Light Dark
March 7, 2017 By Jai Singh Arun 4 min read
Identity & Access

Every business and social transaction is carried out by people. People are known by their identities. Hence, identity drives every business and social interaction.

In today’s digital age, an individual’s identity is not defined by a single attribute such as a name, address or user ID. Rather, it is a collection of attributes including, but not limited to, name, age, financial history, work history, address history and social history. These attributes work together dynamically to define an individual in a particular business or social interaction.

Identity Management in a Decentralized, Digital World

Individuals generally have little or no control over the information that comprises their identities. Without visibility into the exchange of identity attributes across the enterprise for authentication, verification and authorization, individuals are vulnerable to identity fraud.

Another challenge is that identity data is typically decentralized. The Department of Motor Vehicles issues drivers licenses, for example, while the Department of Homeland Security issues passports, banks track financial histories, and so on. Most of these organizations have isolated and centralized identity management systems, but the current landscape demands federation and single sign-on (SSO). This makes identity management, protection and verification very cumbersome, costly and risky for all industry enterprises and government agencies.

Reimagining the Future

To address these challenges, we must reimagine the future of identity management across all industries. This sweeping transformation requires the widespread adoption of technologies such as:

  • Cognitive applications that collect data from cumulative online interactions to simplify and expedite routine tasks such as filing taxes while also reducing errors and system fraud;
  • Systems for user-controlled payment so that acquiring a new credit card no longer requires a lengthy process of changing payment information for each recorded service account;
  • Applications that simplify transactions such as car purchases by verifying identity, credit, title and insurance, and obtain approvals with trusted identity profiles to shorten the buying process from hours to minutes and significantly reduce paperwork; and
  • Holistic health care applications that give doctors and pharmacists access to patients’ electronic medical records. This would allow care providers, pharmacists and patients to track dosages, receive automatic alerts for missed or incorrect dosages, monitor possible adverse drug interactions and even help prevent addiction.

Two Fundamental Principles of Trusted Identity Management

The scenarios imagined above are possible and can be delivered with an increased focus on two fundamental principles.

1. Self-Sovereign Identity

The self-sovereign identity principle empowers individuals to take full ownership and control of their identity information. Custodians can provide and verify identity attributes, but an individual’s actual existence does not depend on these details. Individuals can control how these attributes define them in the context of a business or social interaction.

Initially, it may not be plausible to put the entire burden of identity management on individual users, but we must start with systems built on user-permissioned data models in which consent is essential.

2. Distributed Trust Model

Since identity is decentralized by default, it’s critical to establish trust among users, identity providers and relaying parties. This way, all parties can use an agreed-upon set of identity attributes to authenticate, verify and authorize individuals to perform business or social transactions.

Building Trust With Blockchain

The best way to implement the distributed trust model for decentralized identity management is to use distributed ledger technology, or blockchain.

A permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate:

  • A shared, append-only ledger with one version of the truth shared across all permissioned network participants in real time;
  • Smart contracts that ensure that verifiable and signed business logic is executed in each transaction;
  • Trust between known participants to verify transactions and ensure records are valid; and
  • Privacy and security measures that grant access only to permissioned parties.

These capabilities deliver the following required values for trusted digital identity:

  • User-centric design, which allows users to control their identity profiles and attributes;
  • Dynamic validation of identity and transaction data and ongoing validation of information leveraging smart contracts to update trusted data in real time;
  • Trusted digitization, which enables processes to become fully digital while maintaining trust in the data items;
  • Auditable records to provide for validation;
  • Controlled visibility, or the ability to verify identity without disclosing actual data; and
  • No hierarchy — unlike a database with a single point of control, all participants have the same capabilities.
Related: Redefining Digital Interactions in Asia-Pacific With Blockchain Technology

Digital identity networks built on blockchain drive trust among business and social enterprises by leveraging shared ledgers, smart contracts and governance to standardize management and reduce the cost, risk, time and complexity of decentralized identity management.

Request a blockchain for digital identity consultation

 |  |  |  |  |  | 
Jai Singh Arun
Global Head of IBM Quantum Safe Product Management and Strategy - IBM Quantum

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature