Part 2 of a conversation with SecureKey's Andre Boysen on the promise of ledger-based identity
Identity and authentication provider SecureKey is working with IBM and Canadian authorities to leverage blockchain and digital identity. The goal is to give consumers a fast, secure way to verify their identity for a range of banking and government services.
In our previous podcast with SecureKey’s Andre Boysen, we talked about why new approaches such as blockchain are needed to solve digital identity. Now, we’re zeroing in on how blockchain can accomplish that.
Boysen says blockchain is implemented by giving many parties access to a common statement of agreed facts. “You have transactions that are flowing up and down the supply chain,” Boysen says. “What we can do is have everybody in the supply chain look at the same statement of transactions – this is called the common ledger – and the benefit is that this is an agreed statement of facts.” That means it would be very difficult to alter the ledger after the fact without being detected.
In this model, we don’t put any data in the blockchain – we just put evidence of the data – so there is no personally identifiable information in the blockchain at all.
Blockchain was created to serve as a public ledger for bitcoin transactions. It solved the double spend problem in digital currency, preventing anyone from duplicating data and spending the same digital currency twice. “What we have in digital identity today is very much like that double spend problem,” Boysen says. “When Gina presents for service, they’ll ask you a bunch of questions, but the problem is Andre can do the same thing if I know enough information about you. There’s a good opportunity to apply blockchain to solving this issue.”
Blockchain can be deployed in several ways. The method SecureKey plans to implement involves using blockchain as a public proof of a private secret. “In this model, we don’t put any data in the blockchain. We just put evidence of the data in the blockchain,” Boysen says. “There’s no personally identifiable information in the blockchain at all. The blockchain is being used for evidence and integrity, not for PII.”
Individuals will be able to control what can be shared with a third party. The participants will have an agreement from the outset about the sort of information that will be needed to conduct the transactions.
SecureKey already has experience with this. The company started using triple blind authentication when its Concierge authentication network was launched five year ago. “What that says is none of the transaction participants – not a bank, not SecureKey, not the government – gets a complete picture of the user journeys,” Boysen says. “What blockchain gives us is a method to do the same thing but for identity.”
Listen to more of Andre Boysen’s thoughts on blockchain and digital identity in part 2 of this podcast with Regarding ID’s Gina Jordan.