Authentication Protocol BitID Lets Users ‘Connect with Bitcoin’

shutterstock_115834219
7 May 2014

Instead of selecting ‘Connect with Twitter’ when you log into your favorite website, you might one day log in by choosing ‘Connect with Bitcoin’ instead.

BitID is a decentralized authentication protocol that leverages bitcoin wallets as a form of identification and QR codes for service or platform access points. It enables users to access an online account by verifying themselves with their wallet address and uses a mobile device as the private key authenticator.

The protocol was developed by Eric Larchevêque, one of the co-founders of La Maison du Bitcoin, a bitcoin community centre located in Paris.

Larchevêque told CoinDesk that the greatest strength of the concept is the fact that nearly all bitcoin users have a personal wallet:

“In all the bitcoin services and websites, everyone already has a wallet and everyone is already taking care of securing their private key. So, in fact, for the user, it’s zero effort to be able to just to authenticate themselves.”

BitID relies on the blockchain as a store of information and could be deployed across a variety of platforms, including e-commerce sites and smart appliances.

Cryptographic site access

Currently, most websites require the creation of a private account with a username and password. In the past year or two, more sites have begun allowing the use of a social media account such as Facebook or Twitter.

Ultimately, access to a site requires the disclosure of at least some personal information.

With BitID, the only information a user has to provide to a webite is their wallet address. After scanning a QR code on the site with the user’s mobile device, or clicking the QR code on the mobile device for the first time, the server creates a new private key for that wallet.

BitID could also be deployed as a decentralized two-factor authentication process, in the same way that Google Authenticator functions. In addition to have a username and password, a BitID-integrated site could also require a QR code scan to confirm the user’s identity.

Software and hardware applications

The BitID concept might also be utilized in a simplified e-commerce environment that removes the need to provide credit card or bank account information when placing an order online.

Using the BitID protocol, an e-commerce site would require proof of identity at checkout. When the user scans the QR code with their authenticator device, it would both establish their identity, while also authorizing the transaction.

According to Larchevêque, BitID would improve the efficiency of online ordering because it removes steps in the e-commerce process:

“You do not need to create an account, so it’s less clicks and more conversions. And in the end, it’s more money for the e-commerce site.”

BitID is also applicable to the concept of smart appliances. Larchevêque told CoinDesk that the projects origins began with what he called a ‘bitcoin locker’ that uses a bitcoin wallet address to authenticate ownership of an integrated lockbox. Once the owner scans the QR code, the lockbox recognises the owner and allows entry.

He said that the idea could used for home security and hotel services, with the latter constituting a hotel that accepts bitcoin as payment and uses wallet addresses to authenticate access to hotel rooms and charging the bill at the point of entry.

There is, however, some room for problems and potential fraud with BitID in the event that a user’s device is hacked or stolen. This is an issue facing current digital authentication processes as a whole and poses a future challenge for security software developers.

QR code image via Shutterstock