Blockchain-based identity management and access control framework for open banking ecosystem

Abstract

Financial institutions are following an open banking (OB) trend for service innovation and integration. OB allows third-party service providers (TSPs) to access user financial data for purposes of finding the best deals and improving user experiences. The trust in third parties required for OB ecosystem success raises questions about digital identity integration, data sharing, and privacy preservation. Decentralized applications (DApps) for classifying and protecting data privacy, recording user consent, tracking TSP access actions, managing application programming interfaces (APIs), and preserving self-sovereign identities already exist, but in some countries such as Taiwan they have yet to be integrated into an operable three-phase OB approach. After identifying all major requirements of primary OB participants, we develop a blockchain-based identity management and access control (BIMAC) framework that shares some advantages of both traditional banking and blockchain technology. The BIMAC infrastructure applies smart contracts and a stateless authentication mechanism to form a reliable personal information transaction security control (PITSC) platform that offers such functionalities as decentralized third-party login (TPL), the ability to open bank accounts online, data authorization/revocation, integrated payouts, and TSP access monitoring. System performance evaluation results indicate that the frequent execution functions of the proposed framework have lower computation costs than the average transaction cost of public Ethereum.