Project Coordinator (EU) :SICPA SPAIN S.L.
Country of the EU Coordinator :Spain
Organisation Type :SME
Project participants :
Fabian Torres, Role: Project Coordinator
Catherine Fankhauser, Role: Internal & external partnerships coordinator
Laurent Loup, Role : Responsible of ICT Documentation
Xavier Vila, Role: Tech solution coordination
Victor Martinez, Role: Software developer - solution architect
Matteo Marangoni, Role: Software developer
Peter Simpson, Role: Executive director
Alan Cameron, Role: Director of Programs and Operations
State of US partner :Washington
Starting date :
Inclusive verification of cross-border and level of assurance-dependent digital credentials
This experiment addresses Self-Sovereign-identity (SSI) infrastructures as NGI key technology, that can be applied to public sector, travelling or border control areas. The experiment use-case entails a person traveling from the EU to the US, and back. The traveller has a cloud wallet with digital credentials necessary to prove their identity in both locations. However, the traveller does not use a personal device to present identity documents or to access their cloud wallet. Instead, a kiosk performs all required interactions with the traveller’s wallet to allow the traveller to be successfully verified. Based on current digital identity work by SICPA, this solution will integrate a biometric iris scanner product with the open-source ACA-Py agency project to verify the identity of a traveller. As an extension, the solution will also include the SSI-eIDAS bridge.
The high-level flows are:
1. Traveller obtains a cloud wallet.
2. Government issues identity credentials to the traveller.
3. Kiosk uses iRespond biometric iris scan to onboard or look-up the traveller.
4. Kiosk issues presence credential to the traveller.
5. Inspector views traveller’s credentials on the Kiosk to verify the traveller’s identity.
Implementation plan :
In this experiment is expected to replace mobile phones by a cloud agent for the storage of verifiable credentials rendering this digital identity more inclusive. The access to this latest will be triggered by secure factors of authentication that citizens will have to demonstrate control over at the point of verification. The verification mechanism should be secure, seamless, preserving data-privacy, inclusive and meet different levels of assurance requirements.
The solution is designed to be distributed, scalable and secure:
• ACA-Py agency is running in multi-tenancy mode and provisioned on AWS cloud.
• ACA-Py agency is running with automatic processing of connections, credentials and proofs disabled.
• ACA-Py agency can be scaled with multiple instances.
• Each traveler will have their own wallet.
• Each kiosk can have their own wallet.
For simplicity, the solution demonstration will use:
• All wallets are created in a single instance of ACA-Py.
• ACA-Py uses the Sovrin test ledger.
• All kiosks will use the same wallet.
• Kiosk uses iRespond Windows 10 application. There is not a SDK available to integrate iRespond with another app, so the user will need to paste the UNique IDentifyer (UNiD) generated by iRespond into the kiosk web application.
The experiment will be starting with a laboratory set-up to be classified as TRL 4 and it will be moving quickly on to a TRL 5 simulation of a real-world setting.
Impact 1: Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation.
By interconnecting both eIDAS bridge and iRespond digital identity solution to SICPA and iRespond SSI platforms, we will support governmental agencies and NGI developers to
experiment the benefits of SSI for their digital transformation.
The benefits of such a concept are to allow Europe and USA to rely on digital credentials issued by one of the two governments, without having necessarily aligned regulations, data-
privacy policies, common identity infrastructure or similar security and level of assurance requirements.
Impact 2: Reinforced collaboration and increased synergies between the Next Generation Internet and the Tomorrow's Internet programmes.
Other key benefits of the experiment are to facilitate the digital transformation of the society, to boost the local economy thanks to trustworthy online transactions and tocontribute to the globalization of trust that will enable governments to reuse trusted credentials to issue new credentials.
Impact 3: Developing interoperable solutions and joint demonstrators, contributions to standards.
With this experiment we are proving how opensource technologies can be deployed and integrated together with other commercial platforms, thus fostering interoperability in the SSI ecosystem
The aim of this use case is to demonstrate how different identification factors like verifiable credentials, eIDAS electronic seals or biometry (UNiD) can serve various use cases and levels of identification.
The key objectives are to:
• Demonstrate cross-jurisdiction interoperability between two countries with different data privacy regulations, legal and trust frameworks.
• Ease of use for citizens and provide autonomy and privacy for managing their data.
• Operational viability of the different components integrated: the scanner, the kiosk, the remote wallet.
An additional objective is to:
• Assess compatibility with the eIDAS framework in order to remain in line with current European legislation.
Success will be demonstrated by a traveler being onboarded at the departure kiosk, and being verified at the departure and arrival kiosks.