Blockchain & Cryptocurrency , Multi-factor & Risk-based Authentication , Next-Generation Technologies & Secure Development
Microsoft Outlines Digital ID Plan Using BlockchainEncrypted ID 'Hubs' Will Safely Store Personal Data
After a year of brainstorming on blockchain technology, Microsoft says it will add support in its Authenticator app for a decentralized identity system that's designed to put users in control of their personal information.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The work will center around a blockchain-based system that end users will interact with using Authenticator, Microsoft's widely used two-factor authentication application, writes Ankur Patel, principal program manager with Microsoft's Identity Division, in a blog post.
Microsoft envisions identity information being stored in encrypted ID "hubs," Patel writes, rather than users having their personal information scattered among many different providers.
"We believe it is essential for individuals to own and control all elements of their digital identity," Patel writes.
The Authenticator app will be used to manage identity data and cryptographic keys, Patel writes. A hash of an ID will be stored on a blockchain, but the identity data itself will be stored in an off-chain ID hub and encrypted using Authenticator's keys.
Once the features that has been added to Authenticator, Patel explains, is "apps and services will be able to interact with user's data using a common messaging conduit by requesting granular consent."
Microsoft is just one of hundreds of companies and organizations looking to apply blockchain technology for purposes outside of financial transactions (see Blockchain for Identity: 6 Hot Projects).
Blockchain is the transaction system that underpins bitcoins and hundreds of other of virtual currencies. When a bitcoin is transferred from one computer to another, computers compete to complete mathematically calculations that ensure the transaction is legitimate and a bitcoin isn't being spent twice. The result is an entry into the blockchain, the public ledger of transactions.
Because blockchains are highly tamper resistant, technologists are pondering all kinds of other use scenarios, including securing supply chains and storing identity information.
"After examining decentralized storage systems, consensus protocols, blockchains and a variety of emerging standards, we believe blockchain technology and protocols are well suited for enabling Decentralized IDs," Patel writes.
For identity, the broad vision is to store encoded personal data on a blockchain that can be selectively shared by the data's owner. A hash of the ID data can be checked by a service provider without ever actually needing to handle or store the real data, which would be a data breach risk. This user-centric approach is often referred to as self-sovereign identity.
But putting such a system into practice is a huge undertaking. Experts contend that technology has never been the problem with identity. Business relationships and trust issues have been the Achilles' heel of federated identity programs, which blockchain alone can't solve (see Blockchain for Identity Management: It's Years Away).
As part of its work, Microsoft has been collaborating with the Decentralized Identity Foundation, which is developing specification and standards. That includes a W3C specification for a common document format for decentralized identifiers; a DID server, which would resolve DIDs across blockchains; and verifiable credentials, another specification for encoding DID-based attestations, Patel writes.
In related work, Microsoft said last week that it has joined ID202, a nonprofit organization that aims to develop digital identity systems for the more than 1 billion people worldwide who lack any form of recognized identification.
Prime concerns about using blockchain for decentralized identity include ensuring speed and scale, Patel writes. One of bitcoin's weaknesses is low transaction speeds and up to an hour-long wait before a transaction is verified by enough computers and entered into a block.
For identity, Patel writes, "to support a vast world of users, organizations and devices, the underlying technology must be capable of scale and performance on par with traditional systems."
Some blockchain projects have increased the transaction capacity by increasing the size of the blocks. But Patel writes this tweak still can't meet the demand of running millions of transactions per second, which, in theory, would be needed for identity-related blockchains. As a result, Microsoft is collaborating to develop decentralized Layer 2 protocols for better scaling, he writes.