Japanese technology giant Sony is planning to bring in the promising blockchain technology into the realm of user authentication. On October 26th, the US Patent and Trademark office has released a patent application filed by Sony, which shows how Sony will use blockchain to implement multi-factor authentication system (MFA).
MFA is a well-known optimal user authentication best practice, which basically works on multiple layers of security. Firstly, there is the identity authentication content memorized by user, such as user identifier and password. Secondly, there is an authentication hardware such as an Intelligent Card (IC), or a token. Lastly, there is an automatically generated authentication code. Taken in isolation, each of the element is vulnerable. However, a cyber attacker will not likely get access to all three elements at the same time, hence, when combined, the three elements make a powerful and safe user authentication practice.
On the other hand, blockchain is a distributed database, where each node can be considered as a ledger, and the distributed database is maintained by all nodes. This is a completely decentralized way to manage the database, and because of a powerful proof of work (POW) concept, can also be considered “trustless”, i.e. it is not one particular administrator providing the credentials for the others to trust the data. In this system, a large number of participating nodes create data blocks using cryptography method. Each data block has all data about information communication in the system within given time period. “Miners”, which is really a combination of software, hardware and their users, can update the blockchain by adding new blocks. However, the miner must furnish POW, such as the one for last block that was created, to add a new block. Providing the POW as the credential requires very large amount of resource-intensive number-crunching operation, in an environment where other miners might also be doing similar operation simultaneously. Such complex and large number-crunching operation for adding a new block acts as a deterrent for the hackers. Hence, every block in a blockchain is mathematically verified information, and data integrity can’t be breached.
Can blockchain help in designing and implementing a robust MFA system? The patent filed by Sony addresses that question, by providing a client, a server, a method and an identity verification system. The client has a transaction initiating using, a verification code generating unit, and a sending unit. The client generates a verification code, triggered by a user authentication request. The server has a receiving unit, a retrieving unit, and a verifying unit. The server receives the request from client, and retrieves a record of the random transaction in a data platform system. At this point the verifying unit of the server verifies the verification code sent by the client, based on the random transaction record in the data platform system. The data platform system is a blockchain. As mentioned above, since the records in blockchain can’t be deleted or altered, and new block can only be added if the miner goes through the very rigorous process of supplying POW as credential, this proposed system will provide credible and robust MFA.
Zhihui Zhang is the inventor for this patent, which was originally filed on January 30th. Sony has said that they will continue to look at blockchain for many different fields, indicating that they plan to use their proposed intellectual property in other fields such as supply chain and logistics.