Identity and access management (IAM)
for many industry sectors
Data security in all processes

Get Started

INDUSTRY SECTORS

With the increasing digitalisation of all life and business segments, the exchange of digital data and information is also strongly increasing. Security, transparency and a clear identification of the sender and recipient are the most important aspect. On the basis of the self-sovereign identity, decentralized identifiers (DIDs) and verifiable credentials (VC), the IOP Console offers all this and more. In this manner, the most diverse industry sectors benefit from the fact that various business processes are simplified and at the same time become verifiable, forgery-proof, can be clearly assigned and simultaneously become more affordable. Arguments that are convincing a growing number of companies, organisations and authorities.

APPLICATION EXAMPLE

FOOD

Since 1 January 2005, the traceability of foods according to the EU regulation no. 178/2002 (Basic Regulation) has become anchored as the legal obligation for all companies of the food chain. An obligation for traceability also applies to all products that come into contact with food, e.g. packaging and dishes. In view of complex global flows of goods, the traceability presents an important safety instrument to facilitate damage limitation and be able to provide consumers with secured information in the event of special incidents by means of a root cause analysis and traceability of the process chain that is as accurate as possible. Specifically, this means that each individual product requires a certificate of origin:

  • From the egg to the hen to the chicken breast on the plate in a restaurant,
  • From GMO-free wheat field to the organic mill to the fresh organic bread at the bakery or
  • From the Fairtrade coffee plantation to the traditional Hamburg “Kontorhaus” (the characteristic mercantile office buildings) to the espresso cup at the coffee bar.

… all certificates of origin are provided by hand. For example, for food companies to be able to fulfil their obligation to inform authorities upon request on their suppliers and commercial customers and/or continue to have specifications on the scope, amount and possibly batch number and the description of a product for authorities available, this involves an enormous amount of paperwork, innumerable interfaces and much more. In spite of the greatest of care and traceability systems that often have been individually adapted to the specific business and operating structures as well as product and process-related framework conditions, errors can never be fully avoided.

With the use of the IOP Console, each food item or product that comes into contact with food can be assigned a digital identity, which is unique, forgery-proof, verifiable, transparent and traceable for selected user groups. Simple, quick, affordable, without added effort and error-free.

APPLICATION EXAMPLE

HEALTH

The German government has been working on the subject matter of eHealth for many years. Its most prominent representative is certainly the much discussed electronic health card (medical record). This would have the advantage that patients would not have to repeatedly provide identification for each physician, therapist, etc. and have to explain their medical history once more. In fact, irrespective of the services in healthcare they provide, they would have access to a joint digital medical record that is stored centrally and can be clearly assigned to a single patient.

However, this variant has so far usually failed for reasons of data protection, as a centrally stored medical record can only be protected to a limited degree against unauthorised access. Moreover, the health insurance organisations, physicians, hospitals and pharmacies must be able to identify themselves among each other to safeguard good patient care and to receive corresponding reimbursement for the services rendered. An additional problem is presented by the lack of immediate access of the patients to their own records. This is not necessarily provided, but instead the inspection must possibly be applied in a cumbersome manner and will only be granted following a detailed identification process. As a result, the costs caused in the USA alone due to the identification processes annually amount to approximately 25 billion USD.

 

When the management and storage of a digital medical record is performed with the use of a blockchain-based self-sovereign identity (SSI), then decentral processing is possible. Patients can easily and quickly identify themselves using their unique digital identity and then receive complete access to their data without invoking an intermediary. Additional advantage: Secure access checks as well as traceability of all occurred actions are automatically included via IOP Console. With this, the use of SSI in healthcare provides the possibility of enabling patients uncomplicated and secure access to medical records as well as all health sectors and a comparatively fast, simple and cost-efficient mutual verification – and all of this under observance of the data protection.

 

APPLICATION EXAMPLE

PHARMACEUTICALS

In India, the worldwide largest manufacturer of generic drugs, the proportion of counterfeit medical products is currently estimated at around 10%. 

Interpol and the World Health Organization (WHO) estimate around 30% counterfeit drugs worldwide.

 

The consequences are a substantial loss of trust combined with enormous financial losses.

