A report on the Digital Identity session at Seattle Devcon
The title says it all. Vaughan Emery, CEO of Datafi Labs in Seattle, wanted to grab the attention of developers attending Seattle Devcon—one of the Northwest’s largest annual blockchain conferences. He got it by emphasizing the sheer size of the digital identity problem that self-sovereign identity (SSI) architecture can solve.
To make the case, Vaughan lined up three other leaders in SSI to join him on the panel:
- Tony Little, Senior Director, Integration Strategy, Optum360
- Chris Spanton, Principal Architect—Blockchain, T-Mobile
- Drummond Reed, Chief Trust Officer, Evernym
In this post, we’ll summarize the key points each of them delivered about why SSI really is a trillion dollar opportunity for developers of all kinds.
Tony Little of Optum360: Today’s identity challenges account for over $100B in verification costs in healthcare alone
As the Senior Director of Integration Strategy for Optum360, a revenue cycle company that is part of the largest healthcare services company in the world, Tony is not only familiar with the problems associated with managing the different identities involved in healthcare, but also how difficult it can be to introduce new solutions. He started his talk with this slide:
It’s easy to see how quickly costs add up in healthcare: all of the parties involved in delivering, receiving, and paying for healthcare need to be able to identify each other and do so in a way that satisfies complex regulations, provides a safe environment of care for patients, and results in timely and accurate reimbursement. The topic of SSI in healthcare often gets people excited about the idea of giving patients easier access to healthcare records, but much of the potential cost savings comes from less glamorous topics like streamlining claims payment and credentialing doctors.
In fact, in the United States alone, the Center for American Progress estimates that excess billing and insurance-related costs total $248 billion annually. Providing people and organizations with a simpler, stronger, faster way to identify themselves and prove their benefits is critical to the reduction of runaway healthcare costs.
Chris Spanton of T-Mobile: We’re making your phone your SSI wallet
Chris took the mic next to talk about the work T-Mobile is doing to make SSI a reality. The key lies in figuring out how to let people use their phones to prove their identity the same way they use credentials in their wallet to do that today.
Chris explained that the smartphones sitting in the palm of our hands are easily powerful enough to do this job already. The challenge is to make them secure enough to trust as your full-time digital wallet. To tackle this problem, he summarized what T-Mobile is doing to integrate each of these technologies:
- Arm TrustZone enables the creation of Trusted Execution Environments where sensitive information can be stored and shared in a secure manner.
- The Apple A12 Bionic is a computer chip that provides superior energy efficiency.
- Titan Security provides a hardware chip that handles key management and ensures a phone is running the correct operating system.
As the Principal Architect of T-Mobile’s blockchain efforts, Chris also explained how T-Mobile is contributing to the open source NEXT Identity project and to the Hyperledger Indy and Aries projects.
Vaughan Emery of Datafi Labs: We’ll never keep up with security challenges without moving to SSI
With two decades of work in cybersecurity, most recently in blockchain-based security for IoT devices, Vaughan started his talk by sharing a few statistics about how fast the Internet is growing in light of the explosion of IoT devices:
Every new device that comes online needs to communicate with existing devices. This leads to an exponentially-growing number of relationships between devices—and each one needs to be secured to avoid becoming the victim of a potential data leak. In fact, any time we talk about relationships—whether between two hardware devices, between hardware and software, or between devices and people—we’re talking about digital identities that need to be managed in a secure and scalable manner.
Vaughan’s next point was that our existing identity and security models are simply not up to the challenge. He cited these statistics for 2018:
Couple the 424% increase in data breaches with the 76% rise in phishing attacks between 2018 and 2017, and it’s clear that today’s digital identity isn’t working. We need a way to move our personal information away from potentially-hackable databases and a way to limit vulnerabilities, like passwords and usernames. In other words, we need SSI.
Vaughan recounted his own painful experience in dealing with these exponential security issues, which led him to pursue SSI. Building crypto “all the way down”—into digital wallets and agents on every device, with credentials rooted in public keys verifiable on a blockchain—is the paradigm we have to adopt in order to quell this very red tide.
Drummond Reed of Evernym: We know how to solve this with SSI, and we are already implementing it
Drummond opened with a story about a change-of-address verification email he recently received from Evernym’s bank. Despite his 20 years in identity and cybersecurity, it still took 30 minutes of his and others’ time to confirm that it was a phishing attempt—that no actual address change had been made.
That’s how defenseless we can be with our current identity and security infrastructure. The root of the problem is that the Internet was built without an identity layer. At its inception, there no standardized way to manage and protect identity.
Fortunately, the tide is turning, and we have lived through (and are still living with) the first two evolutionary stages of digital identity, as our personal information is protected behind centralized logins and single-sign-on solutions:
No matter how you package it, however, the account-based model of users trying to maintain usernames and passwords is hopelessly broken. With SSI, we can finally move to the fundamentally stronger, more secure, more privacy-respecting architecture as shown by this picture:
Why blockchain? Because it can finally give us decentralized PKI (public key infrastructure)—a highly secure, yet highly distributed way to look up and verify public keys. If our phones are going to turn into our digital wallets filled with the digital versions of credentials we use to prove our identity offline today, then we need a way for anyone to look up the public keys needed to verify the digital signatures on those credentials.
Drummond explained that this decentralized PKI and credential infrastructure is now possible with two emerging W3C one standards: Decentralized Identifiers (DIDs) and Verifiable Credentials. Both of these standards can be summed up in this one picture:
With DIDs and verifiable credentials, the trust relationship that can now be formed between any two peers—which could be people, organizations, or things—looks like this:
Returning to his original problem, it was now easy for Drummond to explain how this would eradicate phishing as we know it: his bank could now authenticate itself—and any message it sent to a customer—using a private pairwise connection directly between their respective digital agents, secured by private keys in their respective digital wallets.
Drummond went on to explain what SSI will look like for the average person: as a digital wallet on their phone, tablet, or laptop (or all three) containing verifiable credentials that can be shared just as easily as the physical license we already carry around in our pockets.
With SSI architecture, the blockchain doesn’t hold any private personal information. All private data stays in your own digital wallet(s) and is only shared confidentially with the connections you specifically authorize.
Evernym has been a major contributor to these new standards as well as to open source implementations in three projects within the Linux Foundation’s Hyperledger ecosystem:
- Hyperledger Indy: A distributed ledger optimized specifically for DIDs and the other cryptographic primitives needed to support SSI. Indy was the first decentralized identity project at Hyperledger when it was contributed by the Sovrin Foundation.
- Hyperledger Ursa: Described as “Libsodium for blockchain,” Hyperledger Ursa is a shared cryptographic library for use across all Hyperledger projects—and for anyone else who needs it.
- Hyperledger Aries: The newest Hyperledger project, Aries separates out the digital wallet and agent components of Indy so they can be fully ledger-agnostic, i.e., work with any DID method, regardless of the blockchain or distributed network it was written for. The goal of Aries is to enable complete portability of digital wallets and verifiable credentials—via implementing DKMS (Decentralized Key Management System) architecture—thereby fueling broad adoption of SSI.
The numbers really do add up
When you look at the potential cost-savings of the problems being solved across all industries and jurisdictions globally, SSI really is a trillion dollar opportunity.
These experts from healthcare, communications, and IoT testified to the depth of the problems—and the size of the potential savings—associated with digital identity for almost any business. No wonder the panel concluded that SSI is truly one of the “killer apps” for blockchain.
Many thanks to CoinState, University of Washington’s Blockchain Society, and Bloccelerate VC for hosting Seattle DevCon!