Digital Identity Management on a Blockchain

Javed Shah

Securing your digital identity on a blockchain is a smart move for your business if you find having a self-sovereign or decentralized identity important.

How does a blockchain verify identity? A blockchain verifies identity by looking at decentralized public identifiers (DIDs) and comparing them against the current credential or identity an individual is trying to verify.

Distributed Identity and the Challenges of Modern Authentication

ID management (IdM) is one of the core challenges of participatory online practices. For as long as there have been shared resources in digital computing, digital ID and authentication have been. With the explosion of cloud applications and platforms, online identities, and eCommerce, identity and authentication are often at the forefront of compliance and cybersecurity.

One of the primary issues in any discussion of identity and authentication is the security of both digital identities and the systems they provide access to. Consider the following breakdown:

  • Digital identities are used as part of authentication services, the gatekeeping functionality that ensures that users are who they say they are. A digital ID contains information about the user, including any verification information (including passwords, usernames, PINs, biometrics, etc.) needed during login.
  • Digital identities are in themselves forms of data that must be secured. If user information is compromised, hackers can use that information to access systems and resources. Traditionally, user information was often stored in databases, which are susceptible to breach.

Both of these aspects of IdM are a priority in any security situation. However, we want to focus on the latter because the storage and protection of digital identities have become significant challenges for service and application providers.

We mentioned that traditional forms of IdM used databases or other storage methods to hold and protect digital identities. There are a few limitations with this approach:

  • Security: Because databases can be compromised through a centralized attack, it became common to encrypt information. Some basic examples include hashing passwords so they couldn’t be read after a breach or encrypting an entire database to obfuscate any identifying information from hackers. Additionally, databases, since they contain some or all of the necessary information to reconstruct a digital ID, can serve as honeypots that draw an inordinate amount of attention from hackers. Many of these databases also don’t have zero-knowledge principles in place, so even if the information is encrypted it is still open to viewing and potential theft by insiders.
  • Sovereignty: ID sovereignty, when users have control over their digital identities, is an increasingly popular concept. Self-sovereign identities may not seem that important when thinking about logging in to your laptop, but it is important when that ID spans social media platforms, cloud platforms, devices, and other accounts. Furthermore, as countries, like India, are experimenting with nationally recognized and usable digital IDs for civic participation, people must be able to control their personal information.
  • Identity Sprawl: Traditional forms of IdM are scattered across applications and platforms. As such, it’s easy for users to have identities across several platforms. Having to create and remember the credentials for several identities, users are likely to create easy-to-remember (and easy-to-guess) passwords and to reuse these passwords across multiple platforms—a severe security problem.

A modern IdMtool would be able to address these challenges. Many platforms are finding the ID solution in blockchain technology.

What Is the Blockchain and How Does Blockchain Technology Support Distributed Identity?

Blockchain technology is a way to implement distributed ledgers that users or applications can use as a database without the drawbacks of traditional database technologies. The cryptocurrency Bitcoin introduced blockchains as a form of a distributed ledger to document transactions in the Bitcoin network. This technology had to be secure, flexible, and accurate to support cryptocurrency, and its design is predicated on providing decentralized and immutable record keeping.

Blockchain technology has had a significant impact on several industries and technologies. One of these has been IdM.

Consider the challenges that blockchains address:

  1. Distributed Control and Sovereignty: Blockchains decentralize the management of identities. In the case of IdM, a blockchain can support storage and management across an entire network of devices. This means that it’s harder to compromise a whole IdM network and that attacking such a network is disincentivized due to the lack of a central honeypot. Additionally, the blockchain allows users to store and access their ID information on their devices without working through an intermediary. This means that they, not the organization managing the ID, have control over their own data.
  2. Encryption and Security: Some might think that such a distributed system would open IdM to security flaws, but this couldn’t be further from the truth. Blockchains are by design secured. The versions used in cryptocurrency networks use encryption as a way to protect transaction data as well as verify transactions publicly. Because of this, the design is secure from the ground up, with encryption protocols and other security measures in place to protect information.
  3. User Experience: Blockchain identity technology can support more sophisticated verification systems, such as ID federation, or the practice of using a centralized verification authority across multiple platforms or applications. Due to the decentralized nature of blockchains, users can use a single ID for various resources. This promotes better security practices from users without sacrificing usability.

