Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction.
In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. These attributes work together dynamically to define an individual in a particular business or social interaction.
Identity Management in a Decentralized, Digital World
Individuals generally have little or no control over the information that comprises their identities. Without visibility into the exchange of identity attributes across the enterprise for authentication, verification and authorization, individuals are vulnerable to identity fraud.
Another challenge is that identity data is typically decentralized. The Department of Motor Vehicles issues drivers licenses, for example, while the Department of Homeland Security issues passports, banks track financial histories, and so on. Most of these organizations have isolated and centralized identity management systems, but the current landscape demands federation and single sign-on (SSO). This makes identity management, protection and verification very cumbersome, costly and risky for all industry enterprises and government agencies.
Reimagining the Future
To address these challenges, we must reimagine the future of identity management across all industries. This sweeping transformation requires the widespread adoption of technologies such as:
- Cognitive applications that collect data from cumulative online interactions to simplify and expedite routine tasks such as filing taxes while also reducing errors and system fraud;
- Systems for user-controlled payment so that acquiring a new credit card no longer requires a lengthy process of changing payment information for each recorded service account;
- Applications that simplify transactions such as car purchases by verifying identity, credit, title and insurance, and obtain approvals with trusted identity profiles to shorten the buying process from hours to minutes and significantly reduce paperwork; and
- Holistic health care applications that give doctors and pharmacists access to patients’ electronic medical records. This would allow care providers, pharmacists and patients to track dosages, receive automatic alerts for missed or incorrect dosages, monitor possible adverse drug interactions and even help prevent addiction.
Two Fundamental Principles of Trusted Identity Management
The scenarios imagined above are possible and can be delivered with an increased focus on two fundamental principles.
1. Self-Sovereign Identity
The self-sovereign identity principle empowers individuals to take full ownership and control of their identity information. Custodians can provide and verify identity attributes, but an individual’s actual existence does not depend on these details. Individuals can control how these attributes define them in the context of a business or social interaction.
Initially, it may not be plausible to put the entire burden of identity management on individual users, but we must start with systems built on user-permissioned data models in which consent is essential.
2. Distributed Trust Model
Since identity is decentralized by default, it’s critical to establish trust among users, identity providers and relaying parties. This way, all parties can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to perform business or social transactions.
Building Trust With Blockchain
The best way to implement the distributed trust model for decentralized identity management is to use distributed ledger technology, or blockchain.
A permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate:
- A shared, append-only ledger with one version of the truth shared across all permissioned network participants in real time;
- Smart contracts that ensure that verifiable and signed business logic is executed in each transaction;
- Trust between known participants to verify transactions and ensure records are valid; and
- Privacy and security measures that grant access only to permissioned parties.
These capabilities deliver the following required values for trusted digital identity:
- User-centric design, which allows users to control their identity profiles and attributes;
- Dynamic validation of identity and transaction data and ongoing validation of information leveraging smart contracts to update trusted data in real time;
- Trusted digitization, which enables processes to become fully digital while maintaining trust in the data items;
- Auditable records to provide for validation;
- Controlled visibility, or the ability to verify identity without disclosing actual data; and
- No hierarchy — unlike a database with a single point of control, all participants have the same capabilities.
Digital identity networks built on blockchain drive trust among business and social enterprises by leveraging shared ledgers, smart contracts and governance to standardize management and reduce the cost, risk, time and complexity of decentralized identity management.
Request a blockchain for digital identity consultation
Global Head of IBM Quantum Safe Product Management and Strategy - IBM Quantum