The design of a verifiable data exchange

At Dhiway we think of designing systems that are secure, focus on privacy and can scale for the nation. With the onset of the 21-day lockdown we met to think over the design of our system and how it lends itself to an evolving set of use cases. And at the center of this, all is our platform built around Self-Sovereign Identity (SSI) and Verifiable Credentials.

The COVID-19 situation is a pandemic. And there are a wide variety of systems, applications, and methods being discussed, reviewed and deployed by governments across the world. While a pandemic brings about its own set of challenges, we believe that the fundamental drivers of the solutions remain pinned around identity and the ability to own and control the extent to which personally identifiable information (PII) is interlinked with contextual information around the individual.

Designing any system is about making choices. From a range of options and possibilities, we select a set of ideas that align with the basic principles of our organization. These enable us to create a set of building blocks that allow applications to be developed for a wide ranging set of use cases. In a previous post Satish pointed out how SSI is critical to be present and powering applications. SSI represents a further evolution of identity and access systems. From the well known models of centralized and federated identity brokers, SSI is a decentralized system that removes the need for intermediaries which enable individuals to create an account prior to obtaining the required identity information. This concept of identity is coupled with the open standards based Verifiable Credentials. The W3C describes these as tamper evident credentials whose authorship can be cryptographically verified. These forms of information packets are of everyday use and more so during times of crisis response.

The Dhiway platform is best described as a “verifiable data exchange” platform. It is often easier to understand the concept of data, metadata, and verification in the context of real world applications. Let’s walk through a few scenarios (specific to the present crisis) to establish the urgent need to have verification protocols.

Emergency responders

  • Individual or vehicle movement pass — In any time of crisis the government needs to quickly put together a system which enables authorised individuals and vehicles to be available for essential services and commodities. In other words the declaration “I am an individual authorized to deliver this service using this vehicle” needs to be translated into a mobile-first experience. This is a 2 stage flow. The individual uses a government issued identification to create the identity packet which then requests for the pass/credential. The request is reviewed by the appropriate authorities and upon approval a digital credential with a defined duration is made available to the mobile wallet. In case of a vehicle (because yes, even objects can have digital identities and need verifiable credentials), the unique data contexts (engine/chassis number along with the registration number) are layered with the identification of the owner (or, driver) and a similar credential is made available. The user can now present the underlying identity to authenticate the verification by law enforcement. The issuer can revoke or change the status of the credential as determined by on-going regulations.
  • Registered medical professional — A medical professional follows a similar flow as above and their credentials can be tagged so that they can be part of an outreach for assistance based on demands from various locations. The medical professional can use their existing registration detail to create an identity which is then used to couple with the credential created.
  • Pharmacists delivering against a prescription — The holder of the prescription presents the same to the pharmacist who can validate the authenticity of the prescription (whether it is valid; has been issued to the patient etc) prior to providing the medication. This implies that the lifecycle of the doctor-patient interaction is built-in with the ability to generate a verifiable credential attached with the prescription. This method also enables integration with insurance coverage and data exchange specific to that

Community focused outreach

  • Enabling community engagement — By creating verifiable credentials for designated individuals who volunteer for community outreach and help, we reduce the friction and trust deficit that is often associated with dealing with unknown individuals. A volunteer health worker can present a set of verifiable credentials which demonstrate her/his role and establish the authenticity of the engagement.
  • Identifying those vulnerable — individuals with special needs can carry credentials which form part of monitoring dashboards and allow community workers to respond quickly to specific needs after verifying the identity and requirements of the individual. A set of examples could include individuals who need attention because of on-going treatment to address mental health or, individuals who may be in the category of being at high risk for infections in case of disease outbreaks.

Public Health topics

  • Declaration of status — A personal digital wallet of credentials allows for self declaration of health status. As an example, during the present COVID-19 crisis, individuals can present for verification credentials around quarantine protocols, treatment, etc. At each stage when the verification of the credentials are undertaken, the meta-data for the interaction is also recorded and becomes part of the history allowing the individual to travel/relocate.
  • Creation of administration dashboard — Anonymised data sets built from verifiable credentials use the ZKP (ie, Zero Knowledge Proof) principles to provide a dashboard for civic authorities. The creation of dashboards based on such data allows for monitoring and resource planning while keeping abstracted from the specific nature of PII which is not relevant to the tools like dashboards.

