Swisscom Blockchain & Spherity are Co-developing Cloud Identity Wallets
Swisscom Blockchain and Spherity have both built interoperable Cloud Identity Wallet solutions that handle this kind of world-class, highly trustworthy data, allowing it to transcend silos, proprietary systems, and blockchains.
It seems like every day the market for data grows larger, but not all data is of equal value: on the contrary, data’s value increases exponentially the more trustworthy it is. There is a rising demand for trustworthy data, particularly for verifiable data that can travel far and wide without risk or privacy complications.
Binding data to digital identities at a low level is the key to bringing more value to all stakeholders in any industry, and making data trustworthy and verifiable anywhere. At its heart, this is what an identity wallet does, and we are proud to have developed two industry-leading, enterprise-grade identity wallets tailored to the documentation needs of the pharmaceutical industry.
“We both offer similar solutions and we decided to work together while designing our products because we both wanted to create solutions that are, since day 1, interoperable.”
says Luigi Riva, Senior Technical Product Manager, SwissCom Blockchain AG
Goals and Accomplishments
Swisscom Blockchain and Spherity both have seasoned teams of developers and architects with decades of experience in decentralized and traditional Identity and Access Management, as well as cybersecurity and cryptography topics. For this reason, we see the value that will be unlocked by the emerging Worldwide Web Consortium standards for identity-linked data, but also the challenges that come with such innovation.
These include the properly technological limitations of the current generation of platforms and products, such as the customizations we’ve had to make to the open-source Indy libraries to accommodate our clients’ high security requirements. Because of these high requirements, we also value cryptographic agility and work hard to future-proof our security model as well as our codebase. Another technological upgrade we made to the underlying codebase entailed carefully linking verified “attachments” to create a hybrid solution (both machine-readable and human-readable) beyond the size limitations of a traditional Indy-style verified credential.
But the most important challenge is balancing these kinds of customizations against the promise of interoperability and freedom from “vendor lock-in”. To fulfil this promise, we chose not just to work together closely as “coop-etitors” but to go one step further, “co-developing” two parallel solutions cooperatively and making sure both of our customizations staying interoperable with the underlying platform and other wallet providers. Comparing designs and testing interoperability throughout the process. We based our two solutions not just on existing Hyperledger Indy standards, but worked together on more future-proof prototyping of a solution inspired by the ongoing Hyperledger Aries specification process (technical readers can find more detail here).
Security features fit for a king
The current drafts of the Aries cloud-agent specifications are light on details about security, yet our clients on this project were enterprises with high standards in that regard. Given our shared commitment to security-by-design principles, we were able to prototype mechanisms for exchanging verifiable credentials between “cloud fortresses” while still building top-of-the-line enterprise security features into both our wallets:
• Data Loss Prevention Mechanisms: Redundancy mechanisms ensure that sensitive data is not lost to system failures, misused, or accessed by unauthorized users.
• Multi-Tenant Design: Each customer shares the software application and also shares a single database. Each tenant’s data is isolated and remains invisible to other tenants.
• Custodial Approach to Key Management: Wallets secure, store, and share sensitive documents, firewalled from access management and key storage systems
• Auditable Wallet Metadata: In highly-regulated sectors, privacy often has to be balanced against auditability. For this reason, we added the capability to give an appropriately-permissioned user such as an auditor verification access to wallet-transaction metadata.
First Joint Project
Our first joint project was in the pharmaceutical industry, where we provided our respective cloud wallet solutions to different actors in a pharmaceutical supply chain. Our interoperable, co-developed data exchange system was successfully subjected to a stress test in a proof-of-concept trial.
The use case being validated was the onboarding of suppliers within a pharmaceutical supply chain and the maintenance of those credentials. Since brands are responsible to ensure upstream compliance, they need a high level of certainty that this crucial paperwork is accurate and up-to-date at all times. Incorporating sophisticated
cryptography not only increases the level of assurance, but also makes the process considerably more efficient and agile. Switching from manual processes to ones based on digital exchange of credentials between secure cloud wallets drops a supplier’s on-boarding time from 30 days to as little as 3. How we solved Third-Party Risk Management in complex Supply Chains can be read here in detail.
A clear path to more resilient data systems
Decentralized digital identities are a powerful organizing principle for data systems which provide high levels of privacy, security, and verifiability at the same time. Few industries have requirements for all three criteria as high as those of the pharmaceutical industry, but we have also proven analogous and adjacent use cases and business cases in other fields, such as manufacturing supply chains and mobility systems.
These technologies will make cloud-based software more trustworthy and verifiable, while making enterprise business processes more efficient, agile, and resilient. Binding data to digital identities at a low level and gradually moving important data exchange from proprietary platforms and email to identity wallets is the key to bringing more value and more trust to all stakeholders in any industry. As the key management solutions currently reaching maturity and hardness become standard practice outside of the software industry, these technologies will be well-positioned to vouchsafe the security models of tomorrow.
The W3C standards for decentralized identity enable powerful new ways to build digital-first interactions between corporations, based on trust infrastructure and cryptographical assurances. Much of the press coverage of these standards focuses, understandably, on the most tangible and obvious use cases: managing the identity credentials of individual citizens and users of the web, with all the legal complexity that entails. But what enterprises call Identity & Access Management (IAM) and corporate identity use cases are far closer to production, powering business cases that are marching towards production today.
“Companies have to comply with identity regulations that are getting more demanding over time, such as GDPR and national laws about privacy and consent for data sharing. It is easier to adapt to these changes over time with a sophisticated identity layer in your IT infrastructure.”
says Dr. Carsten Stöcker, CEO, Spherity GmbH
The core concepts of business strategy, like reputation and risk, will be transformed by these new infrastructures, which reduce the role of intermediaries and informational asymmetries by safely drawing on shared records. The future digital economy includes cooperative business models, among independent organizations, machines or algorithms, demanding a more agile, resilient business culture that preserves the privacy and independence of actors big and small. In this future, identity wallets will be so central to everyday business at so many levels, that no one will remember how recently they were invented, or who pioneered their design.
If you have any questions about how our cloud wallet could power your enterprise credentialing use case, feel free to reach out with any question or book a demo directly. You can also follow us here, or on LinkedIn, or sign up for our newsletter.
Please direct press inquiries to: