In this video:
- Andre Boysen, CIO, SecureKey
You know that situation where you create a “thumbprint” of data on your identity and transactions in order to interact with a trusted institution and someone from the company leaves a work laptop with all your credentials (and many others, too) on the seat of the subway? A single individual has compromised your entire identity.
SecureKey CIO Andre Boysen talks about the digital identity challenge consumers face and demonstrates how IBM Blockchain and SecureKey can help meet those challenges by the creation of a digital identity and attribute sharing network which allows users to absolutely control who has access to their digital information, and how much, when, and where that information is shared.
There are three different topologies for blockchain:
- Open in which the data is in the open
- Public proof of private secrets in which the data is private but permissioned by the owner
- Hybrid, a combination of the previous two
The SecureKey approach is to use the second type in which no personally identifiable data is included in the blockchain. It is entirely impossible for any organization within this system to see information unless the user has confirmed permission. It’s like using a picture ID that only you have – you share it with a vendor and that vendor can’t see where you’ve shared it before – except that this system allows you to keep even more of your personal information private because you only share the information the vendor needs to complete the exchange.
Using blockchain this way follows the Privacy by Design concept, an approach to systems engineering which takes privacy into account throughout the engineering process. It’s an example of value sensitive design – taking human values into account in the design process.
Privacy by Design is not about data protection; it is about designing so the data doesn’t need protection. The basic principle is to enable service without having to transfer control of the data from the owner to the system. Some examples of this include the DHCP protocol, some features in GPS in which the device location is not leaked to access services, and using the zero-knowledge proof to keep from leaking IoT device identifiers.
Privacy by Design can be characterized by considering privacy as “security from the one-stakeholder perspective.” Principles include:
- Be proactive not reactive, preventative not remedial
- Privacy is the default
- Privacy must be embedded into design
- Ensure full functionality that is positive-sum, not zero-sum
- Build end-to-end security with full lifecycle protection
- The system must be and remain visible and transparent
- Have respect for user privacy; it should always be user-centric
“The problem we have with identity today,” says Andre, “is the ‘double-spend’ problem that blockchain was originally designed to solve.” (The double-spend problem occurs when you’re trying to determine in a transaction network how to decide who in the chain has a payment at any given time. If I’ve given it to you, then I shouldn’t still have it to spend.) “If I know enough information about you, I can be you.”
The company chooses blockchain to ensure privacy, data integrity, and resiliency. When it comes to data integrity, many of the documents we use for identity are easy to fake and difficult to spot. For example, realize that there is no expectation that a bank teller should be able to recognize whether a driver’s license is real or not.
As for resiliency, blockchain can be intrumental in halting DDoS attacks by decentralizing the domain name system. It would eliminate the central or minimal points of failure.
Some of the questions the SecureKey team had to ask to get this form of blockchain security right are
- How do we leverage existing ID sources?
- How do we not over-answer questions?
- How do we make it simple for the user to control their data?
- How do we “blind” the relying party and the ID holder from each other?
- How do we prevent user tracking?
- How do we make certain there is no central point of failure in the system?
SecureKey and IBM Blockchain have already brought the first ever digital identity network together in Canada with companies such as Bank of Montreal, Canadian Imperial Bank of Commerce, Desjardins Group, Royal Bank of Canada, Scotiabank, and TD Bank. The solution is built with IBM Blockchain atop the Linux Foundation®’s open source Hyperledger® Fabric™ and enables a scalable group of individuals and institutions to quickly board the highly secured network with minimal operational effort.
Resources for you
- Try “IBM Blockchain 101: Quick-start guide for developers”
- Read how blockchain may make hacking unprofitable
- Explore blockchain security concerns in this article
- Visit the blockchain developer center
- Read “Building a Digital Identity Ecosystem on Blockchain”
- Watch for a quick explanation of this type of blockchain security
- Explore blockchain on IBM Cloud
- Get started with blockchain on IBM Cloud
- Learn about security on IBM Cloud
- Customize your cloud security with IBM Cloud
- Explore IBM Cloud compliance certificates
- Try IBM Cloud for free
Digitize transactions through a secured, shared, and replicated ledger.
Build in security, from app development to system maintenance.