[ad_1]
Imagine a company that can verify the background of a new employee and integrate it with the click of a single virtual button or a bank customer who can verify their identity for a loan without exposing personally identifiable information, always with a click a button.
This is the potential blockchain for decentralized identity management. It is done by creating a digital wallet that acts as an archive for all types of personal and financial data, information that can only be shared after a specific request and only with the owner's permission.
Blockchain distributed ledger technology (DLT) – in combination with digital identity verification – has the potential to solve online privacy issues that plague everything from consumer sales and know-your-customer banking regulations to credentials employees who allow access to confidential company systems.
"There are more suppliers in this space who are in the initial phase of research and development or test their products in pilot projects," said Homan Farahmand, a senior research director with Gartner. "It is too early to declare any winner, in any case, because having a functioning product is not enough." The decentralized identity requires a vibrant ecosystem, a robust identity structure based on a distributed ledger or blockchain, tools to support the user functionality and a good development experience to support a broad adoption. "
A considerable security attribute for storing digital identities on an encrypted and distributed blockchain register is eliminating "honey pots" or centralized repositories for client account information, according to Julie Esser, CULedger's chief engagement officer, a & # 39; Denver-based Credit Union organization (CUSO). Those repositories are primary targets for hackers.
Credit Unions is already testing ID management
Like other CUSOs, CULedger is a cooperative owned by multiple credit unions for the purpose of providing back-office services; it was created a year ago to build a blockchain-based identity management platform called My CUID. The platform should be launched in the second half of 2019 and will deliver data protection keys to customers who register for an & r; app. CULedger has 36 investors – 26 credit unions and several CUSOs.
In October, CULEDGER started piloting My CUID with five other credit unions and another CUSO; has eliminated the need for usernames and passwords and has raised the call center of the credit unions from the obligation to reset them when a customer loses them.
How it works: A new or existing member credit union customer contacts a customer service call center, which sends a text message to the customer's mobile device with a link to download the My CUID app. The representative of the credit union then releases the client's credentials – a digital wallet, which contains identifiable personal information obtained during initial contact with the client. This information is encrypted and can be reached only with the authorization of the member, request when making a transaction.
Whenever a customer using My CUID contacts the credit union, or vice versa, their smartphone or tablet receives a pop-up dialogue requesting to confirm their membership before a transaction is completed.
"You should click OK or OK, it does not look very different from what happens with other apps on your phone," Esser said. "Everything is based on … the encrypted channels we've created, which is really great.You are creating a secure two-way communication channel, so not only your credit union knows you're talking to you but you also know it's your credit union to call you. "
CULedger has set the goal of issuing 1 million digital identities for union members in 2019. As credit unions must comply with federal Know-Your-Customer regulations, the blockchain-based digital ID service will satisfy also regulatory compliance.
In addition to giving the customer control over their identity by delivering their blockchain encryption keys, My CUID would eliminate the need for login user names and passwords and drastically reduce the time it takes for a representative of a call center to authenticate a member.
You can request a representative from 60 to 90 seconds to authenticate a member before a transaction begins. This can be reduced to 5 seconds or less with My CUID, according to Esser. "It's not a pleasant experience to call a call center because the customer is welcomed with 20 questions to identify who you are, so it's a shaky process that needs to be solved."
Traditionally, credit unions and other financial services companies rely on third-party service providers for call center and customer authentication services, many of which are located outside the United States. CULedger would put control back in the hands of the member unions, Esser said.
In 2019, CULedger plans to start building its authorization network for production customers; at the moment it is considering several blockchain platforms, including that of IBM Hyperledger Fabric service and R3 & r; s Corda, the largest commercial blockchain consortium between banks, insurance companies and other financial services companies. CULedger is also considering working with the Hedera Foundation, the creator of Swirlds, a software platform for creating distributed applications (dApps).
Swirlds is based on the Hashgraph protocol, a DLT well suited to the financial services industry because it can process more than 100,000 transactions per second, unlike bitcoin, which processes three to four transactions per second.
"We need the ability to conduct transactions instantly – in real time," said Esser. "We had planned to create our platform, but by focusing on a decentralized piece of identification, this allows us not to recreate the wheel." There may be some applications that require different [blockchain] platforms. "
How a self-sufficient identity works
For consumers who are aware of their online information – credit card numbers, date of birth, annual income, etc. – blockchain has the potential for "self-sovereign" identities as CULedger is creating, which means that the user controls who can see their data or get purchase approval without releasing their income details.
Self-sufficient identities work like this: the user has a bank that confirms a credit limit or an employer that confirms the annual income; such confirmation information is then encrypted but available on a public blockchain register to which the consumer holds private and public cryptographic keys.
