Skip to main content

How Can We Solve the Problem of Identity Management with Blockchain?

Now many companies have started knowing about the potential of blockchain to develop their applications. The need for secure identity management system has become very important because currently, US retailers are losing about $32 billion because of fraud. All of this is happening because of the poor identification system that is currently existing. Migrating the identity management entirely in the blockchain is not going to happen overnight but we need a system that protects the identity information and the authentication process. Multi-factor authentication was introduced to solve the current issues but enabling multi-factor authentication with blockchain will help to make it more secure and will add an extra layer of security to the application.

Authentication using blockchain will be as easy as taking a picture because for the entire authentication process user must scan the QR code only with the application. To use the authentication using blockchain one must be using an application and whenever there is an authentication request it must be authorized from the app scanning the QR code. These days we have a smartphone with us with most of the time so, it will be more reliable than traditional authentication system. Authentication on the blockchain will be based on ID generated by the blockchain. This ID is a data that is stored on the block and contains the information to verify the identity like date of birth. This information can be verified by any third party that is authorized to retrieve the information from blockchain. A public key is assigned to the identification issuing service and the private key is assigned to the user. The user can then sign a signature that will verify against the public key stored in the blockchain. This identification will be used as a source of authentication while using the service. Since all of these are done in blockchain it will serve as a decentralized source of authentication. Blockchain app for authentication will be like a single-sign-on portal that can be used by another app not being owned by a single entity and will only be used for the authentication purpose. The protected app will have to request a digital signature and an ID from a user requesting access. This app will authorize the authentication if it finds that the signature is valid.

Blockchain provides a compelling solution to the problem of combining accessibility with privacy and security. Information can be transferred securely using end-to-end encryption. All the events are referenced and documented on the blockchain, so all the data are trusted and reliable. This technology wasn't possible a few years ago but with a smart contract on blockchain, this all has become possible.
Whenever we try to create an account or website we are asked a lot of information that might not be required to use the service. The problem with this is if the service that we are using is compromised or our account is compromised then all the information that we provided on that website are leaked. We can solve this issue by applying the single sign-in system with blockchain and providing the information that is required for the service user is requesting. By this way the user can access on the service he is trying to use, and the information of the user is not shared, it will only be verified from the blockchain. No information will be stored on the web server while using the authentication with blockchain and the data of the user is not shared. This will prevent the personal information from being leaked.

It will also make it possible to transfer money between two parties without sharing any personal information. If the application needs to get the credit information of the user, then it can simply send a payment request now once the user gets the request for payment they have an option to deny or approve the payment request. If they want to approve the payment request, they can directly make the payment from the bank by forwarding the request to the bank. This will make the financial transaction more fast and secure. By applying blockchain in identity management we can get a comprehensive, secure and a decentralized authentication and identity verification.

Popular posts from this blog

Why should we stop using SMS-based two-factor authentication?

 Today, securing an application is challenging as attackers are becoming increasingly sophisticated. A proper authentication system plays a significant role in application security, as, without one, the app’s vulnerability could allow a malicious person to gain unauthorized access. Poorly configured authentication systems and human error are the most common reasons for data breaches. Therefore, to address this issue, the concept of two-factor authentication (2FA) or multifactor authentication is applied. In addition to user ID and password, 2FA requires users to input a temporary code unique to them to verify their identity. This creates an extra layer of security by adding one more element to the authentication process. If a user’s login credentials are compromised, malicious actors won’t be able to access the resources since they would need to have both the login credentials and the 2FA code.  One of the most widely used methods of 2FA is an SMS-based code, where the user ne...
Read more

What is Ransomware & How to Prevent it?

Hackers are looking for a new and easier way to make money by entering on other people's system and ransomware is one of the tools they use to make money by locking the computer of people and organization. In my previous article, I discussed cryptojacking malware and why it is a big threat to information security. On that article, you can read how and why bad guys are injecting code on people's computer to make money from that. Ransomware is another major threat to cyberspace that I would like to discuss this article. What is ransomware? Ransomware is a software that is designed to block access to any system, files or operating system until we pay a certain amount to the attacker. Most of the time the attacker will encrypt the files of the computer and they will provide the key to decrypt only after paying the amount they are demanding. Most of the ransomware attack will give very limited time to the victim to pay the demanded amount and if they fail to decrypt it within th...
Read more

Triton: A Malware That can Kill Human

When we think of malware we think of a program that is designed to harm a computer device, servers or network. But these days bad guys are creating malware targetting the critical infrastructure which can deliberately kill people. Malware that is targetting critical infrastructure and human damage is not new in the cyberspace as there were few other cases before like Stuxnet but nowadays such malware is increasing at an alarming rate. Recently one malware was detected by an experienced cyber responder Julian Gutmanis which could pose a serious threat to human life. The malware was found on the server of the petrochemical plant in Saudi Arabia in the summer of 2017. The initial vector of malware infection is still unknown but it could be the result of a phishing attack. Hacker managed to deploy their malicious program on the plant's safety instrumented system so that they could have full control of the safety system of the plant. Hackers were able to control the plant's system...
Read more