Solving Digital Identity Management with Blockchain

Despite the much-touted promise of Blockchain/Distributed Ledger Technologies (DLT) to transform industries and create expanded business value, enterprises still struggle to identify where blockchain offers better value than existing technologies, and they lack the expertise to use the technology to address new business challenges. A blockchain is a decentralized time-stamped ledger (or immutable record) of transactions that are written and cryptographically secured on a peer to peer network.

The nascent and immature nature of many components of the DLT, as well as unclear regulatory requirements and technology standards present further challenges that most enterprises are simply, at this stage, unable to overcome. A recent Gartner report estimated that only 10% of enterprises will achieve any radical transformation with the use of blockchain technologies by 2022.

Despite the above challenges, enterprise blockchain use cases continue to grow in 2019. Many corporations across industries have on-going blockchain projects either as internal experimentations, or as part of an industry consortium initiative. Some of these initiatives are industry-centric (e.g. FX Settlement in Banking, or Provider Data Management in Healthcare), while others offer potential application across industries, such as Supply Chain Management applications in Retail and Pharmaceutical industries.

Few of these blockchain projects have yet to launch successfully to date, though Gartner predicts that the business value attributable to blockchain will grow to over $360 billion by 2026, and surge to more than $3.1 trillion by 2030.

An emerging cross-industry use case of blockchain technologies worth noting is Digital Identity Management, which enables the implementation of Self-Sovereign Identity (SSI) management.

A digital identity is a digital representation of an entity (individual, organization, or object); it is information, or a set of attributes, related to the entity. Self-Sovereign Identity is based on the premise that individuals or entities can maintain ownership and control of their own digital identity data.

Given the transformative potential of SSI as well as the impact it could have on how enterprises handle the security and privacy of identity data, it is important that business leaders stay attuned to developments in this space.

Wrangling the Identity Management Challenge

The centralization of user identity data in silos controlled by service providers often lead to data breaches as well as to use of the data in ways that identity owners neither know of, nor consent to. It also imposes significant privacy and regulatory requirements on service providers that even the best resourced enterprises find difficult to effectively manage. Decentralized identity management schemes built on blockchain technologies have been proposed as a means of addressing some of the challenges inherent in legacy digital identity management.

It is important to understand that blockchain is not well suited for storing actual identity proofs (i.e. the documentation, such as a driver’s license or passport, required to back up the claims that an individual or entity asserts about themselves). The relatively low transaction speeds of many blockchains, as well as the immutability of distributed ledgers, do not augur well for storing large volumes of sensitive unstructured data that an individual might opt to have forgotten at a future date per privacy regulations. A variety of schemes, such as Zero Knowledge Proofs (ZKPs), have been designed to enable the secure sharing of identities using the blockchain.

Examples of blockchain based digital identity solutions include offerings by business consortia, such as Canada’s Verified.Me by Secure Key Technologies, and Corda Enterprise by R3, as well as solutions built on Open Source platforms such as the Lifeid, and Sovrin. Some major technology corporations such as IBM and Samsung also have active blockchain-based digital identity initiatives. The list of big-name players in this space is expected to grow over the next year.

While the approaches taken by these SSI implementations vary, the promise is similar — an entity should be able to assert a verifiable claim about themselves to a service provider (for example that they are of a certain age) without having to disclose more information about themselves than is required to obtain service. SSI allows users to maintain ownership and control of their own identities, determining who gets what parts of their identity data, and for how long. It also offers users the potential to monetize their own identity data and to assert their rights to be forgotten under privacy regulations such as the European Union’s General Data Protection Regulation.

Beyond the walls of for-profit enterprises, SSI is being leveraged to address the identity challenge prevalent during humanitarian crises where large populations of displaced persons lack secure and portable digital identification. Today, 1.1 billion people worldwide lack digital identification. Ongoing efforts in this space include the Identity for All (I4ALL) based on the Sovrin platform, and the ID2020 project, supported by an alliance of NGOs and corporations such as Microsoft and Accenture.

We are yet to realize the full transformative value of blockchain in the enterprise, but given various SSI efforts currently underway and some early successes (such as with Verified.Me), digital identity management will be one of the areas where consumers and enterprises alike can expect to derive benefits from distributed ledger technologies in the near future.