Blockchain & Digital Identity
Could blockchain be the backbone of a universal digital identity system?
by Bryan Yurca for The American Banker
Innovative banks are increasingly seeing their future as the stewards of identity — they would serve as the authenticators. Such a system would allow consumers to use a digital token to verify their age when ordering a beer or to log on to an e-commerce site.
But several blockchain companies are looking to play a vital role in the future of identity. In theory, blockchain technology enables entities independent of each other to rely on the same shared, secure and auditable source of information in a way that fits well with a system of widespread digital identity.
Gem, a startup in Venice, Calif., is focused on getting companies within the same industry to share information via blockchain technology. For banks, one possible solution would be in know-your-customer compliance — bank users would be able to vet a customer by relying on the work another bank has already done. Another is London-based Credits.Vision, which is looking to create a blockchain of blockchains, connecting various permissioned and public systems so that a digital identity could be truly universal.As banks plot their future in identity, many may look to partner with blockchain companies also eyeing the space. Suresh Ramamurthi, the chairman and chief technology officer of CBW Bank in Weir, Kan., sees digital identity as a practical use for blockchain. His bank, like many others, has been seriously investigating the possibilities of the blockchain. For instance, it has partnered with the distributed ledger firm Ripple for instantaneous cross-border transactions.
"We have the basic technology," he said, referring to blockchain. "When you already have a wheel, you can make a wheelbarrow, or a car. People are discovering any number of ways" to use the blockchain.
He also sees it as a potential accelerant and enabler for the adoption of a digital identity system.
"The technology is not very complicated; this is something we could do now," Ramamurthi said of a universal digital identity. "Banks already have to verify identity for KYC; expanding that across the Internet is not a very big leap."
As Micah Winkelspecht, chief executive and founder of Gem, sees it, banks' role in digital identities would be to serve as authenticators.
"Rather than the banks being in control, should the customer be in control of certain information they could then passport around?" he asked. "There's a good argument to be made for both sides. But banks certainly could act as a certifying body for individual identity on the blockchain."
Using a distributed ledger system would also allow people to retain authority over their identity, Winkelspecht says.
"With blockchain you have the same conveniences of a centralized ID authority but without having to turn over power to a third party."
But in that scenario, banks would still benefit, he said. Today, every time a consumer goes to a new bank for services they are KYC-vetted, even though one bank has already verified them as a customer, he said, adding that this problem is multiplied at large banking institutions where a customer must get verified for KYC compliance over and over again within different departments.
Gem argues that if a group of banks shared a KYC blockchain, institutions could cut costs on KYC collection software. With a shared ledger system built on public key cryptography, banks could authenticate the consumer, and certificates attached to that key could authorize the consumer for certain functions, he said. Besides banking, Gem is partnering with industries like health care on creating blockchain networks to establish trust and transparency and share information between organizations.
Like Gem, Credits.Vision sees creating a better way for banks to share information as an important step in creating a federated digital identity, said Nick Williamson, its chief executive.
The firm is working on creating a blockchain that would connect other blockchains, both private ones being tested by banks and public ones like the bitcoin blockchain. One function of this project could be used for identity, where a consumer could upload their personal details (in encrypted form) once, whether with a bank, passport office, or telecom provider and the identity could then be used in any other context.
Williamson sees the real potential of blockchain technology as a next-generation, open and interoperable form of public key infrastructure. PKI was developed in the 1970s to secure communications — Bob encrypts a message to Alice with her public key, and only she (or someone who has her private key) can decrypt it. In theory, it's a great way to manage identity, since a message signed with Alice's private key could only have come from her (assuming the key hasn't been compromised). But it's never caught on as a mass-market technology.
"Key distribution has always been a gigantic pain point preventing widespread adoption of consumer-focused PKI," Williamson said. Combining blockchain with PKI could address adoption. From there, banks and others could rely on blockchain's transparent and immutable settlement characteristics "as part of your stack for the onboarding, distribution, and revocation of keys in a way that can be portably transported across independent blockchain networks."
While banks may serve as the ideal authenticators and potential holders of a digital ID, one obstacle that would need to be overcome is banks' willingness to share data and cooperate, something they've not always been keen to do, said Andy Schmidt, principal executive adviser at the consulting firm CEB.
"A difficulty with that model is that it presumes you have one banking relationship," he said. "Most consumers have more than one; if you are able to take your various banking relationships and then designate one bank [as your ID authenticator] that could work, but then all the banks involved would have to share data. Are they willing to give up some control in order to create value for a customer?"
There would "definitely be some security concerns" over such a model, Schmidt said, but ultimately, he said, a blockchain-powered universal identity would still be better than the current personal information-intensive model currently used. For instance, Winkelspecht said, the current method of password-based online authentication is faulty, since consumers have to remember different combinations of usernames and passwords for any number of websites. Also, Winkelspecht said, many reuse the same password multiple times, which facilitates fraud.
"There's no perfect solution," Schmidt said, "so there's a potential downside to any idea. But the downside to this is less than the downside to the current methods we have. I think the blockchain is the most enabling and disruptive technology any of us have seen so far. If harnessed properly, it will revolutionize the way we exchange information."
Although Ramamurthi said he believes there are no technology hindrances to creating a universal, federated identity, he said it will not happen until governments become involved in driving this. He pointed to digital ID initiatives in Estonia and in India that have seen widespread adoption and were the result of government drive to institute them.
But ultimately, he said, if there is a will to do this, there is already a way.
Despite the hurdles, such as compliance and security concerns and government cooperation, in creating universal digital ID, Gem's Winkelspecht is confident it will one day happen.
"People have to stop thinking about blockchain as fintech; it's not fintech, it's about how do we build a global computer," he said. "And if you have that, how then do we log into the global computer?"