Maksim Kabakou - Fotolia

Security Think Tank: The case for blockchain-based identity

What are the best and most effective ways information security professionals can use blockchain technology?

Blockchain is a technological evolution that is set to do for trust what the internet has done for information.

A record of transactions (a block) that is continually augmented with a chain of further proof points, once a block has been issued it becomes immutable, allowing its contents to be trusted by its users.

The immutable nature of the record, which “locks in” information makes it hugely valuable in a wide variety of scenarios; aside from the obvious applications for digital payments and smart contracts, where it dovetails into Turnkey’s core operations, is in the creation of blockchain-based identity. 

This has plenty of potential use cases – the scenarios below explore potential options for businesses.

People provide their identity details many times as authentication to use different online services. The process is very similar on each occasion (currently challenge and response with the user providing user ID and password, sometimes with the addition of an additional authentication mechanism, such as Google Authenticator code).

A blockchain-based online identity, in which the user exchanges their credentials for the right to use the service in question, can be used multiple times for multiple purposes, with additional information (such as consent for a service to use personal data) added as required.

The solution, which is already being used, makes it easier for businesses to trust the identity of their customers and partners – driving huge efficiencies by simplifying processes such as know your customer (KYC) as well as reducing regulatory compliance effort such as General Data Protection Regulation (GDPR) because the third party in question manages their own personal data. And because businesses know that the customer is who they say they are, the risk of identity theft and fraudulent activity are significantly reduced.

Digital employee records

A blockchain-based digital employee record could serve as a corporate identity for employees in an organisation.

A solution of this nature would make it possible to trust the identity of the employee while allowing the digital employee record to be portable across employers.

This streamlines the joiner, mover, leaver (JML) process, while, as above, significantly reducing the costs and risks associated with GDPR compliance, because the responsibility and ownership of personal data is in the hands of the employee.

The lifecycle of an employee needs to be managed on an ongoing basis. A number of sensitive data elements (such as salary, address details and number of dependents) will change over time, potentially in the same organisation; in addition, the employee’s employment history will also evolve throughout their career.

Read more from Computer Weekly’s Security Think Tank about how information security professionals can use blockchain technology

The information required from an HR perspective is broadly consistent across employers and the JML process has a number of elements that are both common across organisations, and well-suited to automation.

Employers and employees will have access to update the elements of the solution relevant to them. Employees for example will be able to amend information such as their personal contact and bank account details.

Their employer(s) will have read-only access to these elements, but will have write access to factors such as salary data, which the employee will be able to see but not change. Critically, the employee will control consent.

Users share their data in exchange for various rights in the organisation, such as access to specific enterprise systems. An immutable record of an employee’s employment history will also be extremely useful for employee on-boarding and referencing purposes.

Digital trust

In simple terms, blockchain has the potential to enable the construction of the digital self, the equivalent of a digital passport. Once an individual has been through the process to prove their identity, this proof can be reused in other situations where ID is required.

Essentially it crowdsources trust; because enough people have verified (on record) that someone is who they say they are, it develops trust between people that don’t know each other.

A digital identity would enable citizens to take back control of their data and their identity, choosing who to share this information with and, perhaps more importantly, who not to. It would also allow individuals to both fully understand and capitalise on the value of their personal data.

In facilitating trust in the digital world and underpinning a wide variety of blockchain use-cases, a truly digital identity would have a significant impact on everyday life, thereby cementing the place of this emerging technology in society.

Read more on Hackers and cybercrime prevention

Data Center
Data Management