By now, most people will have heard of the phenomenal rise of a new generation of ‘cryptocurrencies’, such as Bitcoin. You may also have heard of the underlying technology which enables them to work – blockchains. But what is a blockchain, and does it have applications beyond financial transactions when it comes to securing identity?
First developed in 2008, blockchain was developed as the foundation for a peer-to-peer electronic cash system. The system relies on a distributed database to keep a digital ledger of transactions (the ‘blocks’), each of which are timestamped and linked to previous blocks, thus forming the ‘chain’.
The innovative database structure where every user maintains a record of the chain prevents tampering and revisions. Effectively, the database exists in multiple copies across multiple computers with no centralised server. No one user is trusted above any other, and the system relies on a consensus process (where the majority of users agree) to maintain an accurate record of all blocks.
The revolutionary aspect to a blockchain system is that it can cut out the middle man for transactions. Users can make secure financial transactions without the need for a retail bank to authorise them – the network itself provides the validation that the funds are available and have been transferred.
Of course, blockchain technology doesn’t just have applications in finance. In other industries, the Hyperledger project (whose prestigious members include IBM, Intel and JP Morgan) aims to provide a common standard for blockchain ventures. A common framework provides a basis not only for financial transactions including stocks, shares and forex dealing, but could also lead to ‘smart contracts’, removing clearing house roles from parties when it comes to the exchange of goods and services.
But what does this have to do with identity?
The discussion of digital identities is not a new one, in fact, several projects are now underway around the globe aiming to integrate secure identity documents with the phone in your pocket. With the rise of the smartphone and mobile internet (current estimates suggest a third of people will own a smartphone by 2017), using mobile phones to authenticate identity is becoming a real possibility.
In March, Martin Sutherland, the Chief Executive of De La Rue, confirmed that they are already discussing whether secure identity information on a smartphone could be used at immigration control. The technology is still in very early stages of development at this time. However in India, digital identity documents have just arrived.
On 7 September, the Indian government announced that driver’s licences and car registration cards can be uploaded to their secure cloud-based service DigiLocker, the details of which will be verifiable by police and law enforcement agencies. The move is part of a wider scheme by India to reduce waste and administrative expenses by allowing citizens to store a range of identity documents in the cloud, authenticated by each citizen’s biometrically enabled Aadhaar card (the national eID card for India).
HID Global is another company who also believe that the intersection of mobile and digital identities is here, and that the rise of the smartphone means new levels of convenience for people who can now use their smartphone to verify their identity. They are proposing a future where mobile ID can be used for domestic travel – linking a boarding pass and identity to provide greater security, convenience and flexibility for both travellers and enforcement agencies in airports.
So far, forays into using blockchain as a method to authenticate identity are in their infancy. However the potential for a secure, tamper resistant database where the ‘blocks’ can be used not to encode financial transactions, but a digital identity instead, are under development.
A Malaysian company, SMARTRAC, has developed their dLoc system based on blockchains; taking advantage of the security and privacy afforded by the technology. Using a physical identity document, users can create a digital copy of their vital records secured by a blockchain, which can then be used for a variety of authentication purposes.
In addition, when it comes to mobile authentication, several companies have developed solutions recently which take advantage of the cameras and computing power in your pocket in order to detect whether an ID card or passport is genuine or not.
At the moment all of these systems still depend on the physical identity document, and it seems unlikely that we will get rid of these any time soon – all of these mobile technologies require a reliable internet connection, something which is not guaranteed worldwide.
The security of all of these systems (including blockchains) is highly dependent on cryptography to ensure confidence. As with any digital technology, the security of a system is only as good as the encryption on which it is built. As we move towards greater integration of smartphones and identity, the systems become more attractive to hackers as a potential target, making the risk of leaks and breaches more likely.
The final obstacle to overcome is common standards. With so many companies developing and innovating in this area, in order for any system to take off there needs to be a common underlying technology to allow them all to integrate. Hyperledger has begun this for blockchain, but it remains to be seen whether other companies will fall in and follow suit. If not, the risk that your identity card is verifiable by one country but not another will prevent the technology from ever forming a part of identity security.
However, what is clear is that the technology is emerging; poised to be the next disruptive innovation in the secure government identity field. That is why at HSP Asia we will be bringing these technologies to the forefront of discussion with a session covering the latest developments in mobile IDs. We will hear from SMARTRAC, HID Global, OVD Kinegram and SURYS for their takes on the new frontiers for secure citizen identity.