Rostislav Zatonskiy/123RF
 

Blockchain for Identity Management: 7 Possible Use Cases

  • 5 December 2018
  • Sam Mire

When it comes to the blockchain, the word you hear most frequently associated with the technology’s benefits is ‘security’. Identity management is one sector of industry that is also predicated on providing top-flight security to those who rely upon it to keep their data safe – yet, security is not always what customers get. The move into the digital age has established a new paradigm in identity theft; no longer are the elderly the primary victims of scammers. In 2017, 40% of people aged 20-29 reported losing money to fraud, while only 18% of those aged 70+ said that they had been financially suckered. In all, a reported 16.7 million people fell victim to identity fraud in 2017, a record high. When calculated on a temporal basis, theft of identity occurred once every 2 seconds last year, while the average size of identity data breaches rose 1.8% to a total of 24,000 records. For any problem that is growing, there is a necessity to think outside-the-box, and test emerging technologies, to find solutions.

Perhaps no industry outside of the military has greater need for strong, multi-step security than identity management services. There are several industries and operations which require us to pass along our most sensitive data – social security number, financial records, etc. The widespread adoption of blockchain technology to ensure that any number of these centralized databases aren’t compromised, with vast swathes of identifying information falling into the wrong hands, should be a no-brainer for companies who value their reputation and customer safety. 

Blockchain for identity management - Practical use cases


Identity Verification

Blockchain use cases in identity management - Identity Verification

The old ways of verifying identity, through username-password combinations and other rote methods, will be remnants of the past as soon as businesses and government entities begin to seriously consider how flawed these methods have been. The gulf between unreasonably complicated passwords and the value we put on our time has meant that, for many, risking having their credentials compromised is simply the consequence of not spending decades of our lives conceiving and entering absurdly convoluted passwords and usernames. As a result, a reported 86% of internet users continued to use passwords that were likely compromised in previous data breaches, meaning that hackers had virtual free reign throughout their numerous internet accounts. At least 7 in 10 people no longer trust passwords to protect their accounts, and why should they?

By one estimation, hacked passwords account for 81% of data breaches, while a Google report found that 3.3 billion credentials were stolen during third-party breaches, and 12 million were stolen via phishing attacks. In other words, the system is broken.

Were there no viable alternative to the highly vulnerable legacy means of identity verification, the seeming dereliction in protecting users’ login capabilities might be forgivable. But, considering that blockchain’s multi-step, multi-factor identity verification processes have proven to work and are implemented by numerous companies, it is hard to gather why the blockchain authentication model hasn’t gained more mainstream adoption, especially considering the stakes of stolen identities and credentials.

Companies Trying to Solve this Problem

  • Civic Full-service identity management firm developing blockchain identity solutions.
  • Edge Developing secure identity solutions to help protect cryptoassets.
  • NewBanking Identity Personal and business identity verification services.  

Non-Custodial Login Solutions

Blockchain use cases in identity management - Non-Custodial Login Solutions

For most, logging into an online database – whether it is your company’s servers or online shopping account – means entrusting a custodian to ensure that your information does not become compromised. When this is our own companies, we tend to extend the trust that we give them to, say, make sure that the company doesn’t go under completely. But when it comes to IT and password protections, history suggests that we shouldn’t be so quick to extend the trust of our sensitive information to even our employers. After all, corporate hacks are not a rare occurrence. Target (2013), JPMorgan (2014), Home Depot (2014), Sony (2014), Hilton Hotels (2015), and various legal firms are all among the companies that did not sufficiently protect their central servers, ultimately exposing customers and employees to data breaches. It’s not just employees at large corporations who should be wary; a company in tiny Green Bay, Wisconsin experienced several hundred thousand dollars worth of theft of employees’ personal information after their servers were hacked. The Wall Street Journal even offers a guide on what to do, or not do, if your company is hacked – this is how frequently custodial login systems are corrupted.

With non-custodial logins based on the blockchain, it is no longer a central entity – your employer for example – who holds the power over usernames, passwords, and the database that controls them. By removing the ‘custodian’ of those credentials and replacing them with public and private keychains for logins, the former centralized entity can still ensure that those logging in are who they say they are, without holding a central trove of credentials that hackers can easily acquire and use as ransom.

