Bringing Self-Sovereign Identity (SSI) into Everyday Use
Business is based on trust. Or, at least, it used to be.
The notion that a potential partner’s word is their bond — personal or professional — went out with Mom’s apple pie and the company tie.
The fact is, thanks to today’s fake news, cronyism and cyber insecurity, trust needs a helping hand. We need some other way for individuals to prove who they are and that what they say is true.
It Pays to Know Who You’re Dealing With
Trust, enabled by ease of verification, is a core principle behind self-sovereign identity (SSI) and its applications in data security and management. It’s a powerful everyday tool which streamlines and accelerates operational processes for all types of organizations.
SSI champions the right for an individual or business to assert sovereign control over the use of their personal or company data.
SSI Puts People First
The Self-Sovereign Identity Process
The data holder (e.g., customer) becomes the principal identity provider and responds to a proof request. This is communicated through a series of verifiable claims exchanges between themselves and:
The issuer (e.g., bank) that signs claims and fulfills the other half of the identity provision
The inspector-verifier (e.g., salesperson) that verifies the signature
The identifier registry is based on either blockchain (public or private) or another immutable distributed ledger technology (DLT). The registry maintains anonymity and the security of the whole claim system by enabling the exchange of decentralized identifiers (DIDs) between parties — including current public keys and related metadata — while establishing identity ownership and the source of a credential.
A Revolutionary Solution
The revolutionary aspect of SSI is that it removes the trust issue from the holder/verifier relationship. And because there’s no need for contracts or APIs between credential issuers and verifiers, the process creates a flexible and dynamic transactional model leading to extra efficiencies, optimized costs and enhanced UX.
Selective disclosure (enabled by zero-knowledge proof technology, i.e., only releasing information that’s essential for the transaction to take place) is the other key element.
Crucially, credential content originates from known players, including government agencies, municipal and regional authorities, educational institutions and the like. In other words, self-sovereign doesn't mean we invent facts — most come from trusted institutions. Consequently, we’re able to stop using paper-based processes and create true digital rails for all kinds of processes. The technology brings facts and identity from machines and smart contracts into the mix as well, accelerating digital transformation and establishing new business models.
How Does SSI Work in Practice?
There are as many SSI applications as there are business models. However, they can be divided into three basic areas: Identity as Key, Content and Orchestration.
Age Verification Use Case
1. Identity as Key
Streamlining Verification for Better UX In this application, SSI is simply used as a tool to verify whether someone is entitled to access something. This covers everything from reward cards, access control and content consumption; through travel and mobility; to financial services and healthcare records.
Use Case: Age Verification In 2020, we produced a proof-of-concept project for a national rail authority. Focusing on age verification for the sale of alcohol at kiosks, we developed an SSI program on the Hyperledger Indy and Aries projects to process transactional proof requests. Using QR codes, claims were created and communicated via a verifier app used by the salesperson (inspector-verifier) and a wallet held by the customer (the holder). This meant:
Transactions were processed efficiently and accurately — no calculations performed by the salesperson
The customer enjoyed an express service and maintained control over their privacy thanks to zero-knowledge proof
Not wishing to reinvent the wheel, we leveraged the client’s existing infrastructure, taking the role of issuer.
2. Identity as Content:
Risk Mitigation While SSI doesn’t rely on blockchain, it makes things much easier. However, there could be connectivity issues or you might discover that the scale doesn’t warrant blockchain technology. In this case, you can still use SSI as long as you build an element of trust into the custody chain.
Use Case: Anti-Counterfeiting SSI helps prevent IP theft in pharmaceuticals by introducing accountability, traceability and creating a hierarchy of authorized handler claims. The manufacturer assigns a digital identity to a package, creating a hand-off claim as it’s passed to an authorized regional distributor. This is repeated from local depot to courier and on to the final receiver (e.g., a clinic). The claims history is then sent back to the manufacturer to verify the authorization of each link. If a link is broken, we know where to look.
3. Identity as Orchestration:
Data Protection in Complex Systems The more moving parts and choices in a system, the more complications and security challenges there are. SSI is the perfect tool for orchestrating multiple parties and processes in one secure data environment.
Use Case: Identity Orchestration The shift to personalized treatment and medicine has added an extra level of complexity to the healthcare supply chain. It has significantly increased the exchange of highly-sensitive patient data, contracts and goods within a growing network of interested parties (e.g., practitioners, insurers, patients, hospitals, manufacturers, couriers and so on).
We developed Cordentity (an open-source framework) to address this challenge, specifically. Powered by a combination of Hyperledger Indy and Corda, our SSI management system embeds traceability, immutability and transparency into the supply chain, making sure patients’ personal data are only disclosed on a zero-knowledge proof basis to trusted parties.
Contact us at email@example.com to learn more about the power of SSI and how it can help resolve many of your everyday business challenges.
VP of Technology Strategy, DXC Luxoft
Vasily Suvorov is a technology strategist with extensive experience of defining and creating software and hardware systems based on emerging and science-intensive technologies. He has created startups in computer telephony and wireless mesh networks. Vasily is focusing on creating internal startups to work on emerging technologies such as blockchain, connected cars, next-gen automotive human-machine interfaces (HMI) and network functions virtualization (NFV).