Blockchain-powered digital identity is not something most people think of as one of the next breakthrough applications for the new technology. While the identity management industry is not often in the news, it is an $8 billion industry that is expected to hit over $14 billion by 2021. Currently, the digital identity industry is filled with challenging, cumbersome, and costly methods that are inefficient. As companies continue to pour millions into the security of their firms, they are increasingly searching for ways to do so cheaper and more effectively.
Imagine a person goes to a bank that issues them a digital identity, signed via a smart contract containing all of their private data. In a blockchain-powered world, this person can take this digital identity to a completely different institution, like a hospital, that would accept the information instantly. As verification and validation would become instantaneous, user data would also become more secure. There would be no central point of failure to compromise in a data breach.
This is starkly different from our "digital world" of today. We still have a largely manual identity verification process via our passports, IDs, and driver's licenses. These are issued by the government, which acts as the source of truth for banks, insurance companies, and other institutions that need to verify our identities to provide us with services. While traditional identity management systems are sold to clients with the promise of security and privacy, they continue to be quite vulnerable. Some of the current issues traditional identity management systems face today are:
Hackers have clear centralized targets that they can continuously attack. While identity management companies utilize numerous methods to protect against these, a hacker needs only to be successful once to overthrow the entire system.
Creating an account with a bank or insurance provider is far more complicated than creating an Instagram account. The security and regulatory standards of such institutions demand a higher burden of proof for the authentication and verification of one's identity. Yet these organizations must do so in order to prevent identity theft and fraud of their customers' and clients' identities. Since each institution has its own systems and processes, a person may come to have multiple digital identities. The burdensome process of having to remember numerous account logins is not only annoying to the user but can get quite expensive for organizations. This is because they have to spend more on preventing security breaches and customer service.
Even though certain organizations share data, a person usually has to create various digital identities with multiple institutions. If organizations could agree on standardized protocols for trusted members of their ecosystem to provide verified user identities, they could greatly reduce these complexities while increasing security. .
The immutable nature of the blockchain facilitates a self-sovereign identity management system that is unhackable and unalterable. Such a system could kill the need for insecure methods of password verification. Once blockchains integrate interoperability into their protocols, digital iDs can be used across multiple platforms and services seamlessly. Users would gain other benefits, such as:
Over how a user's digital identity is managed and how their private data is stored. A person can also have different user personas in different social circles such as work, friends, family, etc.
Updated real-time private information transferred in seconds between any organization a user chooses.
With digital identity being maintained on a shared ledger, banks can access relevant parts of the stored data and perform due diligence.
Identity can be verified without having to disclose private information or requiring a public key which is prone to cyber-attacks.
While blockchain can simplify and secure many aspects of digital identity management, there are still many questions that need to be addressed. Since blockchain is not completely autonomous, oversight regulations need to oversee those that hold power over these new systems. Furthermore, cross-industry standards need to be established to institutionalize the technology for the space. Currently, the biggest challenges for digital identity on the blockchain are:
There are two types of blockchain operations—read operations and write operations. When a digital identity is created, issuers conduct write operations. Any other party relying on the data generated by an issuer would utilize read operations. Thus, it is very important to ensure that those with write operational rights maintain high standards of controls. Those with read rights must also only be able to conduct "read-only" operations and not be able to add any additional information to the blockchain's ledger.
While blockchain technology is a revolutionary approach to digital identity, it is not a silver bullet. It needs to work in tandem with a standardized system of processes that ensures all participants in the ecosystem are aligned. All must follow the same set of regulations, guidelines, and standards for authenticating and maintaining identity. The quality of due diligence by an issuing party is also an issue as cross-industry standards may differ along with precision and accuracy.
Moving digital identity over to a mobile device is great, but there needs to be a system of backup and recovery in case of theft or loss of a device. While password recovery is a relatively simple thing today, it may prove to be much harder in a world where private keys are generated and stored exclusively on hardware devices. Opting for an institution to help with this would make the process easier, but would inevitably raise custody and authorization questions as well.
Any enterprise organization that wants to adopt a blockchain solution to digital identity management should be wary of adopting a POW (Proof-of-Work) consensus mechanism. High CPU and power requirements may create necessary and unpredictable costs. Using POA (Proof-of-Authority) blockchains that are more similar to POS (Proof-of-Stake) systems, can be better utilized for their intended results.
There are currently over 30 startups all over the world working diligently to bring digital identity into the blockchain-enabled world of tomorrow. These startups focus on different B2B as well as B2C use cases across several industries. When creating an identity ecosystem in institutional domains that rely heavily on trust, the ecosystem participants must inspire confidence in consumers. Currently, the three leading startups are:
Validated ID: A startup based out of Barcelona, providing solutions to those working in the eCommerce space. The company hopes to simplify and secure counterparty risk for digital transactions with offerings such as virtual legal support, authentication, and electronic biometric signatures.
NewBanking: This company is simplifying identity verification on the web without compromising private data. Focusing primarily on FinTech companies, NewBanking helps users choose what information is to be shared via a digital ID while having control over how their data is being used.
Trusti: The platform provides authentication, compliance, and fraud prevention services for cross-chain transactions. Users can conduct several financial transactions using cryptocurrency and security tokens in a compliant and regulated manner.