Companies Trying to Solve This Problem

  • Edge Decentralized non-custodial login solutions.
  • REMME Login that verifies identity through blockchain permissions. 

Secure Identities for the Decentralized Web

Blockchain use cases in identity management - Secure Identities for the Decentralized Web

The original vision of the internet was direct connection between peers. Whether it was file sharing, direct messaging, or otherwise, the internet was supposed to be the framework upon which communications and other previously impossible tasks could be carried out. But, eventually third parties cleverly made themselves seemingly invaluable, requiring troves of personal data in order for users to access the services that they so desire, whether it is email or online shopping. This has caused several unintended consequences. Third-party email tracking services such as streak have resulted in roughly 40% of the 269 billion emails sent every day becoming far more intrusive than they should be. Other forms of internet privacy violations are more common than not these days, and they are virtually all put in place by third-parties who profess to be serving some other purpose. Internet service providers – the granddaddy of third parties when it comes to the internet – track every site you visit, and that information is being used in various ways that you are likely not comfortable with.

Those who envision the internet once again returning to a version more in tune with true decentralization have considered how the blockchains can help reduce third parties while still maintaining a user’s identity. One proposal is that user would store their data and identifiers on a blockchain which they could use throughout the internet, instead of granting each site or service their personal data and credentials time and again. A second proposal is built on a similar blockchain containing the user’s data, but could allow third parties to access the data with their consent. Either way, these proposals are frameworks for a return to the original vision of the internet: users communicating on a truly peer-to-peer basis, with their identities their own, as opposed to the property of third parties.

Companies Trying to Solve This Problem

  • Metadium Decentralized identity protocols.
  • Madana Creating secure personal data sharing on the web.
  • Hu-manity.co Personal data title rights on the blockchain. 

Self-Sovereign Identity

Blockchain use cases in identity management - Self-Sovereign Identity

As of now, individuals are tied to the nations they’re born in, the countries they are granted visas to work in, etc. As the world tends toward the perceived borderlessness that many would prefer, the identity of nation-tied identities may not be quite as necessary, or attractive, as they once and currently are. The influx of immigrants into the United States between 1815 and 1915 represents the scion of the American system of birth certificate issuance, ethnicity tracking, etc. Eventually, mothers began to fear that they might leave the hospital with somebody else’s baby in tow, and this contributed to the universalization of birth certificates. Now, these certificates are used to prove eligibility for government services such as Medicaid, Social Security, and more. But, as the world changes, some may be liable to reconsider how closely tied to nationality and ethnicity identity should be, and whether we should own our own identities, rather than them being so tied to our nation of birth. With rising favor for open borders in certain segments of the population, it’s becoming clearer that this idea could gain traction – though there are clearly some downsides.

The concept of a self-sovereign identity rests on the individual taking aim of their own birth certificate, passport, and other identifiers, instead of those being issued by a government entity. While this concept will certainly be difficult to implement, the blockchain’s ability to tie a person to their personal identifiers more than other current technologies means that it would be the technology of choice for testing the validity of such self-sovereign means of identification. And, such a system would have made all that Barack Obama birther controversy a lot less headline-grabbing, too. Wouldn’t it have been nice?

Companies Trying to Solve This Problem

  • Civic Exploring self-sovereign identities on the blockchain.
  • ValidatedID Biometric identification secured with blockchain technology.
  • THEKEY Government hybrid approach to blockchain identity management. 

Stronger Protections for Critical Infrastructure

Blockchain use cases in identity management - Stronger Protections for Critical Infrastructure

The stakes for better security around identity management range beyond logging into our Gmail accounts or even punching our social security numerals into some tenuously secured website. Some may not realize that critical infrastructure — power plants and grids, for example — still rely upon password protection. It seems inexplicable, considering the threat of infrastructure attacks, that this could be the case, but it is. An attack on a Middle Eastern industrial complex’s control room early in 2018 revealed how much of a threat cyber attacks are to critical infrastructure. In this case, the malware referred to as both Triton and Trisis was used to exhibit how energy plants can be corrupted remotely — with potentially catastrophic outcomes. In September of 2018, the National Cyber Security Center and Department of Homeland Security warned that network infrastructure could become the launching framework for future attacks on power stations and energy grids. To ignore these warnings and proceed with the same systems that hackers have exhibited an ability to corrupt with relative ease would be derelict.

