March 7, 2017 By Jai Singh Arun 4 min read

Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction.

In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. These attributes work together dynamically to define an individual in a particular business or social interaction.

Identity Management in a Decentralized, Digital World

Individuals generally have little or no control over the information that comprises their identities. Without visibility into the exchange of identity attributes across the enterprise for authentication, verification and authorization, individuals are vulnerable to identity fraud.

Another challenge is that identity data is typically decentralized. The Department of Motor Vehicles issues drivers licenses, for example, while the Department of Homeland Security issues passports, banks track financial histories, and so on. Most of these organizations have isolated and centralized identity management systems, but the current landscape demands federation and single sign-on (SSO). This makes identity management, protection and verification very cumbersome, costly and risky for all industry enterprises and government agencies.

Reimagining the Future

To address these challenges, we must reimagine the future of identity management across all industries. This sweeping transformation requires the widespread adoption of technologies such as:

  • Cognitive applications that collect data from cumulative online interactions to simplify and expedite routine tasks such as filing taxes while also reducing errors and system fraud;
  • Systems for user-controlled payment so that acquiring a new credit card no longer requires a lengthy process of changing payment information for each recorded service account;
  • Applications that simplify transactions such as car purchases by verifying identity, credit, title and insurance, and obtain approvals with trusted identity profiles to shorten the buying process from hours to minutes and significantly reduce paperwork; and
  • Holistic health care applications that give doctors and pharmacists access to patients’ electronic medical records. This would allow care providers, pharmacists and patients to track dosages, receive automatic alerts for missed or incorrect dosages, monitor possible adverse drug interactions and even help prevent addiction.

Two Fundamental Principles of Trusted Identity Management

The scenarios imagined above are possible and can be delivered with an increased focus on two fundamental principles.

1. Self-Sovereign Identity

The self-sovereign identity principle empowers individuals to take full ownership and control of their identity information. Custodians can provide and verify identity attributes, but an individual’s actual existence does not depend on these details. Individuals can control how these attributes define them in the context of a business or social interaction.

Initially, it may not be plausible to put the entire burden of identity management on individual users, but we must start with systems built on user-permissioned data models in which consent is essential.

2. Distributed Trust Model

Since identity is decentralized by default, it’s critical to establish trust among users, identity providers and relaying parties. This way, all parties can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to perform business or social transactions.

Building Trust With Blockchain

The best way to implement the distributed trust model for decentralized identity management is to use distributed ledger technology, or blockchain.

A permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate:

  • A shared, append-only ledger with one version of the truth shared across all permissioned network participants in real time;
  • Smart contracts that ensure that verifiable and signed business logic is executed in each transaction;
  • Trust between known participants to verify transactions and ensure records are valid; and
  • Privacy and security measures that grant access only to permissioned parties.

These capabilities deliver the following required values for trusted digital identity:

  • User-centric design, which allows users to control their identity profiles and attributes;
  • Dynamic validation of identity and transaction data and ongoing validation of information leveraging smart contracts to update trusted data in real time;
  • Trusted digitization, which enables processes to become fully digital while maintaining trust in the data items;
  • Auditable records to provide for validation;
  • Controlled visibility, or the ability to verify identity without disclosing actual data; and
  • No hierarchy — unlike a database with a single point of control, all participants have the same capabilities.

Digital identity networks built on blockchain drive trust among business and social enterprises by leveraging shared ledgers, smart contracts and governance to standardize management and reduce the cost, risk, time and complexity of decentralized identity management.

Request a blockchain for digital identity consultation

More from Identity & Access

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today