There are many authenticated identity systems in use, ranging from official identification systems managed by a government - things like passports and national ID documents - to the informal online identity systems of Google, Microsoft, Facebook and Twitter, which are increasingly used to log in and comment on external websites.
Unofficial identity systems are popular, but it can be argued that they don't offer sufficient security and data protection. On the other hand, government identity systems have too much obsolete paperwork, and many people in developing nations just don't have usable ID documents issued by the state.
In today's world, including in the developing world, most people have mobile phones, which play an increasingly critical role in all aspects of life. For many people, the mobile phone is the main, and often the only means, to access the internet. Secure authentication on cell phones is a mature technology, often including biometric and multifactor authentication.
Therefore, it's not surprising that cell phones are expected to become a key component of next-generation identity systems. Distributed ledger technology (DLT) has an important role to play in secure mobile authentication.
Mobile Blockchain Adoption
Four wireless carriers - AT&T, Sprint, T-Mobile and Verizon - formed the Mobile Authentication Taskforce in September of 2017 to help protect enterprises and consumers from identity theft, bank fraud, fraudulent purchases and data theft. The Mobile Authentication Taskforce unveiled product details of its next-generation mobile authentication platform on March 1 of this year at the Mobile World Congress in Barcelona, and it indicated that blockchain technology will play a role in its efforts to better protect data.
The new identity system will be interoperable with GSMA's Mobile Connect technology, a secure, universal login solution that allows users to log in to websites and applications through mobile phones without the need to remember passwords and usernames.
"As mobile becomes the remote control for day-to-day life, mobile identity is key to making things simpler and more secure for consumers," said Alex Sinclair, chief technology officer at GSMA, according to the press release on the platform. "The GSMA has been working with operators around the world to bring a consistent and interoperable, secure identity service and this taskforce will strengthen that effort by enabling a simple user experience quickly and conveniently in the [U.S.] market."
According to the four carriers, the new identity management system will be highly secure, featuring cryptographically verified phone numbers and profile data and using multifactor authentication, advanced analytics and machine learning to protect customers.
"Authentication security is strengthened by processing unique attributes such as a [network-verified] mobile number, IP address, SIM card attributes, phone number tenure, phone account type and more," per the AT&T press release.
A private and permissioned blockchain will grant conditional access to identity data to application developers.
The Mobile Authentication Taskforce is now running internal trials to test the new mobile identity solution, with a goal of making it generally available to consumers by end of year. A new website, to be launched later this year, will allow service providers and application developers to learn more and participate.
One of the four carriers, T-Mobile, is collaborating with Intel and the Hyperledger Project to develop an identity system based on the Hyperledger Sawtooth platform.
"Using Hyperledger Sawtooth as a platform, [T-Mobile] created Sawtooth Hyper Directory as an Identity and Access Management (IAM) solution," said Warren McNeel , senior vice president of digital technology and development at T-Mobile, according to a Hyperledger press release.
T-Mobile's Hyper Directory , now rebranded as the Hyperledger Sawtooth Next Directory , is an open source blockchain-based access management system. According to Chris Spanton, senior blockchain architect at T-Mobile's Cloud Center of Excellence, the platform is a proof-of-concept built with Intel for an identity system with timestamped permission management and auditable change logging. The open source software is licensed under the Apache License Version 2.0 software license.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