Authentication systems built on the blockchain are therefore about more than personal convenience and security. Ensuring that employees are the only ones who are able to gain access to an electrical grid, air traffic control panel, or other critically-important control system requires next-level security, and the blockchain represents a clear step up from the current means of authentication. It’s not a stretch to say that ramifications of not adopting the best available security measures extend above and beyond the societal level into the realm of national security. 

Companies Trying to Solve This Problem

  • uPort Open identity system for the web.
  • Keyp Enterprise scale web identity solutions.
  • AgeifyAge verification for adult content.

Securing the Internet of Things

Blockchain use cases in identity management - Securing the Internet of Things

In the not-so-distant future, the smart homes that some of us have gotten used to will proliferate into entire smart cities. Smart cities are characterized by, among other things, an interconnected network of devices that are catered to our personal habits and preferences. In many ways, the IoT has already pervaded our lives, and not always for the better; there’s a reason that the Internet of Things has been referred to as the security crisis of 2018. An estimated 25% of cyber attacks will target IoT devices by 2020, putting some of our most sensitive data directly in harm’s way.

Interconnected devices offer an often-vulnerable entry point into a connected network that could serve as a metaphorical air duct that connects each of your other devices — and the information they contain. Yet most proceed with reckless abandon when it comes to connecting more devices, expanding their network without considering that 70% of IoT devices are vulnerable to hacking. With an estimated 75 billion devices projected to comprise the IoT by 2025, better secures measures are overdue.

Intimate, IoT-derived details about our lives must be secured, first and foremost. Users should be the ones who have the most control over how and to what extent this information is used, and blockchain technology is a significant step toward making data created through the Internet of Things locktight and free from unethical usurpation and manipulation.

Companies Trying to Solve This Problem

  • WoTT Global scale smart device identity platform.
  • UniquID IoT connected device identity protocols.
  • ObjectTech Global identity ecosystem on the blockchain. 

Decentralizing User Data Storage

Blockchain use cases in identity management - Decentralizing User Data Storage

The data that is derived from the internet, our connected devices, and on central servers with locations unbeknownst to the general public has been stolen and used against customers time and again. Between March and September of 2018 alone, some of the most recognizable brand names in the world – and particularly the U.S. – had their customers’ records compromised due to data storage breaches. The Facebook data breach in September resulted in as many as 50 million accounts being potentially penetrated by nefarious actors. In August, telecom giant T-Mobile revealed that 2 million of its customers were the victims of a data breach that saw their billing zip codes, usernames, passwords and other sensitive information fall into the wrong hands. Panera Bread, beloved amongst in-a-rush diners and college students, announced that its online ordering system had been the source of leaked user data between August 2017 and April 2018. Saks Fifth Avenue and Under Armour also had to admit that they had done a far less than stellar job in being attentive to and fixing apparent leaks in their data systems in 2018, with UA’s MyFitnessPal app potentially offering hackers more sensitive information than usual – diet, step count, etc.

In 2017, the likes of Best Buy, Delta, Macy’s, Lord & Taylor, Under Armour, Whole Foods, GameStop, and Arby’s all experienced some sort of breach, evidence that 2018 was no anomaly and that, clearly, industry giants haven’t taken the necessary steps to safeguard customer data from thieves.

The blockchain is fundamentally decentralized, meaning that the data that is being collected by major tech companies and countless other entities is not preserved on a server with a single point of access. By spreading access to the information across several nodes, the blockchain presents a far more difficult challenge for would-be hackers, and adopting the decentralized method of user data storage is a step towards preserving the identities of a growing digital customer base.

Companies Trying to Solve This Problem

  • Trusti  Decentralized personal data stored in secure wallets.
  • PeerMountain Decentralized cross-chain data storage.
About Sam Mire

Data journalist and market research analyst focused on emerging technology, trends, and ideas.

Comments

COMMUNITY