The use of high assurance authentication to access Permissible Blockchain Networks
“While it is possible to use blockchains in identity management frameworks that require a distributed ledger component, it is important to understand that typical blockchain implementations are not designed to serve as standalone identity management systems. “ - NISTIR8202
The underlying value of the blockchain is it ability to deliver a secure and transparent distributed ledger, where transactions are immutable and verifiable. For certain applications, this creates a fundamental problem, how do you trust the individual behind the transaction without accessing their private information that was used to create the blockchain address?.
Permissible blockchain transactions are driven by trust between the participants in the transactions. Although there are a lot of great efforts around self-sovereign identity and other identity work using blockchain, this document is focused on the use of digital identities as a current solution to problem.
As an analogy to a permissible blockchain interaction; We could envision car drivers on the highway can be trusted to be capable of driving, and to have insurance, because the rules of the road are enforced before they get on the road. We can see cars moving on a highway, and determine something about traffic conditions – for instance, comparing rush hour to a weekend pattern. However, we don’t necessarily get to know who is in a particular car, where or why they are traveling, unless they chose to tell us, or until the police need to intercede due to traffic offense.
If we extend the analogy to a financial implementation; The smart contracts could represent financial transactions are the cars. In a clearing and settlement example, only trusted parties should be allowed on the highway; the inception and completion of a trade represent the start and the end of their journey; and, others using the highway will see the type and volume of transactions underway, but they will not have the ability to know the parties identity or purpose unless these parties want to make that revelation.
Regulators will continue to act as the ‘traffic cops’ in this analogy, being able to question and verify the identity of the drivers involved. Now imagine if the drivers were unable to provide any trusted and verifiable identity, it would undermine the trust of driving in such highway. That is the value provided by a digital identity that is rooted on trusted organization and properly bound to the individual. It gives the ability for the proper authorities or organizations to validate the identity of individuals when required, while allowing them to drive in privacy and anonymity.
The following figure is a representation of a blockchain network, where individual users are using on and off ramps to gain access to the network to share information and perform a transaction. Their objective is to have the ability to gain access to it while meeting the needs of regulating authorities and ensuring the trust of the network and its subscribers.
Figure 1 - Subscription Blockchain Network Model
Organizations have made extensive investments in PKI and other identity technologies, which are at the root of the digital identity methodology. By linking current strong digital identity methodologies, the blockchain may have the ability to overcome the its shortcomings and therefore develop networks that leverage the use of distributed ledgers, distributed applications and trusted peer to peer transactions. all utilizing a trusted identity and strong authentication methods that bind the identity to the individual, the device and its address.
Blockchain technology, which relies on digital signature, based on private keys issued by individuals, does not have a one to one relationship … meaning that individuals can create multiple private keys obfuscating their true identity.
The important role that digital identity can play, is represented in the following graphic - where the individual is issued a digital identity that has been created after a vetting process rooted on the use trusted documentation. This digital identity is bound to the individual via biometrics or non-sharable secrets. Once deployed, the digital wallet that will be used for accessing the blockchain network will rely and validate the status of the embedded identity to generate the address that will be utilized during the transactions. This method allows the individual to create as many addresses as needed, all of them based on a strong identity process.
Extending current identity infrastructure via new authentication and modern methods, can deliver a higher level of trust for blockchain networks while minimizing the need of an overhaul of an organizational infrastructure.
The use of a high assurance digital identity methodology can expand the use of blockchain technologies in markets where compliance and privacy are required, like financial transactions, healthcare and many others. Allowing for rapid experimentation of blockchain innovation and providing a path for scalability with limited expenditures.
 NISTIR8202-draft -“Blockchain Technology Overview”, by Dylan Yaga, Peter Mell, Nik Roby and Karen Scarfone.