Account vs token-based, which is the right authentication method for CBDC for you?
The difference between an account-based or token-based approach of CBDC may be technical, but it has significant implications for identity and access management, cost, and design. Put simply, the former means the system is made up of accounts that each have a recorded balance, whereas the latter means the system consists of individual assets, or tokens, which have key holders.
We weigh up the two approaches to authentication method below.
The need for a third party can also affect the governance of the network. As a result, an account-based approach seems more suitable for a wholesale CBDC (interbank settlements), where the trade-off between accessibility and proof of identity seems more straightforward.
Token-based verification meanwhile uses blockchain technology to overcome the need to check a customer’s balance before allowing a transaction – as long as they can show that they are the token holder by signing the transaction, such as by using a private key, and meeting identity requirements at the appropriate level. While a risk is often associated with the loss of a private key, solutions exist to maintain the control of ownership in such events. These systems can provide a more direct, cash-like approach, without the need for an account. Account-based and multi-factor authentication features are still able to run on top.
Both methods are used to prevent double-spending, in which the same funds can be spent more than once, or simultaneously spent and returned to the user; a problem that physical cash, and blockchain technology, do not have.
At nChain, we are working with central banks to research and design a truly more resilient, trusted and inclusive modern economy, securing the livelihoods and prosperity of citizens for generations to come.
Interested to learn more about CBDC? Download the Playbook or sign up to be the first to know about our CBDC Masterclass below.