The United States Postal Service (USPS) intends to patent a technology solution for user identity verification, that will use public and private key encryption as well as blockchain. The patent application was filed in September 2017, and was recently released by the US Patent and Trademark Office (USPTO).
There remain lingering doubts about the security and trustworthiness of online transactions, and with growing incidents of cyber attacks, the users aren’t sufficiently assured of the safety of their online transactions. The patent application of USPS is titled “Methods and Systems for a Digital Trust Architecture” alludes to this and mentions that the tools providing trust aren’t able to provide sufficient security.
USPS intends to use blockchain technology as one of the components of their solution. Blockchain designs decentralization by design, since the computers on the network, called ‘nodes’ maintain a shared version of truth in this distributed database. All nodes have the entire information on the blockchain, and effectively each node is a ledger of all the transactions. Hence, blockchain is also called ‘distributed ledger technology’ (DLT). A hacker can’t destroy it by taking out any central server.
Additionally, creating new block records, called ‘blocks’, in a blockchain requires solving complex cryptographic puzzles, which amounts to massive number crunching at high-speed. The consensus mechanism of blockchain involves rigorous algorithms, for e.g. in proof of work (POW) algorithm, majority of the participating nodes must approve a transaction. Such rigor makes hacking blockchain economically non-viable.
USPS proposes a solution for user ID verification, and it’s called “digital trust architecture”. It contains the following:
- A user account enrollment and verification component, which is based on user identity information, and includes in-person verification of personal information;
- The user account includes an email account, with digital access linked to it;
- Creation of the user account will automatically publish the new user’s public key in a publicly accessible directory, and this will enable sending encrypted email to the new user;
- A key provisioning component that will generate a public and private key for encrypting the user account;
- A user email component where the user will sign the email with a private key;
- A component to access sensitive data;
- A blockchain, where all transaction records received from the user will be added as part of blocks;
- The system can be configured to store the encrypted email body information on the blockchain;
- A special digital token will be used, and it will provide evidence of specific transaction, including the users involved in that transaction.
The idea of using blockchain for user authentication has been considered by others too. For e.g. Japanese tech giant Sony has filed a patent for a proposed technology solution that will use blockchain for multi-factor authentication (MFA).