Distributed Ledger Technology (Blockchain) and Why it Matters to You

PART ONE

A DLT (blockchain) enables everyone in the network to have the same source of truth about which credentials are valid and who attested to the validity of the data inside the credential, without revealing the actual data.

Blockchains are heavy on maths. The consensus algorithms they utilise constantly cross-reference data components to check whether what is written in them has been modified since the onset of transmission. They ensure that data delivered from one source to another has not been altered from its original state so as to mislead or foster inaccuracy.

Blockchains are important in maintaining the veracity of identity and access management systems (IAMs) too. IAMs are composed of all the processes and technologies within an organisation that are used to identify, authenticate and authorise someone to access services or systems in that organisation or other associated ones. 

Unfortunately, many of our current IAMs are under developed and outdated. Old fashioned paper-based identity systems have their weaknesses such as risk of loss, destruction or fraud, but IAMs are risk ridden too, they are cornucopias of personal data, ripe for the taking, by hackers practicing identity theft. Since 2017, nearly 700 million personal details such as addresses and credit card numbers have been hijacked by or leaked to hackers, using sophisticated hacking technologies on IAMs. New IAM systems must be hacker proof, if we are to rely upon them for holding crucially important data. Identities need to be portable too, and verifiable everywhere, any time, and digitisation can enable that, though being digital is not enough. Identities also need to be private and secure.

Digitisation is something we are going see a lot more of in future. At a blockchain summit in London, in June 2019, “digitisation”  was a word often used by many of the presenters – it is apparently the “next best thing” for safeguarding our precious data. 

Returning to DLT for a moment, for now, we should understand that DLTs enable everyone in the networks they travel along to have the same source of truth about which credentials are valid, and to know the identity of who or what attested to the validity of the data contained within the credential, but without revealing what the data in the credential is. 

To access what data is held in the credential, some method of identity verification and authentication is needed – this may be something as simple as a name, an address or even a passport number. Whatever the verification used, it must be confirmatory of whether the data we are trying to access about ourselves is true or false. 

Is identity verification something that should be regulated Should a verifying entity requesting me to prove my name with my passport have access to the remaining information contained in my document? Does an entity that requests a proof of my age need to know the day and month I was born? Probably not, but no legislation exists yet that defines just how far identity verification can access our private data.

Part 2 looks at Zero Knowledge identity proofs and the privacy and security required for digital identity management