Javier Castro - Fotolia
Identity management is a pain point for many companies and individuals, but blockchain could help solve some of the challenges.
When banking, traveling, providing proof of age or accessing corporate data, individuals must prove their identity. But it can be difficult for users to keep track of all the different pieces of identification they must present to do so. ShoCard, a software provider in Cupertino, Calif., aims to eliminate the need for multiple forms of identification, usernames and passwords, and give users more control through the use of its blockchain identity management tool.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
"Since it is your data, really, you have the right to hold it, to operate it as you wish," said Alexander Novoselov, the head of innovation at Creditinfo Group, a ShoCard customer headquartered in Iceland.
How blockchain identity management works
ShoCard offers an identity management tool that uses a blockchain-based digital verification and authentication process. Blockchain is a type of database that is secured using cryptography and encryption key techniques. A user's identity information is stored on the blockchain to a hashed version of what's called the public key. Each user also has a private key, which allows them to safeguard their personal data and prove to those with whom they share the data that it belongs only to the person sharing it.
The idea with blockchain identity management is to store and encrypt data on users' mobile devices, rather than in a central database. Since credentials are stored on the device, an attacker would have to hack phone by phone and wouldn't be able to compromise many identities at once.
Although the mass appeal of blockchain identity management remains to be seen, there is potential in very strict compliance-oriented fields, said Eric Klein, director of mobile software at VDC Research in Natick, Mass.
"They are definitely unique in the market for doing something that hadn't occurred to me as a means of enhancing your security," Klein said.
Customers can use ShoCard software development kits to integrate the technology into their mobile applications and servers. The client app then prompts users to take pictures of their valid government IDs, and ShoCard extracts the personal information. The user then sets up a passcode or fingerprint verification as an added security measure. When a user decides to share the data with a third party, the information is placed in an encrypted container on the blockchain, which no one -- including ShoCard -- can access, except the party with whom the user is sharing it.
Blockchain pays off
Creditinfo adopted ShoCard for a few of its customers. It needed to allow customers to not only have control over their own credit data, but also be able to securely transfer data between different countries, Novoselov said.
For example, if a person from India goes to a U.S. bank and tries to get a credit card, it brings complications. Creditinfo cannot share data from India in the U.S. because of a difference in privacy laws between the two countries. Creditinfo needed a tool to allow people to bring their credit histories with them anywhere.
Alexander Novoselovhead of innovation at Creditinfo
Customers can now download the Creditinfo app, which incorporates ShoCard technology via the vendor's software development kit, and securely access and share their credit score data on their mobile devices.
"This is a new way of bringing confidence that the data is in safe hands," Novoselov said.
Based on this same blockchain identity management technology, ShoCard also offers ShoBadge, an app that allows employees to hold their encrypted ID information on their mobile devices. Unlike with ShoCard, customers don't have to write any code; instead, they just use the app directly.
ShoBadge allows employees to access all of their corporate apps by authenticating through the app, rather than requiring different logins to different applications or devices. It also allows them to securely share their identities at the workplace -- with human resources, for example. There is no longer a central database at the company where all the users' sensitive personal information is stored. Thus, employees bring their own identity, and there is no username and password management in the hands of a third party.
The identity management market remains fragmented, with some existing vendors who have the benefit of being in the game for a long time, Klein said. But this does not mean that all customers have decided on which technology to adopt, which is why a new company like ShoCard has been attracting some pretty serious venture funding, he said.
"There are people betting on other technologies maybe surpassing what we have today," he added. "Integrating sophisticated blockchain capabilities as a path certainly has potential."
Dig Deeper on Enterprise mobile security