Within blockchain ID systems, there are three main actors:

  1. Owners: The user and the actor that owns the identity.
  2. Issuers: The organization that issues identity information for an account, platform or access point.
  3. Verifiers: The third-party that verifies credentials and allows authentication.

In essence, the blockchain removes the need for the verifier, places ID information in the hands of the owner, and allows a more direct relationship between owners and issuers. There are, however, several different ways to use the blockchain to accomplish this. Following that, there are a few different types of blockchain ledgers, including the following:

  • Public: Public blockchains are those that are, appropriately, open to public use. There is no centralized governing organization, and users can join the ledger as pseudo-anonymous nodes as they wish. This kind of arrangement supports certain kinds of public transactions but has significant limits for more security-focused applications. The Bitcoin blockchain is a form of public ledger.
  • Private (Managed): This type of blockchain is permissioned and managed by a single organization with a central authority. It still decentralizes critical features like data management or access, but it doesn’t allow public access and decentralization like a public blockchain does. This provides additional layers of security and control that makes this kind of ledger suitable for security and access applications.
  • Permissioned: Under a permissioned blockchain, users or nodes must have certain permissions to use resources or participate in the ledger. Unlike, say, a public crypto blockchain, not everyone can participate, only those granted specific permissions.

Benefits of Distributed Identity on Blockchain for Your Business

The truth is that authentication and ID management are more important now than ever. Businesses and consumers have digital identities, either self-created or generated by organizations, scattered across networked devices and platforms. The management, security, and usability of these identities for purposes of verification has suffered as a result. New advances in biometrics and multi-factor authentication (MFA) have addressed some of the security gaps inherent in authentication systems, but only to a point. Poor cyber hygiene and the inherent insecurity of traditional IdM systems expose identities to theft daily. High-level and governmental compliance regulations increasingly demand advanced authentication and identity-proofing controls above and beyond biometrics and MFA.

Many IdM platforms are pushing innovation in authentication into new areas, but few are addressing the limitations of current technology. 1Kosmos has identified the challenges of IdM as a combination of security, user experience, and identity sovereignty. To address those challenges, 1Kosmos BlockID implements critical security and management controls, including the following:

  • Private Blockchain: 1Kosmos protects personally identifiable information (PII) in a private, permissioned blockchain for a decentralized ID management approach and encrypts digital identities in secure enclaves only accessible through advanced biometric verification. Our ledger is immutable, secure, and private, so there are no databases to breach or honeypots for hackers to target.
  • Identity Proofing: BlockID includes ID Assurance Level 2 (NIST 800-63A IAL2), detects fraudulent or duplicate identities, and establishes or reestablishes credential verification.
  • Integration with Secure MFA: BlockID and its distributed ledger readily integrate with a standard-based API to operating systems, applications, and MFA infrastructure at AAL2. BlockID is also FIDO2 certified, protecting against attacks that attempt to circumvent multi-factor authentication.
  • Streamlined User Experience: The distributed ledger makes it easier for users to onboard digital IDs. It’s as simple as installing the app, providing biometric information and any required proofing documents, and entering any information required under ID creation. The blockchain allows users more control over their digital ID while making authentication more straightforward.

If you want to learn more about how our private, distributed ledger supports secure, robust ID management for your organization, read more about Distributed Ledger for Identity. As always, also make sure you sign up for our newsletter to learn more about BlockID and our blockchain ledger technology.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More

Expert Insights in Your Inbox

Subscribe to the blog
Meet the Author

Javed Shah

Former Senior Vice President Of Product Management

Javed has spent his entire twenty year career designing and building blockchain and identity management solutions. He has led large customer facing pre-sales teams, led product management for identity management platforms like the ForgeRock Identity Platform and the ForgeRock Identity Cloud. Javed has an MBA from UC Berkeley.