*This article is an excerpt from a HashHub Research report. At the end of the article, you can download the archive video of the seminar on SSI hosted by HashHub for free, so please watch it together.
Basic explanation of SSI
Self-Sovereign Identity (SSI) is a concept that aims to allow individuals to manage their own digital identities without going through an administrative entity. The origin of the idea is to break through the problems of “loss of individual ID authority” and “silo” that conventional centralized IDs and federated IDs by third parties have.
SSI is a so-called concept, a concrete example of which is DID (Distributed Identifier), and a blockchain-based mechanism in that flow.
Expected role of SSI
SSI is ultimately a movement aimed at moving from organization-driven data management to user-driven data management.
From the user’s point of view, the advantage is that the user can specifically control the personal information associated with the user, and that multiple compatible services can be accessed with a single ID. In other words, the main expectation is to improve convenience in terms of security and seamlessness.
[Expectations of service providers]
On the other hand, the advantages of the organization, which has been the main manager until now, are expected to be one of the measures to strengthen personal information protection regulations and security cost measures promoted by each country. The reward for successful hacker attacks increases exponentially in proportion to the number of IDs stored in the target database, making it a more attractive attack target. Since the security cost is also a balance with the risk of penalties due to the strengthening of personal information protection regulations, there is also an aspect that is expected to be a solution to this dilemma.
However, not having personal information and reducing the switching cost between services will shake the foundation of the conventional ID business model, so it will be necessary to redesign the balance between risk and return, especially on the organizational side. I think that it is an issue (also called a business opportunity).
Three main elements that make up SSI
- Secure connections
- digital data watermarking
- Trusted, tamper-proof public key directory
1. Secure connection
It should be described as trustless, but it is a mechanism (called DIDComm) that enables secure communication between DIDs (Distributed Identifiers) without the mediation of a connection broker. Paraphrased as “a standard open protocol for establishing a unique private and secure connection between two parties”, note that DID itself does not necessarily provide trust as anyone can freely create it. please give me.
2. Digital data watermark
A standard, open protocol for issuing, holding, and validating various digital credentials such as driver’s licenses and membership cards. VC (Verifiable Credential) generally corresponds.
Roughly speaking, a VC is a digital certificate containing a set of data owned by an individual or an organization. It is attracting attention from the viewpoint of verifiability by a third party, privacy protection, and data portability.
3. Reliable storage
A place to store a credential issuer’s public verification key so that anyone can locate and retrieve it at any time to verify the source, integrity, and validity of any data that conforms to VC standards. You will be able to Blockchain is one example of this.
In other words, although it is one of the compatible technologies, DID is not necessarily blockchain-based.
Introduction to key use cases of SSI
SSI is characterized by identifying people, things, money, and data, and making their authenticity verifiable by a trustless mechanism, rather than by a specific organization.
The conventional ID layer was based on centralized management of IDs in each organizational silo, which caused vendor lock-in and interoperability problems. However, SSI is expected to alleviate this problem. However, it will be conditional if a de facto standard is established or if interoperability between standards is achieved.
In the context of the Global Monetary Network (open finance) that has been developed on public blockchains, it is expected to improve UX in DAOs and dApps mainly by giving credit scores to anonymous/pseudonymous addresses. I would like to cite the main use cases[education][finance]and[healthcare]developed around the consortium chain as examples.
[Education x SSI]
A digital student ID card expressed in VC is an example of an SSI use case in the field of education. The main benefits are considered to be the following six items.
1. Identity and Access
Not relying on a single vendor is something that can be expected if it works well, but it could potentially lead to a wider variety of facilities and systems that can be accessed with an SSI-based student ID card.
2. Manage achievements, skills and competencies
It is possible to centrally manage all abilities associated with individuals, such as diplomas, degrees, certificates of completion, and possessed skills, with SSI wallets. Eliminating it simplifies it, and it can be considered to have the advantage of being smoother.
