenticity of these certificates, leading to hiring unqualified professionals.
- Healthcare: Almost 50% of the world’s population have little or no access to quality healthcare. The lack of interactiveness between healthcare bodies has resulted in delivering low services in the healthcare sector.
- Government: The absence of interoperability in government parastatals and levels have also resulted in excess bureaucracy.
- Business sector: Many business companies require clients to store their data in their database. This is a liability to the company as personal breaches may result in huge penalties due to GDPR infringement.
What is Self-Sovereign Identity?
Self-sovereign identity is the phenomenon that an individual has the sole rights and ownership of his/her own identity, body, and life. It is essential to know that blockchain has made self-sovereign identity possible.
Due to blockchain technology can solve these issues affecting the cryptocurrency space: The problem concerning replicating digital units, tampering with digital files, and tampering with digital processes.
- Digital documents and units shouldn’t be easily replicated
Anything that is of high importance shouldn’t be replicated easily. This is applicable to personal digital identity. Also, it shouldn’t be easy for two individuals to have the same identity details. This is one of the leading problems in the crypto space where we have cases of double-spending.
It is crucial to note that double-spending is when two individuals who are using the same token conduct multiple transactions. Let’s say, for instance; you have a $100 note with you; it should be impossible for you to spend the same money in more than one transaction.
In this regard, digital currencies are quite different. When you try initiating a transaction on a block, you are sending a message to the network that you want to send a particular amount of money to another person.
Bitcoin works in a way that you can’t make another transaction with the same amount of coins. Through blockchain technology, every transaction on the network has been verified in the block; miners in the network also validate the transaction for a fee – if they don’t do that, these miners will lose their reward, which is the fee.
If anyone tries to double-spend using the same BTC token, the transaction will be rejected automatically.
A hash pointer connects every block in the blockchain network. Blockchain is transparent, so every transaction in the network is visible for everyone to see.
- Digital units shouldn’t be tampered with easily
More than decades ago, personal record files were stored in registers – in offices – and it caused many problems. Anyone can tamper with these files by bribing the people in charge of these personal data. Even these personal record files are susceptible to wear and tear. Even if these personal record files are stored digitally in computer systems, they can be hacked easily.
Hence, there was a need for a framework that could store personal record files and make them immutable. However, blockchain was that framework.
The blocks in the blockchain network have distinct digital fingerprints known as “hash.” Once important data are added to these blocks, they become automatically immutable due to the cryptographic functions.
- Digital activities should also be immutable
The third problem that blockchain technology can fix is ensuring that digital activities and processes are tamper-proof. To safeguard personal identities, a series of procedures should be followed to ensure they can’t be tampered. Blockchain solves all these problems through its consensus mechanism with its Proof-of-Work (PoW) concept and Proof-of-Stake (PoS).
Decentralized identifiers are the next big thing in the crypto space to verify digital identities. These decentralized identifiers are owned by the identity owner and no one else.
Phil Windley, Chairman at Sovrin, said decentralized identities should be these:
- Non-reassignable: This means that they should be permanent. Identifiers such as IP address or email address can be reassigned by anybody controlling it. This decrease privacy and security.
- Resolvable: Decentralized identifiers should resolve a decentralized identity document that reveals the public keys and authentication protocols necessary to start secure transactions with the source.
- Cryptographically verifiable: With the help of cryptographic keys, a decentralized identity owner can be able to authenticate their ownership of the decentralized identity. Also, the public keys can attest to the owner’s signature linked to the credential.
Preventing Identity Fraud or Theft While Identity Management Through Blockchain
With blockchain technology, a user can store his/her digital identity details on a digital identity wallet on his/her device(s). But what happens if the device is stolen?
The first step is to revoke the authorization of the stolen device. One can only use and validate digital identity data if used from an authorized device.
However, if the device is stolen, that user can use another authorized device like his/ her laptop to write on the blockchain that the authorized device (that was stolen) is revoked.
This would instantly halt any trying to the identity details from the stolen device. The thief won’t be able to access the device because it has been revoked.
The other method to prevent identity fraud or theft is to revoke the existing relationship keys. It is also important to know that these two steps will stop the thief from using identity credentials to access new services. Read more on Sovrin’s explanation of identity management’s technical aspects in case of identity fraud or theft.
Identity management has been made possible through the help of blockchain technology. However, Homan Farahmand, research director at Gartner, said
“We are in the very early stages, and there is still a lot to be done on developing these services at industrial scale and sorting out the legal issues, related regulation and compliance sides of things. Nevertheless, IAM leaders can explore decentralized architectures relevant to their business model now, especially if they plan to modernize their systems in the coming years. The first step is to establish a dedicated team and initiate a limited-scale proof of concept projects, such as business-to-consumer user verification and registration.”