Know Your Supplier: Digital Identities in the interconnected Supply Chain Management
This article is also available in German. You find the German version here: https://medium.com/evan-network/know-your-supplier-digitale-identit%C3%A4ten-im-vernetzten-supply-chain-management-761ce1c0b796
Today, supply chains are networked and are becoming increasingly digital. A major challenge hereby is trust in the digital identity of the business partner. Due to market dynamics, driven by rapidly changing customer needs, the possibility of trusting digital cooperation with new business partners is crucial. Therefore, companies need secure ways to manage their own digital identities and verify those of their business partners.
This article refers to the B2B interactions. Therefore, the digital identities of the companies (legal entities) and — due to the increasing need to integrate IoT devices into transactions — also the digital identities of products and machines are paramount. It is not about human identity and the associated requirements and systems. For a clear distinction, we, therefore, use the term “digital twin” instead of the “digital identity”.
An essential requirement for digital twins is the linking between the real and the digital world. In a digital business transaction, it is substantially important to prove the authenticity of one’s own identity and to verify that of the transaction partner.
This verification can be fulfilled via the following steps:
- Is the company what it states to be?
- Does a machine integrated into processes belong to the stated company?
For both stages, a uniform and secure way is required to verify the data of a digital twin. In a purely digital transaction, it must, therefore, be ensured that communication takes place with the right interaction partner and that the relationship with the organization is both real and trustworthy.
In today’s supply chains, the management of digital identities is highly fragmented and characterized by numerous data silos. For example, data about suppliers is redundantly stored multiple times within the systems of the business partners involved. An initial exchange of data between business partners and the updating of those entails numerous documents and manual steps. Thus, it is almost impossible to automate the verification of such identity data as a prerequisite for scalable digital processes.
Centrally organized identity providers and supplier platforms are trying to close this gap. The platform provider acts as a trust instance by verifying identity data and making it available to the business partners. However, such scenarios contain a high dependency on the platform because identity data can no longer be managed by the business partners themselves, and all participants must adhere to the rules of the platform operator. Also, the platform operator gains insight into the supplier network itself, as it knows the players acting together and their relationships. Due to the increasing importance of identity data in digital processes, this central approach is both a risky undertaking and creates uncontrollable economic dependencies.
Decentralized supplier management as the basis for trustworthy digital business relationships
A possible alternative to centrally organized identity providers and supplier platforms is the decentralized supplier management. In this case, companies and organizations have a digital identity in a decentral infrastructure, which they manage themselves and which is independent of individual service providers.
The so-called “verifiable claims” can be associated with a company identity, digitally signed and thus verified by a trusted party. For example, in practice, such claims (features) can be represented by certificates or quality labels.
In a digital business relationship, the trustworthiness of a cooperation partner can be defined based on the claims. The administration of the identity and the claims is the responsibility of the respective owner of the identity. No third party has access to this data. The owner himself decides which data is shared with what business partner. If such identities are used in digital transactions, they can automatically be verified by the business partner with the associated certified claims as a sign of trust. Digital identities enable correspondingly automated business transactions that rely on decentralized, autonomous management and thus guarantee the autonomy and independence of the business partners.
To illustrate the potential of decentralized supplier management, we would like to present two application examples in the following.
Application example: Supply Chain
Proving quality and complying with regulatory requirements throughout the entire supply chain within the multistage supply chains, for example in the area of corporate social responsibility, is still a major challenge. In many industries, particular players of the supply chains remain unknown. Participants must ensure that subcontractors comply with the requirements imposed on them and have the appropriate certificates and audit results. Therefore, compliance with regulatory norms along the entire supply chain remains nearly impossible to validate. The bigger the supply chain is, the greater is the problem.
One of the industries with multistage supply chains is the textile industry, where companies face a major challenge while checking the conformity of all suppliers. Moreover, even newly introduced seals such as the “Green Button” in Germany only check conformity with the guidelines within the first two stages of the supply chain.
Where does this lack of transparency come from? Why can the supply chains not simply be disclosed? This doesn’t happen mainly because the relationships with suppliers themselves represent a significant value for companies, and they can not be disclosed to customers out of the competitive and strategic reasons.
How can decentralized supplier networks maintain this protective function and create regulatory transparency at the same time? This is exactly the spot where the self-determined corporate identities and verification services come together.
The individual suppliers and certifiers have a digital identity (digital twin). In the role of a certifier, the digital twins of the companies are verified by the accreditation body. For their part, they can now verify other companies (or their digital twins) regarding the respective certificate. The company placing the order generates a digital contract when it commissions its supplier, which is then passed on along the supply chain. All participating companies now supplement the verified certificates (claims) associated with them in this supply chain contract under their own identity. The identity of the companies is given as a pseudonym, so that identification by upstream or downstream suppliers is not possible. On the other hand, the individual certificates can be viewed by any third party, and their validity can be verified. Within that process, the traceability is ensured along the way from the issuer of the certificate up to his certification (e.g. by the accreditation body).
With this technological approach, the following problems can be solved:
- Regarding desired characteristics (e.g. CSR certificates), supply chains become transparent without disclosing the actual actors.
- Certificates are tamper-proof because they can always be traced back to their issuer.
- Certification processes are simplified because existing certificates can also be trustfully used in further business relationships.
- Gaps in the certification of suppliers are identified and can be filled.
This practical example of a combination of decentralized identity management and certificates is not only relevant for the textile supply chain, but also for all the supplier networks in which companies work together indirectly and must create continuous transparency for compliance with standards and guidelines while at the same time ensuring the data sovereignty.
Application example: Sharing Economy
If machines are jointly used by different companies, as it is the case with, for example, the rental of construction machines or vehicles, numerous players are involved in the process from the contract conclusion to the usage and handling of the machines. There, the following central questions arise:
- How can suitable resources with free capacity be found?
- How can external resources be integrated into one’s (digital) processes?
- How can the delivery and usage processes be automated as much as possible?
Here as well, digital identities and decentralized cooperation networks are an important prerequisite for the cross-company process handling without dependencies on central intermediaries. In the example of construction machinery rental, lessors operate a digital marketplace in which resources can be exchanged in a trusting manner. The central condition for this is a digital and verified corporate identity. Having such an identity, the lessors can equip their machines with digital twins that are assigned to and managed by them or their corporate identity respectively. Discovery of free resources takes place indirectly, i.e. a request for a resource is shared within the network and can be answered by the providing companies. During the discovery process, the companies act under a pseudonym so that their actual identity remains hidden at that stage. When the request and resources of the two business partners match, they can reveal their identities to each other without involving a third party and verify the business partner’s trust. If it comes to a contract conclusion, the right of disposal is represented in the form of a digital contract. This digital power of disposition (rental agreement) can now be used by users, verified by the lessee (for example, one of his employees).
Through the IoT integration, it also becomes possible for the machine to check the user’s digital right of disposal itself and thus map end-to-end process digitization without having to resort to a central intermediary.
The evan.network was developed to digitize automated, cross-company business relationships without forcing the business partners to become dependent on platform operators.
Thereby, the focus lies on the transfer of trust from the real to the digital world. Digital data in the form of digital identities, digital twins or digital contracts are created and managed autonomously by the business partners. No third party gains insight into the respective business relationship. Verification Services can be used to build trust chains that enable automatic verification. Thus, evan.network creates the basis for cross-company digital business relationships without dependencies on third parties.