Self-Sovereign Identity or SSI is the concept of individuals or organizations, i.e. users, having sole ownership of their digital identities, and control over how their personal data is shared and used. This adds a layer of security and flexibility allowing the users to only reveal the necessary data for any given transaction or interaction. Since identity is such a central part of society, UNISOT, through its UNISOT ID service, offers our customers control over their data. Under self-sovereign identity model users who have one or more identifiers (something that enables a subject to be discovered and identified) can present claims relating to those identifiers without having to go through an intermediary. In the following sections we will outline how SSI can change the way you interact with others on the Internet as well as in the real world.

ENABLING NEW BUSINESS MODELS

SSI is often regarded as the missing identity layer for the internet and this hints to the great variety of use cases in which SSI can create value and, thus, its potential to give rise to new SSI-based business models. Generally speaking, SSI can enable the privacy-respecting monetization of personal data, which is in strong contrast to current ways personal data is being monetized (ad-based models). One of SSI’s most promising features is the simplification of digital interactions and transactions.

The opportunities range from seamless identification and authentication (without usernames or passwords), through user friendly and inclusive data management and transmissions (data transmission with a single click as opposed to filling out, scanning, sending, or even physically delivering forms), to enabling the fully digitized and automatable delivery of services which currently require time consuming involvement of citizens (in the form of paper-based applications, personal appointments during office hours).

INCREASE OF SECURITY AND DATA INTEGRITY

A major challenge related to paper-based credentials and processes is their vulnerability to security issues such as physical document forgery, identity theft or just plain errors in transcribing due to human errors in data processing. UNISOT ID increases the security and integrity of our users’ data by leveraging blockchain and technological concepts closely associated with SSI (authentication based on the cryptographic keying, material associated with DIDs, cryptographic signatures, R-puzzle knowledge proofs, Verifiable Credentials and Presentations).

By leveraging SSI, all types of data associated with entities and things could be digitized and converted into a secure, tamper-proof, privacy-friendly and re-usable digital format in order to solve various issues that current processes face, which are based on outdated methods.

ALTERNATIVE TO DATA SILOS

Current data management systems are built on centralized architectures where data is stored and managed centrally in a system that is usually controlled by a single organization. One of the problems associated with this form of centralized design is that each system is different, often significantly. On a technical level, this means enabling the exchange of data between such systems can be very costly and time-consuming. This data exchange usually requires the development and maintenance of complex interfaces and possibly the harmonization of technical specifications and components. As a result, most of the data belonging to individuals and organizations is stuck in systems which are not able to interoperate and communicate with other systems, hence the term „data silo”.

Making such data reusable for processes, interactions, and transactions that happen outside the respective silo requires cumbersome and expensive workarounds. In contrast to current systems, UNISOT ID has a completely decentralized, open, and extensible architecture which aims to offer an alternative to current data silos by democratizing control over data. With UNISOT ID, every user can decide where data is stored, based on the promise of full data portability, or with whom data is being shared and for what purpose. Instead of data being fixed within the system of a certain organization, the respective organization can simply issue the relevant data to the associated entity which can then re-use the data in interactions with other systems.

Figure 1. Isolated identity providers (image courtesy of CEF digital)

INCREASE OF TRANSPARENCY

SSI can bring greater transparency to the way personal data is currently requested, accessed, and used within the public sector. This change to transparency is because persons are in full control of their data and therefore no one can access or use their data without their consent which is why they must be involved in every transaction. Even if some decide to opt into policies for automating data transmissions they can always opt out.

Through UNISOT ID our users have the ability of minimal and selective data disclosure which means that you can have very detailed information about what data is required and used by the other parties you interact with. For example, if an entity requests a proof of exact age, the individual may conclude that is also the proof of being older than a certain age that is being required. Requests for personal data can include metadata, such as informing about the request’s purpose and the intended use of the respective data. individuals can require that if an entity requests their data, the entity must identify itself by disclosing identity proofs together with trust assuring attributes.

COMPLIANCE WITH REGULATIONS

UNISOT is committed to open standards and data protection at the highest level and at the current state of the art in digital data formatting and management. The number of laws that aim to regulate the way data is stored, managed, shared, and controlled is rising globally, particularly since the European General Data Protection Regulation (GDPR 2016/679) came into force. UNISOT ID solution offers full compliance with GDPR and it appears to offer the best factual implementation to realize the will of regulators in today’s digital data society because it puts individuals in full control of their data and provides the means to support the enforcement of individual rights.

By being compatible with the European Self-Sovereign Identity Framework (ESSIF), UNISOT ID also offers full legal compliance in accordance with the electronic IDentification, Authentication and trust Services (eIDAS 910/2014) regulation. This includes the legal equivalence of electronic signatures performed by our UNISOT ID service with handwritten signatures and full KYC solutions for substantial and high levels of assurance.

Figure 2. The SSI model data sharing model (image courtesy of CEF digital)

EMPOWERMENT OF INDIVIDUALS AND ORGANIZATIONS TO CONTROL THEIR DATA

UNISOT ID empowers individuals and organizations to be in full control of their data and digital identities. This is realized by providing them with the technological infrastructure required to create digital identities independently of a central authority. Next, with this system a person can enrich their digital identities with claims which are basically secure, and re-usable digital equivalents to current, paper-based, issued credentials (passports, driving licenses, healthcare records). Finally, citizens can use the provided tools to manage and utilize such claims (apps, agents). Also, all types of personal and sensitive data as well as the means required to access and utilize them (cryptographic keying material) are stored securely at the user’s discretion in so called „wallets” on their edge devices, such as Smart Cards, Mobile Phone and PC.

For added security, we add a hardware wallets in the form of a Smart Card which integrates the wallet management and recovery into a card not unlike standard credit cards. We feel it is important to note here that our commitment to privacy and data ownership is complete. Once a user is on boarded onto the UNISOT ID all the data stored in our applications is theirs to keep even if they discontinue using our services.

Furthermore, our adherence to international standards and the common European Blockchain Services Infrastructure (EBSI) ensures that our clients can also transfer their data to a different service provider meaning they are in no way locked into using UNISOT offerings. We believe that our customers will choose to continue using the UNISOT ecosystem not because they are forced to but because it is simply the best option on the market.

DECREASE IN COSTS

Given SSI’s ability to facilitate faster and easier delivery of services and interactions, to digitize and streamline processes, to offer an alternative to current data silos, and to enhance security and data integrity, the potential to save significant funds is obvious. To provide an example, Dutch TNO estimates that SSI can save European governments between 10 and 100 billion Euros per year by facilitating the validation of data.

Mirko Stanić
UNISOT Enterprise Architect