3. A new digital experience in education
It is thought that there is also the possibility of adding new value to the digital experience of education. In 2., I mentioned that credits can be easily transferred when transferring schools, but this point is synonymous with the fact that credits acquired at other universities can be easily linked to individuals.
Consortiums have already been formed among other universities, but simplifying the procedures for doing so may make it easier to obtain credits between different universities. Of course, collaboration with other private educational institutions can also be considered.
4. Utilization beyond educational institutions
Any SSI-compliant system can passwordlessly authenticate individuals and onboard them to the system. As a result, it has become possible to easily apply services such as facility usage and student discounts beyond educational institutions not only in physical settings (simply showing a student ID card) but also on the Web (conventionally, certification procedures are troublesome). But hopefully it will be easier.
5. P2P communication between school and students
An SSI-based student ID enables P2P, private, and encrypted communication between schools and students. It is characterized by being able to exchange files in this safe and private environment, not limited to message-based or voice-based communication.
Also, this communication channel is only possible if you allow the connection, so being able to deny the connection if you suspect spam or phishing is also an important factor.
6. Fraud and Phishing Prevention
SSI-based student IDs can be applied by students to external organizations such as government agencies and scholarship programs. This student ID card can authenticate an individual in an encrypted manner without depending on the security technology of an external system such as a social security number or password. are also considered useful.
[Finance x SSI]
The main use cases for finance x SSI often fall into the following three cases.
1. Both safety improvement and customer experience improvement
Financial accounts require a more secure system to prevent their hijacking and abuse. As such, the higher the security, the more likely it is that the customer will have to do more to prove their identity, demonstrating a trade-off between security and customer experience.
In a nutshell, it is a challenge at the time of onboarding in the financial sector, and by utilizing SSI to eliminate the friction at the time of onboarding, the work and time cost of customer onboarding can be reduced, safety It is expected that it will be realized without loss.
2. Prevention of “account hijacking” targeting call centers and “lending fraud” by spoofing financial institutions
Account takeovers and financial institution impersonation in financial services are due to the lack of means to verify who the other party is communicating with in a remote environment. There is an attempt to utilize DID’s two-way encrypted communication function as a countermeasure against fraud caused by such account vulnerabilities.
3. Enhancing regulatory compliance
SSI is expected to be a countermeasure against high regulatory costs, complicated procedures, and penalties for non-compliance. For example, GDPR requires a reduction in the amount of data collected, while KYC/AML, on the other hand, requires an increase in the amount of information collected.
In other words, there is data that must be collected and data that is not, and instead of collecting excessive data including irrelevant data as it is now, only the minimum data necessary to execute transactions It is desirable to be able to collect
The reason for these cumbersome procedures and extra costs is that until now there has been no standard protocol for proving the identity of individuals or companies. It can be said that it provides an excellent model that allows you to confirm what kind of reason you are sharing information.
[Healthcare x SSI]
In the theme of cloud management of patient medical data, by enabling utilization beyond the boundaries of related institutions, improvement of supply chain management function, application in medical insurance, application in medical research, promotion of telemedicine, etc. is expected.If it is only to solve this point, it would be good if related organizations can access the same network, so it can be said that there is no need to dare to introduce blockchain and SSI, but on top of that, blockchain and SSI What to expect by introducingHow to effectively utilize patients’ digital data and give back to society while “protecting patient privacy and security”This is because the question may be answered.
Introductory research is progressing mainly in the following five fields.
- Data management and protection
- digital identity
- social data governance
- Healthcare and patient data
- Social insurance
Specific use cases include introduction to HIS (Healthcare Information System), linkage between SSI and IoT, in other words, remote treatment based on digital devices linked to patients, and other health care that has been focused on due to the spread of new coronavirus infection. The range of applications is ambiguous, such as VC conversion of data and acceptance at each facility.
For those who want to know more about SSI cases
HashHub, which has a track record of working with more than 90 companies on Web3, can download archived videos of webinars that explain the outline and use cases of SSI / DID for companies considering Web3 business for free. It is. We would appreciate it if you could use it as a material for your company’s NFT business consideration.
▼Click here to download archived videos