If a buyer wants a car loan from a car dealer, for example, the consumer can give them permission through a public key to confirm that he has enough credit or annual income without revealing an exact dollar amount. So, for example, if the car dealer wants to make sure that a consumer earns more than $ 50,000 a year, that's all that the blockchain register will confirm (not that they actually earn $ 72,587).
The privacy technique is known as ZKP (Zero Knowledge proof), a cryptographic technology that allows a user to demonstrate that funds, resources or identifying information exist without revealing information about him. Ernst & Young has created a public blockchain prototype that plans to launch in 2019, allowing companies to use ZKPs to complete commercial transactions in a confidential manner.
Sovereign IDs in the enterprise
CULedger also collaborates with Sovrin Foundation, a new non-profit organization that created the Sovrin network based on blockchain; allows anyone to globally exchange pre-verified data with any entities even on the distributed ledger.
Online credentials issued via the Sovrin Network are similar to a physical ID that you could carry in your wallet, such as a driver's license, company ID or bank debit card. The encrypted virtual wallet (or cryptographic wallet) would refer to the institutions that created it, such as a bank, a government agency or even an employer, which would automatically verify the information needed by an applicant through the blockchain.
"Our market strategy involves working with business partners to solve their ID problems rather than trying to go directly to end users, so yes, we are working hard at this area and we have a number of partners who are doing things there. "The government of British Columbia, CULedger and IBM / ATB Financial," said Phil Windley, president and co-founder of the Sovrin Foundation.
The Government of British Columbia and the Government of Ontario have already implemented a production system that uses the Sovrin network for business registration and licensing; together they released over 6 million credentials, according to Windley.
Sovrin's development partners IBM, Workday and ATB Financial (a bank in Alberta) have also started a pilot test of the Sovrin network.
Partners are demonstrating how digital credentials could work for IBM employees. ATB Financial issues a digital credential, which can be used both for access to the bank and for the IBM user network. In addition to validating employee financial information, the application of distributed accounting eliminates the need for employees to have a username or password, Windley said.
"Because it's based on cryptography, it has a public key associated with them, and you [the employee] owning the private key, "said Windley.
Farahmand of Gartner said self-sufficient identities based on distributed blockchain registries are considered for all types of business use, including new hires.
Every time a new employee is hired, a new decentralized identifier is generated by that employee and passed to the company. The identifier can then be propagated within the internal systems for user authentication to the corporate network and applications, Farahmand said.
"This can be a powerful proposition as it accelerates the onboarding process and subsequent identity lifecycle management activities, as well as allowing authentication without passwords and helps converge more people than a person can be relevant to the organization, "said Farahmand. , explaining that digital IDs can be used to access multiple systems within a company based on organization-based permissions.
A popular design model for the decentralized identity includes a principal identifier and a set of "pairwise" identifiers, each for a relationship that the user has with an & # 39; organization. The pairwise identifiers are cryptographically derived from the core identifier. The pairwise identifier allows a business system to uniquely verify a user identity for each relationship and potentially prevent the correlation of user activities across different relationships, allowing privacy principles per project at the protocol level, called Farahmand.
For example, a bank employee can be a bank account at the same time while using the same self-sufficient ID. The two characters are typically represented by two digital identities in two separate systems: one as an employee and one as a bank customer.
"In the case of a decentralized identity model, the same person can have two sets of identifiers … mapped to the same basic digital identity, which can potentially simplify reconciliation of user activities," Farahmand said.
Another advantage of a self-sufficient ID is the ability to simplify B2B scenarios in which one employee of an organization can have access to systems in another. For example, Farahmand said that if the host organization trusts the decentralized identity as evidenced by the host organization, it is possible to generate a new decentralized pair identifier to authenticate the user; which simplifies onboarding and access governance for corporate customers or other partners.
Significant obstacles remain
While blockchain-based self-sovereign IDs maintain a significant promise to increase privacy and efficiency, there are also significant technological barriers that have yet to be skipped. For one, trust the blockchain.
A 2018 Gartner CIO survey revealed on average that only 3.3% of companies worldwide had effectively distributed blockchain in a production environment.
In a blog post, Avivah Litan, vice president of Gartner and distinguished analyst, listed eight barriers that the blockchain must overcome before it can become a cure-all for virtually any international transactional need – from cross-border payments to paid supply chain monitoring.
A significant challenge is the integration of DLT systems with legacy databases, the current repositories for corporate employee identities. A decentralized identity system also requires a vibrant ecosystem, a roust identity trust structure built on a distributed ledger or blockchain, tools to support user-friendly functionality and good development experience to support broad adoption.
"While we encourage our customers to look at this space and do some limited experimentation or even proof-of-concept projects," said Farahmand, "we also warn them to make sure these products are tested, tempered, and ready to withstand different types. of attacks ".
