A blockchain is a type of computing architecture that enables a peer-to-peer distributed (shared and replicated) database or ledger, not controlled by a single organization or entity, but many different ones. Spanning across a network of independent machines, the configuration permits the nodes to reliably track and maintain the state of information in a system. In doing so, a blockchain enables the cost-efficient creation of business networks without requiring a central point of control. This configuration operates in contrast to traditional database-oriented systems, where independent parties maintain their own systems of record and reconcile updates with one another in inefficient and sometimes complex inter-organizational processes, which requires the services of an independent, trusted third-party administrator.
Two-factor authentication is the de-facto type of authentication approved by most major government agencies, such as the Department of Defense (DoD). Two-factor authentication is performed via the use of common access cards (CACs), and/or hardware dongles, such as security identification key ‘fobs’. CACs rely on a centralized server that is used to validate the ID/EDIPI number present in the card. Hardware tokens do not need to communicate with a backend server as they have the necessary components needed to generate one time codes (e.g., one time passwords) to access a system. Such tokens need to be verified as the backend system will need to verify that the token provided by the user matches.
Two-factor authentication is a well-known type of security procedure applied to various computing systems and networks. Social media sites and e-mail providers use mobile devices as a second form of authentication (e.g., password+access code, which is sent to a mobile phone). The DoD has specified that all DoD networks must be CAC protected. In order to use CACs, systems need to support DoD PKIs, which are a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. PKIs work under the assumptions that systems are within DoD networks. This becomes a challenge when trying to authenticate users without access to the DoD network (e.g., tactical environments). The DoD/DoJ are able to cross-authenticate users via CAC cards and their respective PKIs by using a bridge. Deploying such an infrastructure can be complicated. Hardware tokens are often more trusted than mobile devices given that most of them are tamper proof, however, managing those devices is another challenge.
In a conventional authentication mechanism, an authentication process may use either a CAC card or a hardware token. This approach would permit a user inside the private network to authenticate using a CAC card since that internal user is within the network. A user outside the private network may have a valid CAC, and may attempt to register with a third party site, affiliated with the private network, however, since the external user is not within the private network, the request will be rejected and the external user will be denied access to the private network.