Reimagining the Future of Identity Management With Blockchain

Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction.

In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. These attributes work together dynamically to define an individual in a particular business or social interaction.

Identity is critical in digital economy and these stats support it

Identity Management in a Decentralized, Digital World

Individuals generally have little or no control over the information that comprises their identities. Without visibility into the exchange of identity attributes across the enterprise for authentication, verification and authorization, individuals are vulnerable to identity fraud.

Challenges with current identity management

Another challenge is that identity data is typically decentralized. The Department of Motor Vehicles issues drivers licenses, for example, while the Department of Homeland Security issues passports, banks track financial histories, and so on. Most of these organizations have isolated and centralized identity management systems, but the current landscape demands federation and single sign-on (SSO). This makes identity management, protection and verification very cumbersome, costly and risky for all industry enterprises and government agencies.

Reimagining the Future

To address these challenges, we must reimagine the future of identity management across all industries. This sweeping transformation requires the widespread adoption of technologies such as:

  • Cognitive applications that collect data from cumulative online interactions to simplify and expedite routine tasks such as filing taxes while also reducing errors and system fraud;
  • Systems for user-controlled payment so that acquiring a new credit card no longer requires a lengthy process of changing payment information for each recorded service account;
  • Applications that simplify transactions such as car purchases by verifying identity, credit, title and insurance, and obtain approvals with trusted identity profiles to shorten the buying process from hours to minutes and significantly reduce paperwork; and
  • Holistic health care applications that give doctors and pharmacists access to patients’ electronic medical records. This would allow care providers, pharmacists and patients to track dosages, receive automatic alerts for missed or incorrect dosages, monitor possible adverse drug interactions and even help prevent addiction.

Two Fundamental Principles of Trusted Identity Management

The scenarios imagined above are possible and can be delivered with an increased focus on two fundamental principles.

1. Self-Sovereign Identity

The self-sovereign identity principle empowers individuals to take full ownership and control of their identity information. Custodians can provide and verify identity attributes, but an individual’s actual existence does not depend on these details. Individuals can control how these attributes define them in the context of a business or social interaction.

Initially, it may not be plausible to put the entire burden of identity management on individual users, but we must start with systems built on user-permissioned data models in which consent is essential.

2. Distributed Trust Model

Since identity is decentralized by default, it’s critical to establish trust among users, identity providers and relaying parties. This way, all parties can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to perform business or social transactions.

Building Trust With Blockchain

The best way to implement the distributed trust model for decentralized identity management is to use distributed ledger technology, or blockchain.

trusted identity business network participants

A permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate:

  • A shared, append-only ledger with one version of the truth shared across all permissioned network participants in real time;
  • Smart contracts that ensure that verifiable and signed business logic is executed in each transaction;
  • Trust between known participants to verify transactions and ensure records are valid; and
  • Privacy and security measures that grant access only to permissioned parties.

These capabilities deliver the following required values for trusted digital identity:

  • User-centric design, which allows users to control their identity profiles and attributes;
  • Dynamic validation of identity and transaction data and ongoing validation of information leveraging smart contracts to update trusted data in real time;
  • Trusted digitization, which enables processes to become fully digital while maintaining trust in the data items;
  • Auditable records to provide for validation;
  • Controlled visibility, or the ability to verify identity without disclosing actual data; and
  • No hierarchy — unlike a database with a single point of control, all participants have the same capabilities.
Related to this Article

Digital identity networks built on blockchain drive trust among business and social enterprises by leveraging shared ledgers, smart contracts and governance to standardize management and reduce the cost, risk, time and complexity of decentralized identity management.

Learn More at IBM InterConnect

If you are interested in learning more about the potential of blockchain technology to address the challenges of digital identity, I invite you to attend Session No. 1525: “Imagine the Future of Identity with Blockchain” at the IBM InterConnect Conference in Las Vegas later this month. I look forward to seeing you there.

Share this Article:
Jai Singh Arun

Security and Blockchain Innovations Program Director, IBM

Jai has a vital mix of business and technology skills with over 17 years of global experience leading several multi-million dollars businesses. Jai's last role at Diablo Technologies was Vice President of Global Offering Management and Alliance/Business Development. Prior to this role, he was with Unisys as a Senior Director of Strategy and Product Management for Mission Critical Security Solutions and Consulting, System Integration and Managed Security Services for Stealth and Forward! brands. Before Unisys, he was with IBM for 12 years and started as senior software and systems engineer for IBM Firewall product development. He then had several engineering, product management and marketing leadership roles in WebSphere and Tivoli. His last role at IBM was Product Management and Strategy Leader for Identity and Access Management Portfolio in Security Systems Division. Jai started his career as a Computer Scientist focusing on security, networking and speech recognition related research projects at the School of Technology & Computer Science in Tata Institute of Fundamental Research, Mumbai, India. Jai holds several patents related to security. He is an alumnus of 2006 IBM Leadership Development Program (LDP) and is a Certified Information Security Manager (CISM) from ISACA.