Could blockchain hold the key to secure personal identities?

identity head digital

Blockchain and dynamic biometrics could be the future of identity management, providing a common standard is reached, a security expert believes.

Speaking on the use of blockchain technology for identity management, John Erik Setsaas, senior development architect at identity and digital signature firm Signicat, told delegates at Trust in the Digital World conference in The Hague that the technology presented the possibility for a single, secure, lifelong identity profile.

"Typically when you go into a discussion around blockchain, people start messing round with Bitcoin and blockchain as if it's the same thing ... Bitcoin is one usage of the blockchain, it's one application ... [it] is a generic technology that can be used for a lot of things," said Setsaas.

"We tend to talk about it in the singular, like there is only one blockchain ... But it's the technology, it's database technology, it's a way of organising your data. Anybody could set up that way of organising your data."

Setsaas said that the technology, which is used currently for cryptocurrencies like Bitcoin and Dogecoin primarily, could in fact have many applications that have not yet been considered.

One of the more radical of these is assigning a blockchain record to each child, worldwide, when it is born that is then updated with life events such as their date of marriage, when the child graduated, as well as financial aspects such as when a loan or mortgage was taken out and when it was repaid.

"These are events that, like an audit, could be added to your record on the blockchain ... this will then prove you as a person," Setsaas said.

This blockchain identity could then be used in scenarios such as opening bank accounts, securing tenancy or proving right to abode or employment.

To add an additional layer of security and ensure that data being fed into the record was coming from the real source, Setsaas suggested that dynamic biometrics - i.e. a pulse or gait analysis, rather than something static like a fingerprint or face scan - could be tied into the same record. This way, those businesses or organisations the person was interacting with could also guarantee they were dealing with the right person.

As for privacy concerns, Setsaas said: "I don't want all this information put on there available to everybody, obviously. We have data protection regulation, but also it's obvious we don't want all that information out there."

"One thought around that is the LMP, the life management platform, where ... you as the user are in charge of that information," Setsaas continued. "In the LMP, it's like a secure vault ... access to the vault is through the dynamic biometrics and I, as a user, decide what information I want to share. Maybe the only thing I need to prove is my age if I want to order liquor. If I want to take a loan, obviously I need to provide information like income and in different cases I need to provide different information, nobody needs to know all my information."

However, there are still challenges to overcome. The blockchain, by its nature, is unalterable, so if there was an erroneous entry on the record then it could never be deleted, only updated. Similarly, should someone be granted lifelong anonymity by the courts it would be difficult to create a new identity for them, as the blockchain by its nature is difficult to forge.

Questions also remain about how such a technology would treat transgendered people or deal with the right to be forgotten, as past entries cannot be deleted or altered.

There are other less blue-sky, but also less controversial, applications of blockchain technology too. "One very good use case for blockchain is an audit log - an audit log should never be changed," Setsaas said. "You have all the records and you cannot go back and forge the previous record."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.