 

With the use of a blockchain-based solution and an SSI tool, each genuine product – from raw material and the supplier through the manufacturer, distributor, logistics service and dealer to the consumer – are verifiable with the use of a unique and traceable digital identity (DID). As a result, plagiarism and counterfeit products can be easily identified and their manufacture is not profitable due to the lack of a sales market. Beneficial secondary effect: The trust in generic products is strengthened as due to DID and tracking processes it is traceable in a clear and transparent manner who manufactured the products at which location and which distribution channels were used.

 

APPLICATION EXAMPLE

MECHANICAL ENGINEERING

According to an analysis performed in 2019 on user data and product sales, the costs in the area of cyber-security technologies increased significantly in 2017 and 2018 (identity management + 45%, vulnerability management + 30%, e-mail security + 30%, data protection + 25%, cloud security + 25%). The largest increase was recorded in identity management, which for example includes the issuing of user rights in companies, access control, fraud prevention and detection as well as compliance and pertains to both internal employees as well as end customers of companies, authorities and organisations.

While the identity management for a long time was only in regard to the identification of natural persons or organisations, the need is increasing extremely in the course of the envisaged development of the 5G mobile network as the basis for the further increase and establishment of the industrial Internet of things (IIoT) and industry 4.0. For example, it is the task to identify machines digitally and then controlling them accurately and individually according to remote maintenance or remote services. Performing this manually would be almost impossible and entails large risks such as liability issues.

When the identification of digital entities is done with self-sovereign identity (SSI) by means of blockchain technology from IOP, then these can be identified clearly and fault-free and then controlled in a focused manner. Irrespective whether control, registration and identification of machines in the scope of remote maintenance, remote services, predictive maintenance or similar, an accurate and adequate control of all units is possible, which are traceable and transparent. Both are aspects that are of great importance in particular in the context of possible liability risks, for example in the automotive sector in regard to autonomous driving or in healthcare with medical robots or CT scanners and can reduce these risks considerably.

 

APPLICATION EXAMPLE

LOGISTICS

Numerous experts, scientists and companies agree that future supply chains will be networked and self-organised ecosystems.  Instead of a linear chain, in which the data is transferred from one level to the next – usually manually – all relevant data of a supply chain will be available to the participants in a transparent, continuous and fault-free manner. The supply chain ecosystem generated as a result will connect internal departments and functions such as R&D, production, logistics, marketing and distribution, using joint data networks and will integrate external suppliers (tier 1, 2, etc.), logistics service providers and customers in the digital supply chains.

The complexity and the scope of the systems involved is the cause for matters such as high transaction costs, errors during the manual work steps with a large amount of paperwork or losses as a result of theft or ensuing damage to property.

Likewise problematic are for example illegal manufacturing processes, uncertainties on a product’s origin, product counterfeiting or imitation as well as limited information on the transportation history along the supply chain. Complete “chains of evidence” are often missing to provide proof on the origin of the goods or the utilised material.

 

Trustworthy, transparent supply chains and technologies, which safeguard a secure exchange of data, are required to counteract these problems. The IOP Console provides all partners that have access permission, a simultaneous access to all relevant data – nearly in real time – and with this facilitates making optimized and individual decisions on the basis of the available and always correct information. Instead of the evaluation of data that was registered manually and analysed with a time delay, decisions can be made in-situ and as a result considerable cost savings can be achieved. For example, as a result of digitalised value creation chains (supply chain management), on average, savings of 6.8% and an increase in turnover of 7.7% were achieved in 2019. Additional advantages: Due to the digitalisation of the value creation chain, the customer satisfaction was increased due to punctual deliveries and an effective risk management was created.

 

APPLICATION EXAMPLE

DATA PROTECTION

A scientific study by the University of California, Berkeley, in the USA, has proven that the main motive during the development of the Internet solely was the connection of computers. A secure identification of users and equipment was of little interest and was disregarded.

Identity solutions such as accounts and certificates were developed with an increasing number of Internet and PC users. Hitherto these however feature a multitude of critical problems such as weak or missing passwords, lack of data protection and a central data storage. The result are systems that are insufficiently secure, lacking in transparency and are even less suitable for the future.

 

To correct this, the SSI approach (SSI = self-sovereign identity) by IOP provides an important step in the right direction. Especially in connection with the Internet of things (IoT) and the industrial Internet of things (IIoT), in which machines, people, devices and companies are networked with each other, SSI forms an essential foundation. SSI returns the full control to users regarding their identity, facilitates a decentral identity management, as a result reduces the dependency on third parties and improves the privacy by a decoupling of pseudonymous and sensitive datasets, which would permit drawing conclusions on a digital identity. On top of everything, SSI improves the security and data protection of IoT applications considerably and opens up new possibilities such as decentral interactions across owners.

 

APPLICATION EXAMPLE

PACKAGING AND FREIGHT MANAGEMENT

Due to the increasingly global trade of goods, services and data flows, the effort to completely document these supply streams is increasing immensely to make it comprehensible and traceable.

A typical use case of “track & trace” entails the manual registration and tracking of an almost infinite amount of data, such as

  • Delivery date, order number and possibly HS code of the supplier
  • Batch number, product data and certificate of origin of the manufacturer
  • Delivery date, order number and barcode of a logistics service provider
  • Date of receipt and pick-up, packaging characteristics and barcode at the processing company
  • Delivery date, order number and barcode of an additional logistics service provider as well as
  • Date of receipt, order and invoice number and customer ID of the end customer

An incredible expenditure of time, numerous error sources, linear and nonetheless only to a limited degree transparent, agile and sustainable.

If instead smart contracts (i.e. computer protocols that depict contracts) are used, then many of the processes can be automated and simplified considerably. The foundation is formed by the blockchain-based SSI solution (SSI = self-sovereign identity) integrated in the IOP Console. With this, all materials, objects, dealers, suppliers, logistics service providers, etc. can be uniquely identified and traced. Moreover, all digital entities are networked, can “negotiate” independently and the billing is performed in an automated, secure and transparent manner. For example, fully automated container ships can be loaded by robots in Chinese ports, be shipped to Europe and then unloaded automated in Rotterdam and Hamburg according to the specifications.

 

APPLICATION EXAMPLE

IDENTIFICATION VERIFICATION (KYC check)

An identification verification (KYC check) is required per regulations in the banking industry and this is used to verify the identity and profile of a client, for example to prevent money laundering (“know your customer”, KYC).  

A KYC check makes it increasingly more demanding and complex for banks to gain new customers. But as a result, the complexity also increases for the customers themselves, as they are faced with a sheer endless number of forms they have to complete and run through a protracted process.

Blockchain-based solutions offer themselves such as the IOP Console. As a result of so-called digital KYC documents (KYC = know your customer), customers have the advantage that they can clearly identify themselves. For example, to open an account, it is sufficient to submit the KYC documents once with the selected bank. The display and checking of the ID documents is then performed via a blockchain verification. For entrepreneurs and private individuals, this entails a significantly lower time and personnel expenditure. With the introduction of blockchain-based KYC procedures, a reduction of the number of employees by around 10% and an annual cost saving of around 160 million US dollars is expected for the banking industry.

APPLICATION EXAMPLE

IDENTITY AND ACCESS MANAGEMENT

The most important function of a reliable identity and access management (IAM) lies in securely managing user accounts and access permissions. Users must be authenticated (identified) and authorised to assign access rights.

In the authentication, the user proves towards the system that he is the person that he says he is. Normally this is done by means of user name and password queries or sometimes also by using multi-factor procedures with security tokens or biometric characteristics.
When the identity of a user has been clearly and unequivocally established and this is authenticated, then the authorisation follows. Here, it is determined to which systems and resources the user will receive access. Usually this is based on complex rules and role concepts that are stored in a database, can be freely defined beforehand and are typically dependent on the organisational structure of a company and the field of work of a user.

It is difficult to find a procedure that can ensure 100% protection against the theft of the access data and thus the identity. The use of passwords is probably the most insecure method. They can be intercepted during entry by another person or by malicious software. Insecure passwords, which can be easily cracked, are often used for reasons of convenience. As a secure alternative, this leaves smart cards in combination with a PIN – but these can also be stolen or copied.

Biometric methods are currently being debated to make IAM actually secure – these present a higher hurdle than those mentioned above, however, they are also not fully secure. A fingerprint can be captured with a piece of film and copied. Facial and iris recognition can be tricked and manipulated with photographs. The recognition of ears is also not tamper-proof in the age of 3D printing.

When the current IAM processes are expanded with SSI services (SSI = self-sovereign-identity) of the IOP Console, then these can be considerably accelerated and simplified, enabling the elimination of error-prone and time-consuming synchronisation.  In this manner, thanks to SSI-enabled applications, companies can provide users with so-called credentials (these are digital access permissions) in a simple and uncomplicated manner, which are then immediately available to the users – and when necessary can also be revoked quickly and easily – and for example grant immediate access to data or areas. The credentials originate directly from the data sources in which they are originally created (golden source; authoritative source), they are error-free and reduce the administrative work to a minimum. Moreover, for current solutions, such as single sign-on (SSO), SSI offers the possibility of removing different access data and alternating passwords. Additional advantages are:

  • Flexibility  – Credentials can be created, assigned and revoked again as required. The same applies to the use of the credentials – they can be used for applications, internally and also between companies. For example, a company can grant access to all (or selected) employees of a new service provider to defined areas of the intranet without including these in dedicated directory services or having to create user accounts for them.
  • Security – Instead of complex authentication and authorisation processes, in which it nevertheless is never 100% certain whether the user who has logged on is actually the owner of the login, SSI credentials are solely assigned to an authorised person and can also only be used by him/her. As a result, unauthorised access is a thing of the past.
  • Regulatory compliance – SSI stands for “privacy by design” and by default is secure and data protection-compliant. Moreover, each user can determine on their (personal) data and owns this in the form of credentials, which are stored in a so-called wallet, a type of digital purse, on their smartphone or self-chosen cloud services. Based on this, releases can be performed to desired recipients, whereby the blockchain of the IOP Console will clearly document the transaction and offers the possibility of checking the credentials at any time.
  • Privacy – Each user has a unique identity in the SSI world, which can be used freely. Unlike online accounts or physical IDs, which can be “cracked” quickly and relatively easily, with SSI, the privacy of each user is secure. Because a new identity is created by the user for each relation – a DID (decentralized identifier) – no conclusions can be drawn on a user and users can gradually establish a digital identity, whose uniqueness is only evident to the user himself.
  • Discretion – Just as credentials are only accessible to involved users, the relationships between users remain discrete and secure. For companies, the SSI-based approach in IAM offers great potential, because the digitalisation is simplified significantly and corporate processes can be handled quickly, flexibly, securely, with GDPR compliance and discretely.

APPLICATION EXAMPLE

PRIVATE USERS: SOCIAL MEDIA, E-COMMERCE & SMART HOME

In Germany alone there are around 38 million active social media users, who on average have five accounts, which in total entails around 190 million login profiles. In the E-commerce segment, the number of users in Germany lies at around 68 million and throughout Europe per user and year around 18.4 purchases are performed online, i.e. approximately 1.2 billion transactions. The trend continues upwards.

However, with the increasing use of social media and E-commerce accounts, the theft of accounts, passwords, access data, etc. also increases and a growing number of entrepreneurs and private individuals are faced with the challenge of preventing this and therefore implement data protection, data security and user-led management of personal data.

SSI is a perfect solution: SSI returns the sovereignty of users on their information and makes the exchange of data and information secure and transparent. Important aspects, which among others due to Amazon’s Alexa, networked kitchen and household appliances and smart home assume a more important role. For example, SSI enables a direct relationship between persons and objects of the smart home or between persons, companies and machines. Instead of starting the smart coffee machine indirectly via a command, which is sent by the user via the smartphone to the cloud of the coffee machine’s manufacturer and this then transmits it to the selected coffee machine, the user communicates directly with the appliance. This does not only entail a considerably expanded customer experience, but also results in easier, faster and more secure updates and product improvements. Because each person and each device is uniquely identifiable, warranty claims can be recorded in real time and processed accordingly. The result are streamlined, secure and transparent processes in the company and moreover customers that are satisfied and connected with the company.