Skip to main content

A Race to Sort Out Authentication vs. Authorization

By January 25, 2018Article

Data breaches in 2018 will have bigger social implications if we cannot figure out a better way to create a proof and trust mechanism that separates authorization from authentication.  If the government doesn’t make this happen, the commercial sector will do it.

How many more breaches and data leaks will it take for the US government to stop using our social security numbers for secret authentication? Governments must figure out a better way to create a proof and trust mechanism that separates authorization from authentication, or else the private sector will offer better alternatives. 

Blockchain could be a way to force governments to split authorization from authentication, and it might speed private companies to solve it first. The decentralized nature of blockchain will allow agencies to issue a digital token via blockchain to digitally sign sensitive documents. The unique and secure identifiers could add a better layer of security to a weak authorization/authentication process.

For years, the government has conflated authorization with authentication. For example, the TSA checks our passports or ID (authentication) as a stand-in for verifying if we are safe to fly (authorization). 

A counter-example of government doing it right: the DMV. States issue driver’s licenses as proof of your ability to drive after you pass a test (authorization). You must prove your identity and state residence to get a state ID (authentication).

Governments need to quickly figure out how to implement blockchain technology to solve the authentication vs authorization issue. As blockchain becomes more mainstream, it can be an obvious way for private sector to authorize and authenticate beyond two-factor authentication, and it could become the next sector to disrupt.

 

Patrick Kerpan is a co-founder and CEO of Cohesive Networks and is responsible for directing product, technology and sales strategy.  Previously, he was the CTO of Borland Software Corp. which he joined through the acquisition of Bedouin, Inc., a company he founded.