Your digital identity is the gateway to your data, and increasingly, this includes most facets of your everyday life. Whether it’s your social media accounts, your bank details, your chat history or your shopping habits.
With so many accounts to manage and protect, maintaining constant access across multiple devices whilst keeping them all secure can be an increasingly complex task.
With data more valuable than ever, these large collections of personal data are very attractive targets to criminals as are the credentials that unlock access to them.
Recent breaches show that vital personal information for vast numbers of people, often give hackers the key information they need to unlock access to even greater volumes of data or even worse, the ability to use a victim’s identity.
So, what is the answer? Well, one answer gaining more credibility is to move the control of your identity from the companies that you consume services from, to individuals themselves, giving them the ability to control which aspects of their personal what data is used and when.
To achieve this, you effectively need two things:
- A way to prove your identity without divulging sensitive data
- A way for services that you want to consume to authenticate you
To achieve the first, a simple and well understood approach can be used, hashing. Hashing is a mechanism used to generate a value from some existing information, using a mathematical function. If you were to change any of the original information and rerun the hash, it would provide an outcome completely different to the original hash.
H ashing is also a one-way function due to the way it is calculated so reversing it is not a trivial task. This therefore makes hashing a very convenient mechanism for hiding underlying data whilst ensuring it hasn’t been changed in transit.
By utilising the above approach, you could hash the details of your identity and use the hash for authentication without revealing the personal data you used to create it, thereby maintaining the security of your data. Obviously, this assumes that the original personal data or identity the hash was generated from was adequately verified before the hash was created but this should not prove a complex task. We do this all the time with physical forms of ID such as passports and driving licenses.
However, creating a hash of an identity is not very useful if no one can use or interact with it. This is where a secure, ubiquitous, transactional system is required and a relatively new one is showing signs of being a good candidate.
Blockchain allows parties to transact securely without any third-party involvement, removing the need for complex (and sometimes costly) intermediaries to enable direct peer-to-peer interaction.
Each transaction is independently verified before it makes it on to the Blockchain ledger which means there is no centralised authority and thereby no single point of failure. This decentralisation is one of the potential benefits from a security perspective. Once the data has been entered in to the blockchain, no one can change it and so it provides verifiable proof of the integrity of the transaction. It also removes the need for human involvement thereby eliminating the need for passwords.
By combining a digital identity verification service with the decentralised blockchain principle, a digital ID can be created from either all or parts of your ID which can then be used to transact for services. For example, you could just authorise the hashed part of your ID that provides your age for purchasing alcohol or just your address for having goods delivered to your home from a courier.
With both a verified ID to authenticate against and a secure platform to transact with, there is no need for your personal information to be disclosed, you just need to set the conditions of what you want to authorise, when you want to authorise it and to who.
Whilst large scale adoption and interoperability of verification services and Blockchain is yet to take place, the ability to build services in to blockchains is becoming more ubiquitous and some companies are already selling ID services in this area.
Therefore, don’t be surprised if you start to see accelerated progression towards self-managed digital IDs soon, especially with GDPR now in place
Co-Founder & CIO, BLOCKPHISH Ever since watching the film War Games in the early 1980’s, Daryl was fascinated by the fact everything from school grades to military mainframes could be hacked. This interest later became the basis for his passion to design secure platforms and systems for everything from community and e-commerce sites to Government and defence systems. Over the past 16 years, this passion has evolved from designing robust system to helping both companies and people with their security challenges. Twitter: @blockphish LinkedIn: https://www.linkedin.com/company/blockphish/ https://www.linkedin.com/in/darylflack/