Blockchain & The Battle To Secure Digital Identities

This emerging technology is a promising way to verify transactions without compromising your digital identity.

Xavier Larduinat, Manager for Innovation, Gemalto

October 25, 2016

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Think about how fragmented your digital identity has become. Every time you enter a password or PIN, wherever you are, you're leveraging some element of your digital identity. Every time you pay with a credit card or recite your Social Security number. Every time you digitally sign a contract.

That holistic digital identity is tied to your physical likeness, finances, conversations, property, and credibility, making it an exceedingly valuable asset. Unfortunately, with pieces of our digital identities being handed out to everyone from retailers to government agencies to employers, those identities are more vulnerable than ever.

It's been well-documented over and over and over again how many lives are rocked by identity theft every year (nearly every reputable source calculates the total in the double-digit millions of people in the U.S. alone). As our digital identities become more disparate and attractive to fraudsters, we need a way to protect our digital selves.

Enter blockchain. Any organization can deploy blockchain — a promising, relatively new technology and methodology — to build trust among users. In its purest form, blockchain lets companies instantly make, approve, and verify many types of transactions by leveraging a collaborative digital ledger and a predetermined network of individual contributors or keepers of the blockchain. Once transactions or other data are inside the secure blockchain ledger, cryptography takes over and verification hurdles drastically decrease the chances of data being stolen.

There are two often-referenced categories of blockchain: private, which is permission-based, and public, which is anonymous. Each has its own strengths, but private, permission-based blockchain has an added layer of protection in that participants in a transaction are known and trackable.

Would we be willing to let blockchain serve as a clearinghouse or executor for our full digital identities? Think of how that could play out in a few different scenarios.

Private aka "Firm Private": This type is already taking hold. Through blockchain, a specific financial institution can verify and facilitate a stock purchase in real time,but after its completion that transaction can also become a part of a digital identity, protected by blockchain. That way, the information doesn't have to sit in a separate, isolated account behind the bank's walls, but can instead be instantly verified, referenced, and acted upon with other digital identity elements. It also allows the bank to retain some level of authority and management.

Public aka "Classic": As the Internet of Things expands, public blockchain can serve as the ledger in scenarios where only certain elements of a digital identity are necessary and a central authority isn't as integral. For instance, buying a burger at a drive-through. The combination of blockchain and a Bluetooth beacon could verify the car associated with a digital identity, verify the Visa Checkout app running on the car's console, communicate to the restaurant's payment system, and debit a bank account the proper amount. All of that can occur without a holistic digital identity being part of a known or closed network, sharing and accessing only the portions of the digital identity that are relevant to the sale.

Private Shared aka "Industry Private": This is a hybrid type of blockchain that could be the happy medium for financial institutions or stock exchanges, as digital identities and transactions are managed by a "circle of trust." Changes don't require mass approvals nor does the private shared blockchain allow just anyone to read and amend, but it keeps power from being consolidated in a sole authority's hands. So in the stock purchase example, a few interconnected industry stakeholders would need to approve the transaction — perhaps a bank, the stock exchange, and the Federal Trade Commission — before it becomes a verified part of the blockchain and of an individual's digital identity.

Those scenarios may be theoretical, but there are already many real-world applications leveraging blockchain. The Leonardo da Vinci Engineering School in Paris uses blockchain to validate and secure diplomas. The Royal Bank of Canada is experimenting with blockchain to authenticate and secure cross-border remittances. Blockchain is even being used for smart contracts that manage solar energy ownership and exchange across smart grids. Whether it's used between private financial institutions or in the public IoT, blockchain is securing elements of digital identities and lives.

Blockchain players still need to take some security measures in order to store, unite, and effectively use entire digital identities within the construct. All solutions leveraging blockchain rely on the integrity of the information published in the ledger. Although it isn't possible to corrupt the ledger itself, fraudsters will focus on attacking individual users. It's crucial to implement strong two-factor authentication for all users who contribute to the blockchain. Data encryption is also key, as is device-level security such as Trusted Execution Environments or Secure Elements that protect against potential man-in-the-middle attacks.

Once those security priorities are addressed, blockchain technology is poised to reach its full potential and serve as the guardian for our valuable digital identities.

Related Content:

 

About the Author

Xavier Larduinat

Manager for Innovation, Gemalto

Xavier Larduinat is a manager for innovation at Gemalto, currently in charge of advancing Gemalto as a leading technology brand and provider of solutions that secure the digital world. Prior to the 2001 beginnings of his work in the digital security market, Xavier spent 14 years in the semiconductor design and test industry, with multiple international product marketing assignments, including stints in Germany, Silicon Valley and Austin, Texas. Xavier holds a Master's degree in electronics engineering from INSA Lyon in France.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights