The Relationship Between Blockchain and Digital Identity

November 10, 2016

Blog

Gautam Hazari, Technical Director, Personal Data, GSMA

‘Identity’ is a word often used to mean subtly different things.  The Oxford English Dictionary defines it succinctly as “The fact of being who or what a person or thing is”; ISO29115 prefers the broader “Set of attributes related to an entity”.

Identity, therefore is not a singular characteristic but rather a set of attributes that vary by relationship and moreover the plurality of these relationships can enhance the confidence level that the identity being asserted is genuine through corroboration.

block-chain-1

In the physical world this is fairly straightforward. A government institution for example, can attest the photograph, name and address of a citizen; these can then be corroborated through identity checks conducted by banks or telecommunication providers, who are regulated to ‘know their customers’ hence enhancing the confidence level of the attributes associated with a given identity and hence the identity itself.

Digital identities need to function in a similar way, but the nature of the digital world makes it much harder.

new-yorker

Source: Peter Steiner’s cartoon, as published in The New Yorker

 

In particular, some of the key challenges that digital identity faces include:

  • Establishing trust in the trustless digital world
  • Decentralisation: control and ownership of the identity attributes
  • Immutability of the operations related to the digital identity

These requirements are also the fundamental building blocks behind blockchain.

A user’s digital identity can be represented in the blockchain as follows:

block-chain-2

Here, the user’s identity starts its journey into the blockchain as a self-asserted block, containing the user’s identity attributes (hashed) and the user’s public key, all signed with the user’s private key. At this stage, the level of confidence in the user’s identity is at base level.

Other entities, such as a bank or electricity provider, with which the user has a relationship, are also represented within the blockchain, with their own sets of hashed attributes and public keys. These entities can establish relationships with the user by signing the particular hashed attributes of the user that are relevant to that relationship. For example, the Passport Office could sign the hashed address, name, and photograph of the subject if the attribute values asserted by the user match those on record at the Passport Office.

As more and more relationships are established for the user within the blockchain, confidence in the accuracy of the attributes – and hence the identity itself – grows organically. In addition, as more transactions take place involving the user (with other users or entities verifying or trusting the hashed attributes of the user), the ‘reputation capital’ of the identity also grows. In other words, confidence in the identity’s accuracy increases as does confidence in the trustworthiness of the person behind it, based on what they do online – all of which is transparent, and visible to anyone via the blockchain.

If any of the relationships change between the user and the entities, the change can be established within the blockchain as a separate block with a cryptographically signed timestamp hence enabling any new verifier to observe both previous and current relationships in a cryptographically protected sequence.

Making the blockchain usable for digital identity representation

One critical aspect of any service where users interact is finding the right balance between convenience and security. As Eve Maler once pointed out, “an application with 0% security and 100% functionality is still an application, but an application with 100% security and 0% functionality is useless”.

The block representing a digital identity in the blockchain is identified using the public key[1] associated with the user, and the corresponding private key is the credential that the user needs to keep protected.  In a sense, therefore, the public key can be considered equivalent to a user ID and the private key equivalent to a “password” or biometric.

However, a public key is not a convenient “user id” and the private key is not something that can be easily remembered (such as a password) or be inherent to the user (such as a biometric). Securely storing the private key to ensure that it can’t be used by others whilst also being able to easily use it to assert the associated identity is a real challenge.

A solution is to introduce the concept of a wallet through which the user can self-assert their attributes and manage their public and private keys.  This wallet can then be identified through a more convenient user ID (such as the user’s MSISDN) and be unlocked using conventional multi-factor authentication mechanisms. The user can then prove ownership of the private key, and hence confirm their identity.

Mobile Connect is an ideal framework for supporting such wallets, and providing users with a simple means of authenticating their identities in a way which is both convenient and secure.

The combination of Mobile Connect for administering the wallets and Blockchain for administering the identity in a decentralised fashion is a perfect solution to providing digital identity and in a way that is ‘conveniently secure’ for the user.

 

 

[1] In truth, the blockchain ID is derived from the public key by using SHA256 and RIPEMD160, but for simplicity we will simply call it the public key.

 

 

Back

SIM Toolkit Device Requirements to Improve Mobile Connect Customer Exp This document presents the requirements for the device to improve the user experience of the Mobile Connect SIM applet authenticator. The ETSI (The European Telecommunications St...

Read more | See all Personal Data Resources

Mobile Connect demonstrations As Mobile Connect advances, more examples of its uses continue to emerge. These two videos are the latest demonstrations of Mobile Connect in action. The first illustrates how Mo...

Read more | See all Personal Data Resources

Mobile Connect: mobile high-security authentication This non-technical paper is designed to address security questions related to authentication, especially with respect to payments, banking and online commerce. It explains how Mo...

Read more | See all Personal Data Resources

Telco’s mobile based digital authentication and identity in digital This report was produced by Deloitte India for the August edition of Communications Today. An estimated 650 million people will be online in India by 2020, with the mobile phone...

Read more | See all Personal Data Resources

How Mobile Connect Can Transform Digital Banking Consumers like the convenience of being able to bank and transact online using a PC, tablet or smartphone. However, the available authentication procedures involving multip...

Read more | See all Personal Data Resources

Mobile Connect – Indian Overview Mobile Connect is now available to more than 800 million consumers across India. Mobile network operators (MNOs) offering Mobile Connect services are Aircel, Bharti Airtel, Idea,...

Read more | See all Personal Data Resources

Media Giants Collaborate for Demo of New Music App, Mobile Connect Mus Three of the most renowned brands in the music industry, Sony Music, Universal Music and Warner Music Group (and their playlist brand, Topsify), have united through Kuack Media G...

Read more | Visit Personal Data Blog

Digital Community Reaches Consensus on UN’s Identity Goals Marta Ienco, Head of the Government & Regulatory affairs, Personal Data   Analyses of the potential of the global digital economy often conclude that advanced economies have...

Read more | Visit Personal Data Blog

Digital Identity in the GSMA Innovation City See below for a list of digital identity demonstrations in the GSMA Innovation City Across the globe, mobile network operators and digital service providers are incorporating Mob...

Read more | Visit Personal Data Blog

Mobile Connect to provide access to UN Sustainable Development Goals A Mobile Connect will be available for use with the GSMA’s ‘SDG in Action’ mobile app from February 21st as part of a major update ahead of this year’s Mobile World Congres...

Read more | Visit Personal Data Blog

SIMAlliance Publish SIM Applet Interoperability Guidelines New guidelines have been released by industry trade association SIMAlliance that aim to simplify the deployment of Mobile Connect. The guidelines, ‘Mobile Connect SIM Applet I...

Read more | Visit Personal Data Blog

Mobile Connect Government & Policy Expert Named in List of top 10 The GSMA’s Marta Ienco, Head of Government and Regulatory Affairs for Personal Data, has been named by identity experts, One World Identity, in their list of top 100 leaders in...

Read more | Visit Personal Data Blog

Mobile World Congress 2017 February 27, 2017 Mobile Connect will be present at this year’s Mobile World Congress 2017  – the world’s biggest mobile event.  The digital identity solution will be featured ...

Read more | See all Personal Data Events

Mobile Connect: Delivering global mobile identity services February 27, 2017 Mobile Connect, the mobile industry’s secure digital identity service, is gaining momentum.  Operators in many countries are now collaborating to offer country-wide identity s...

Read more | See all Personal Data Events

Mobile Connect: the evolving landscape for high security authenticatio February 28, 2017 Secure authentication increasingly underpins the future prosperity and economic viability of online services and transactions. This seminar will bring together experts from mobil...

Read more | See all Personal Data Events

Mobile Connect: How global brands are protecting consumers and reducin March 01, 2017 In an era of unprecedented fraud and technological awareness, people are reluctant to initiate transactions and provide information. Mobile Connect has a key role to play in comb...

Read more | See all Personal Data Events

Mobile Connect Summit – London April 25, 2017 We are pleased to be hosting the first Mobile Connect Summit of the year in London on the 25 & 26 April. As it becomes more apparent that digital identity solutions are ne...

Read more | See all Personal Data Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.