Over the past year, Microsoft has made a number of investments in using blockchain and other distributed ledger technologies to create new types of secure digital identities. On Monday, the company described its roadmap for the continuing use of these technologies to improve the lives of refugees and others who lack identification.
“Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity,” Ankur Patel, principal program manager in the Microsoft Identity Division, wrote in a Monday blog post. “This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.”
In January, Microsoft officially joined global public-private partnership ID2020 as a founding member, committing $1 million to the initiative to help develop a secure, portable, blockchain-based form of digital identity, according to a blog post from Peggy Johnson, Microsoft executive vice president of business development.
Microsoft and Accenture first announced a partnership to use the technology to provide a legal form of identification for 1.1 billion people worldwide as part of ID2020 back in June 2017. The two tech giants developed a prototype that taps Accenture’s blockchain capabilities and runs on Microsoft Azure.
The tech tool uses a person’s biometric data, such as a fingerprint or iris scan, to unlock the record-keeping blockchain technology and create a legal ID. This will allow refugees to have a personal identity record they can access from an app on a smartphone to receive assistance at border crossings, or to access basic services such as healthcare.
Microsoft’s goal is to start piloting ID2020 solutions in the coming year, beginning with refugee populations, according to Johnson’s post.
In Patel’s post, he described the best practices the company has learned from its decentralized identity work. These include the need to own and control your identity. While users today grant broad consent to apps and services to collect, use, and retain their information, they need a better way to take ownership of their identity, Patel wrote. “After examining decentralized storage systems, consensus protocols, blockchains, and a variety of emerging standards we believe blockchain technology and protocols are well suited for enabling Decentralized IDs (DID),” he wrote.
Users also need a secure, encrypted digital hub that can interact with their data while honoring their privacy and control, Patel wrote. Apps and services must be built with the user at the center—and DIDs and ID hubs can help developers access to user information while reducing legal and compliance risks.
As a next step, Microsoft plans to add support from Decentralized Identities into Microsoft Authenticator, which will act as a User Agent to manage identity data and cryptographic keys, Patel wrote. “In this design, only the ID is rooted on chain,” he wrote. “Identity data is stored in an off-chain ID Hub (that Microsoft can’t see) encrypted using these cryptographic keys.”
With this capability, apps and services will be able to interact with a user’s data using a common messaging conduit by requesting their consent, Patel wrote. “Initially we will support a select group of DID implementations across blockchains and we will likely add more in the future,” he wrote.