Government and law enforcement agencies

  • Tracking and tracing during emergencies — Creating verifiable credentials built upon real identities allow agencies to rely on these as foundational aspects of applications which are designed to track or trace the movement of individuals during emergencies. This form of data privacy enabled systems help address and alleviate some of the concerns highlighted by privacy experts through review of proposals from enforcement agencies around the world.
  • Information and notification dissemination — Personal digital wallets with credentials allow for more focused and immediate dissemination of information and notifications pertaining to local law enforcement and public health
  • Additional role creation — In addition to the digital identity as an individual citizen, layered identities can be created which allow designated officials to undertake their roles as specific levels of authority and interact with the citizens by being able to establish that role and electronically attest credentials presented to them.

There is a common pattern to the scenarios. A real-life identity is translated into a digital version and is coupled with attributes and contextual data generated by a variety of interactions. When the contextual information is presented to access benefits, there is a need to verify the veracity and authenticity of the information. And the methods utilized to complete the verification process do not require the holder of the information to disclose every component of the identity or facets of contextual data they possess. A very focused, limited footprint of data exchange is sufficient to review the authenticity and authorise access based on identity. Since the system does not require an intermediary broker of identity verification, the ownership is with the holder and is present in the form of a personal digital wallet. There is an added element of data portability along with the convenience and privacy that is available through a digital identity system powering a data exchange network.

Experts are already discussing the possibility of encroachment of privacy in the various solutions which are being adopted. And at the same time, it is true that the design of such solutions does not have to be an “either/or”. We know that when SSI based platforms enable applications to be developed, there is more focus on privacy protection; data security and enabling methods which are tamper-evident. These methods are robust and information rich to address the needs created during emergencies or humanitarian crises. The critical element is to consider each use case (in the examples above) from the perspective of the following questions

  1. Is the holder of the credential authorized to undertake the action they claim
  2. Is the holder of the credential able to demonstrate who they claim to be?
  3. Is the holder aware of who is asking for their credential (ie, who is the verifier?)

The present state of building blocks which enable Zero Knowledge Proof based access/identity routines allow such questions to be answered in the most efficient way. We have built our system around the principles of “verifiable proofs”. So, the digital ID created is backed by foundational IDs issued from the appropriate authorities. And when the required credential is created, it uses the cryptographic envelope which can be verified by anyone upon consent and sharing by the holder. At each stage of this workflow, there is an audit trail which enables the necessary set of data points to log and analyse. Implementing this workflow addresses the topic of trust deficit in a data exchange mechanism. The holder can definitively assert their identity and the credentials acquired as part of the identity. The verification process uses standard cryptography to demonstrate the trustworthiness and correctness of the data presented.

The Dhiway platform is mobile-first as this is the user experience we seek to establish. A mobile phone represents a significant bit of investment and personal ownership. And our data exchange workflow works to gain from that. By pinning the holder-centric flow around the mobile device we take out the learning curve around cumbersome additional keys, fobs, and devices. If the mobile device itself is misplaced or, possession is lost — it is relatively easy to revoke the device and provision a fresh one with the credentials. In our design of the service we keep in mind the patterns of user experience. A rich set of mobile applications have made it second-nature for users to seamlessly share detail and exchange information. Our service builds on this familiarity and empowers the user to frictionlessly and securely share data based on an established layer of trust. The issuer-holder-verifier triangle of trust (or, the triangle of identity) reduces the chances of unverified or wrong data being shared within the system. Consequently, it also addresses the expensive part of the business workflow — the need to verify data presented by a customer or user of a service.

The open source projects on which we build our service are strong communities of contributors. Pulling together decades of experience in the fields of technology and civic policy; identity and access management; distributed ledger technology; public services and governance and community building the open source development model allows the software releases to be rich, well-tested and built for scale. Building systems which originate from a mission to empower the entire set of citizens in a country need the strength of a global community to be blended with the nuances which determine how it will be deployed at the local level. Our aim is to enrich transaction flows by using existing systems of identification with attributes of privacy, ownership and convenience. We believe that these characteristics will contribute to the national vision of enhancing the ease of doing business — transactions which are citizen-to-government; government-to-citizen; citizen-to-citizen aside from the well established B2C and B2B channels.