Could blockchain hold the key to secure personal identities?

The technology that underpins Bitcoin could be used to create a single life log in the future

identity head digital

Blockchain and dynamic biometrics could be the future of identity management, providing a common standard is reached, a security expert believes.

Speaking on the use of blockchain technology for identity management, John Erik Setsaas, senior development architect at identity and digital signature firm Signicat, told delegates at Trust in the Digital World conference in The Hague that the technology presented the possibility for a single, secure, lifelong identity profile.

Advertisement - Article continues below

"Typically when you go into a discussion around blockchain, people start messing round with Bitcoin and blockchain as if it's the same thing ... Bitcoin is one usage of the blockchain, it's one application ... [it] is a generic technology that can be used for a lot of things," said Setsaas.

"We tend to talk about it in the singular, like there is only one blockchain ... But it's the technology, it's database technology, it's a way of organising your data. Anybody could set up that way of organising your data."

Setsaas said that the technology, which is used currently for cryptocurrencies like Bitcoin and Dogecoin primarily, could in fact have many applications that have not yet been considered.

One of the more radical of these is assigning a blockchain record to each child, worldwide, when it is born that is then updated with life events such as their date of marriage, when the child graduated, as well as financial aspects such as when a loan or mortgage was taken out and when it was repaid.

Advertisement - Article continues below
Advertisement - Article continues below

"These are events that, like an audit, could be added to your record on the blockchain ... this will then prove you as a person," Setsaas said.

This blockchain identity could then be used in scenarios such as opening bank accounts, securing tenancy or proving right to abode or employment.

To add an additional layer of security and ensure that data being fed into the record was coming from the real source, Setsaas suggested that dynamic biometrics - i.e. a pulse or gait analysis, rather than something static like a fingerprint or face scan - could be tied into the same record. This way, those businesses or organisations the person was interacting with could also guarantee they were dealing with the right person.

As for privacy concerns, Setsaas said: "I don't want all this information put on there available to everybody, obviously. We have data protection regulation, but also it's obvious we don't want all that information out there."

Advertisement - Article continues below

"One thought around that is the LMP, the life management platform, where ... you as the user are in charge of that information," Setsaas continued. "In the LMP, it's like a secure vault ... access to the vault is through the dynamic biometrics and I, as a user, decide what information I want to share. Maybe the only thing I need to prove is my age if I want to order liquor. If I want to take a loan, obviously I need to provide information like income and in different cases I need to provide different information, nobody needs to know all my information."

However, there are still challenges to overcome. The blockchain, by its nature, is unalterable, so if there was an erroneous entry on the record then it could never be deleted, only updated. Similarly, should someone be granted lifelong anonymity by the courts it would be difficult to create a new identity for them, as the blockchain by its nature is difficult to forge.

Advertisement - Article continues below

Questions also remain about how such a technology would treat transgendered people or deal with the right to be forgotten, as past entries cannot be deleted or altered.

There are other less blue-sky, but also less controversial, applications of blockchain technology too. "One very good use case for blockchain is an audit log - an audit log should never be changed," Setsaas said. "You have all the records and you cannot go back and forge the previous record."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020