When identity management is moved to the blockchain, users are able to choose how to identify themselves and who will be informed. They still need to register their identity on the blockchain somehow, but after that, they can re-use that identification for other services.
Online identity management
Online identity management has always been a time-consuming and costly process. First of all, there is the need for registration. A consumer or client could register online but financial services like loans, mortgages or insurance require a higher level of security for the financial institution to comply with Know Your Customer (KYC) regulations.
Checking, authentication and authorization
This usually means that some form of face-to-face checking and/or checking official government identity documents will be required. Second, the client needs a means of authentication: users need to prove that they are who they claim to be each time they log into a service. Third, authorization – there needs to be proof that they are allowed to do what they intend to do. And finally – they need to take all these steps again for every new service provider they are interacting with. Not to mention privacy issues – there are many web services and intermediaries who have large amounts of identity information stored or are aware of what service clients are using.
Benefits of the blockchain
One of the benefits of the blockchain is that it has the potential to cut out the middlemen and provide every party in the network access to the same ‘source of truth’. When identity management is moved to the blockchain, users are able to choose how they identify themselves and with whom their identity is shared. They still need to register their identity on the blockchain of course, but once they have, they don’t need a new registration for every service provider, provided those providers are also connected to the blockchain. Once is enough.
The blockchain is a new technology and identification options are still limited. This means that standards for identity on blockchain are not yet set and best practices are still being developed. Also, research needs to be done as to how much privacy can protected in practice. Once information is recorded on the blockchain, it remains accessible to all parties in the network, so users must be aware to minimize any private information that they don’t want to divulge.
Of course, this is a difficult balancing act because enough information needs to be shared to be able to prove your identity. Another challenge is the management of private keys. The owner of a private key is assumed to be the owner of a specific identity. Unlike losing a passport or driver’s license, losing your identity on the blockchain means there is no one who can hand out a new one, so the owner would have to register all over again.
A stolen private key is even more of a risk, potentially leading to identity theft. However, there are ways to mitigate this. The owner can make secure back-ups of the private key, or hire a third party to back up and monitor the key. This may sound as a contradiction, as one of the benefits of the blockchain is cutting out the middlemen. But there is a big difference – the user is able to choose their own third party, whether it’s a notary office, a financial services provider, a bank, or any other party that you trust.
A number of startups are developing applications in the field of identity management. Some of those use a closed identity platform. Users only have to identify themselves once to one of the banks or insurance companies connected to this platform. The fact that they have been identified by one of the parties is then recorded on the blockchain, so they do not need to be registered by the other parties as well.
Open identity platform
However, at Deloitte we believe in open networks, so we have built a Smart Identities service in the UK that is open to connect to all kinds of organizations and software applications. Besides identifying individuals, these types of services can be used to register the legal representatives of companies or individuals, e.g. family members of elderly people who are unfamiliar with the internet, or doctors who need access to medical records. The characteristics of the blockchain, such as real-time information about who is entitled to do what, are well suited for registering such authorizations.
When the risks are lower, there is also room for more easily accessible identities. Deloitte has co-created a ‘KYC light’ solution in the micro-insurance domain, which allows insurance companies to identify clients who only need insurance for a limited amount of time (e.g. when they borrow or hire a camera). Insurers can identify them based on their ‘social points’, collected by means of their profiles on e.g. Facebook. Meanwhile the blockchain allows the insurer to ‘track and trace’ the actual camera – with the active user linked to it. In this application the identity of the asset (the camera) is considered more important than the user identity, so an easily accessible means of identification can be used.
Research, keep up and experiment
It is obvious that even though the blockchain is still new and its possibilities are still being explored, it is important to research, keep up with new developments and experiment to gain hands-on experience on the best way to manage identity for your client and business needs.
Bron : Deloitte