SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains

Blockchain gave rise to Bitcoin. But blockchain is much more than just the mechanism behind the cryptocurrency speculation mania.

Related: The case for ‘zero trust’

There’s no disputing that blockchain technology holds the potential to massively disrupt business, politics and culture over the next couple of decades, much the way the Internet dramatically altered the world over the first two decades of this century.

Evidence continues to mount that blockchain technology holds the potential to democratize commerce on a global scale, while at the same time vastly improving privacy and security in the digital age. I had a terrific conversation about this with Avesta Hojjati, head of research and development at DigiCert, the world’s leading provider of digital certificates. DigiCert recently thrust itself into the security part of the equation by signing on as a contributor to Hyperledger, the open source blockchain collaborative effort hosted by The Linux Foundation.

Hojjati outlined how digital certificates – and the long-establish public key infrastructure (PKI) encryption and authentication framework — could be the very thing to validate the identities of both companies and individuals in a much more granular way, something that will be needed as blockchain systems take root. For a drill down on our discussion, give a listen to the accompanying podcast. Here are key takeaways:

Blockchain basics

A blockchain is nothing more than a distributed database. It functions as a shared ledger between people, such as holders of Bitcoin, but it can also be a shared ledger between companies, or between people and organizations. The ledger can keep track of anything you’d like. A live copy of the ledger is stored on the computers of the users, and advanced cryptography makes it so that the history of past ledger entries can never be altered.

In the case of Bitcoin this ledger is publicly open, and a transparent view of historical entries is always accessible to one and all. In a corporate-backed blockchain, this view of the ledger can be closed off, and made open only on a permissioned basis. In either case, the ledger data gets distributed across many machines, boosting the efficiency and flexibility of transactions in a way that is very accurate, and very difficult to maliciously alter.

With Hyperledger, Linux aims to advance cross-industry blockchain technologies on a commercially supportable, open source basis, much the way the open-source Linux operating system became commercially viable in the early part of this century.


One intrinsic characteristic of blockchain systems is that they make it feasible for any two parties participating on the blockchain to transact with each other without a middleman. Minus the middleman and disintermediation become possible.

This is what gets folks like technologist Andreas Antonopoulos so hopped up about the blockchain’s potential to drastically change the way the world operates, essentially by enabling individuals to granularly control and monetize their digital footprints — and even their civic and artistic contributions.

Another expert who sees blockchain, combined with the Internet of Things, ushering in a new era is economist and social theorist Jeremy Rifkin. “The new platform is really radical,” Rifkin says in his talk, The Third Industrial Revolution: A Radical New Sharing Economy, which has 3.5 million views on YouTube.  “This third industrial revolution platform is designed to be distributed, not centralized. It works best when it’s collaborative, open and transparent, rather than closed and proprietary.”

Linux redux

Linux has been down this road before. Back in the 1990s, Linux was a quirky open-source operating system; it functioned mainly as a techie’s alternative to being locked into using a proprietary Windows or Mac OS machine. Then IBM, RedHat, SuSE and others saw an opportunity and arose as heavyweight corporate backers of Linux OS; they became suppliers of commercially viable Linux servers and desktops. I wrote this USA TODAY cover story in 2003 about how IBM Linux stole the city of Munich from Microsoft, ruining Steve Ballmer’s skiing holiday.

Fast forward to today and guess who’s behind Linux Hyperledger? IBM, Intel, Cisco, American Express, Deutsche Bank and Baidu head an imposing list of big corporate sponsors. The group’s flagship project is Hyperledger fabric, a private blockchain framework already being deployed in enterprise settings.


“You can think of Hyperledger fabric as a car chassis that’s been welded, painted and maybe has wheels on it,” Hojjati told me. “You still need to add an engine and a number of different things to make it fully functional. But you’re able to work with something that’s very easy to maintain and deploy.”

Early adopters are trial-running Hyperledger blockchains in trade financing, in education and training programs and in supply chains for certain vertical industries. These early use cases revolve around increasing transparency and creating more granular audit trails. It’s an obvious fit for making supply chains more efficient, transparent and auditable. Blockchain ledgers are gaining traction in vertical industries like real estate, Big Pharma and food production and retailing, Wal-Mart being a pioneer of the latter.

In the case of open blockchains – Bitcoin being the prime example – transparency is complete, and so is anonymity. Anyone who can meet the protocols and consensus rules of the road is free to participate without providing any personally identifiable information.

Corporate-backed blockchains will never go that far, of course. That said, in order to tap the power of blockchains, and enable more granular, auditable interactions across a nimble blockchain, enterprises can no longer expect to hoover in everything there is to know about each consumer out there.

Authenticating identities

Authenticated identities are necessary in order for enterprises and government agencies to securely deliver services to consumers and work with global partners. But why do they need home addresses, gender, birthdates, political affiliations or online behavior profiles? Regulators across the U.S., Canada and Europe already are pushing back against the over collection and insecure storage of personal data.

What’s more, enterprises risk losing out to the open blockchain initiatives, championed by thought leaders like Anatopolous and Rifkin. These are projects that tend to leverage privacy preservation and that foster the elimination of corporate middlemen.

Cue digital certificates and PKI. “In the Hyperledger scenario, there is a requirement for every single node in the blockchain to be authenticated and have an identity,” Hojjati told me. “This is where public key infrastructure becomes extremely handy. We’re working on a specific public key infrastructure for Hyperledger fabric that allows entities and enterprises to be validated, and consequently receive an identity based on using a digital certificate.”

There is no reason why individuals, too, couldn’t leverage personal digital certificates for specific types of enterprise blockchain-enabled services, such as verifying the pedigree of organic fruit sitting on the shelf of the local Wal-Mart.

“If you’re an individual and you would like to interact with somebody else, you’d be able to use digital certificates to gives yourself protection on top of your identity, instead of actually revealing your true identity, in order to interact with others,” Hojjati says.

Digital certificates and PKI have been around for decades. They haven’t always performed flawlessly. Yet the fact that this encryption and identity validation technology has been hardened under fire and continues to secure ecommerce says something. It’s going to be instructive to see what DigiCert ends up contributing to blockchains. I’ll keep these conversations going. Talk more soon.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: