Self Sovereign Identity and MyData
Last updated
Last updated
Self Sovereign Identity (SSI) is a new model suggested to represent an individual's identity online. The technologies enabling this model, Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), were officially accepted as web standards by the World Wide Web Consortium (W3C) in July 2022. (Reference)
Instead of making individuals trust a company (or agree to terms to use a service) and entrust their personal data to be managed on their behalf, self-sovereign identity technology allows companies to request the individual's consent to access and use their data. Crucially, the individual maintains full control over their information.
This represents a paradigm shift in which individuals can actively decide to share only the information they want and control its use. Furthermore, it creates a landscape where hackers can only attack one individual at a time. In contrast, previously, they only needed to infiltrate a centralized server once to steal vast amounts of personal information, ranging from dozens to millions of records. This reduced incentive to hack individual data makes the system ultimately more privacy-protective.
Leveraging self-sovereign identity technology, Hippocrat aims to actualize the concept of 'MyData'. This concept permits individuals to exercise self-determination not only over their personal identity information but also their medical data.
The MyData model addresses the complications of convoluted API and platform models that lack incentives for data interoperability. Source: mydata.org
Up until now, our digital identities have been solely determined by accounts we hold on servers of services offered by specific companies. This arrangement necessitates the creation of a new account each time we opt for a new service. Furthermore, if identity verification is required, the process must be repeated for each service. Consequently, many people have defaulted to using accounts from larger services like Google and Facebook to log in. However, this practice results in an accumulation of personal data on a single server, heightening the risk of hacking. As our dependence on a specific service grows, so does our vulnerability to account suspension or restrictions, particularly if we are perceived as breaching the company's policies. This was recently exemplified by the US-based payment service Paypal, which attempted to implement a policy enabling it to impose a $2,500 penalty on accounts of users found in violation of its regulations. (reference)
DID (Decentralized Identifier) offers a solution to these issues. A DID is a unique identifier, created independently using mathematics and cryptography, and can be used freely across the internet. The concept is akin to assigning a unique number to every atom in the universe and randomly selecting one to be given a password (private key). This key enables control over the ID generated from that unique number and its associated information. Personal account details and associated data are stored on a blockchain, with access and control limited to the private key owner. This approach enables us to construct and manage our identities independently, free from government or corporate influence. This method is particularly advantageous in healthcare, a sector necessitating high privacy levels. As long as all computers and the internet connected to the blockchain persist, our identity record and control over it can remain secure, thus actualizing the self-sovereign identity envisioned by Hippocrat.
DIDs vary based on the blockchain they're recorded on, and Hippocrat is based on the highly trusted Bitcoin or P2P. We intend to incorporate scalability atop Bitcoin's strong decentralization and security, for instance, via the open-source DID protocol ION, endorsed primarily by Microsoft and Block.
Birth certificates, college degrees, passports, driving licenses, employee IDs, gym memberships, hospital registration cards, and prescriptions all describe and validate specific details about me. For instance, when I visit a pharmacy and show my prescription, I am able to demonstrate that a specific medication for a particular condition was prescribed to me by a certain doctor at a particular hospital. This reassures the pharmacist to dispense the medication with the certainty that the prescription is valid, and the receipt I get from the pharmacy affirms that I indeed received the prescribed medication. When these documents are collectively submitted to your insurance provider, they enable you to make a claim based on a validated record.
A Verifiable Credential (VC) comprises specific information that describes and validates certain facts about you. The data contained in a VC includes the issuer (the DID of the issuer), the subject of the credential (the DID of the data subject), and the claim being made (such as age, relationship, diagnosis, etc.), and the holder (the DID of the holder, often the same as the data subject, but a guardian could be the holder if the data subject is a minor). All this information must be verifiable, including who issued it, whether it has been tampered with, and whether it has expired or been revoked.
The traditional physical credentials referred to in the initial example are all susceptible to forgery and pose significant challenges for online verification. To address this issue, separate attestation devices and verification authorities like signatures and holograms have been used, but they fall short in privacy protection and have many cost and technical limitations for online use on a global scale. As VCs are issued on a blockchain that can be transparently verified by anyone, they can be authenticated online much quicker and at a significantly lower cost. Owing to these advantages, DID and VC were developed with financial support from the US Department of Homeland Security among others, and were adopted as open global standards in July 2022.
The importance of VC is also evident in realizing the collaborative healthcare data ecosystem that Hippocrat aims to establish. If patient data could be verified without the need for an intermediary, it would minimize the friction in the distribution and utilization of the data, thus cultivating a more dynamic ecosystem.
As previously discussed, blockchains are most effectively used to store a minimal amount of data in a highly secure and trusted repository, like an asset register or an identity ledger. However, while certain information can be recorded on a blockchain, the storage of large amounts of healthcare data, such as PGHD (Patient-Generated Health Data), which can span from a few hundred GB of genomic data to several TB, is neither practical nor necessary on a blockchain.
In such a situation, a viable solution could be allowing data to be transmitted and received through the Elliptic Curve Integrated Encryption Scheme (ECIES). This is a standard framework for data encryption delivery that utilizes the Elliptic Curve Diffie-Helman (ECDH)-based multi-signature technology as per the DIDComm standard. This ensures that data is securely encrypted and decrypted, making it inaccessible except by the two parties explicitly involved in the data exchange, and bypasses any intermediary servers. This means patients can exchange large volumes of data directly with healthcare organizations and data utilization entities without reliance on other entities. Consequently, the data distribution pathway can be made highly efficient, minimizing the risk of privacy breaches. Coupling this with appropriate incentives can make data trading a reality.
An alternative solution is leveraging the InterPlanetary File System (IPFS), a protocol for distributed storage and sharing of files. When a file is uploaded to an IPFS network, it gets distributed across multiple nodes. Simultaneously, a unique identifier - the Content Identifier (CID) - is generated from the file's hash value that serves to link the distributed files. If a large patient-specific dataset is encrypted using the patient's public key, uploaded to IPFS, and issued with the CID in a VC (Verifiable Credential), the patient can confidently share the data with another organization, which can then verify the data's integrity by ensuring the CID hasn't changed.
Lastly, secure data exchange can also be facilitated through numerous personal devices and relays, interconnected peer-to-peer with cryptographic key pairs, like DWN and Nostr.
Secure data exchange can be executed in various ways, and the methods outlined above are not the only ones that Hippocrat will consider. We plan to design the protocol in conjunction with the community to ensure it remains open and receptive to improved solutions.