Swisscom Blockchain has launched Seraph ID, a self-sovereign identity (SSI) solution built on the NEO blockchain. Seraph ID seeks to provide a decentralized identity system for contracts and users in the NEO ecosystem.

The launch saw the release of a website, whitepaper, and interactive demo that outlines how the system functions. The team also released its TypeScript SDK and smart contract templates, providing NEO dApp developers with the tools needed to begin integrating Seraph ID into their projects.

Seraph ID aims to place users in full control of their data and allows dApps to verify specific data (such as if the user is over the age of 18 or has subscribed to a specific service) without giving them data to store that could be potentially lost in a breach.

Swisscom Blockchain is a subsidiary of Swisscom, a major telecommunications provider under majority ownership of the Swiss government. The blockchain enterprise was launched with an emphasis on trust and security, as the organization hopes to “nurture the adoption of blockchain as a disruptive, but evolutionary jump to greater efficiency, speed and autonomation.”

Introduction to Seraph ID

Swisscom Blockchain’s decision to explore SSI is hinged on the need for individual users to reclaim control of their data and privacy. According to Breach Level Index, instances of data theft have become increasingly common over the years, with approximately 250,000 data records lost or stolen each hour. Of that number, only 4% of these breaches are reported as being secure (indicating the use of encryption to protect user data by making it unusable).

To Swisscom, this indicated a growing problem that could only be solved by a shift away from centralized data storage to user-controlled data. Blockchain technology is used to facilitate this shift, allowing identity verifiers to validate the legitimacy of digital information such as personal data without requiring access to the data itself.

Self-sovereign Identity Networks

Seraph ID is a framework that provides the tools to form SSI networks with three key participant types: identity issuers, verifiers, and claim holders. Any entity can deploy an issuer contract to the NEO blockchain to create their own unique SSI network, designed to suit their own specific use case by defining credential schemas.

Credential schemas can be thought of as an outline for the different attribute types present on any given form of identification. For example, the credential schema for a government-issued passport would include fields for the holder’s name, date of birth, nationality, and so forth.

These schemas can be retrieved from the issuer’s smart contract storage, allowing them to be referenced as required. This is done for the purposes of claim validation or selective disclosure. For example, if a user submitted a claim that did not follow the schema (missing certain fields or with incorrect data types in a field) it would act as a red flag that the claim was incorrect or tampered with.

In the case of selective disclosure, this allows a verifier to check a limited number of attributes. For example, a user’s date of birth could be verified from a passport without allowing the rest of the passport details being shared.

Network Expansion

SSI networks can be optionally expanded through the assignment of one or more ROT-managers (Root of Trust). These entities govern the business, technical, or legal rules that credential issuers in the network must follow, and can whitelist new issuers.

Since the claim verifiers in any particular SSI network must trust the ROT-manager, that trust is naturally extended to new issuers that the manager whitelists. This would allow more entities to link together without affecting the individual claim holders themselves, who will still only hold or share claims as desired.

Trust Network Example

In the whitepaper, Swisscom Blockchain provides an example of such a network based on an application like LinkedIn, which allows users to share their qualifications and work experience. In the example, LinkedIn has the role of verifier—it wants to verify the authenticity of any data that the user is submitting.

For this example, LinkedIn trusts Apple and Microsoft, so a user that provides a valid claim that was issued by one of these two companies can have the claim verified and accepted by LinkedIn. However, LinkedIn does not currently have a trust relationship with Samsung, so claims issued by Samsung cannot yet be verified.

To validate qualifications such as degrees, LinkedIn depends on an ROT-manager that takes the form of a University consortium. This ROT-manager can add new Universities that follow the agreed rules, allowing LinkedIn to verify any claims from those Universities without needing a trust relationship with them directly.

In this SSI network, a user would not need to share sensitive documents with LinkedIn; as long as they hold a verifiable claim from an issuer in the network, LinkedIn could validate that claim as being authentic.

More information on Seraph ID and SSI networks may be found in the whitepaper.

Interactive Demo

The Swisscom Blockchain team created an interactive demo to demonstrate the functionality and usage of Seraph ID with an example use case—using an accommodation dApp to book a room.

In the demo, users play the role of four distinct network participants to demonstrate the use of the digital identity system from the following perspectives:

  • A normal user named Oliver who generates a decentralized identifier (based on the W3C standard), applies for credentials, then books and accesses the chosen accommodation
  • A government entity that will issue verifiable credentials to Oliver
  • An accommodation dApp that will verify credentials and issue an access key
  • An IoT-enabled smart door lock that will allow entry to the accommodation after verifying the access key

By assuming the role of each entity in a typical Seraph ID network, users are given an introduction to how credentials are created and verified in a manner that allows the user to retain full control of their data.

Seraph ID SDK and Contract Templates

To assist NEO developers in getting started with their own implementations, Swisscom Blockchain has made its SDK and example smart contracts available. The Seraph ID SDK aims to be lightweight and assist in the creation and use of Seraph ID wallets and instances for issuers, verifiers, and Root of Trust.

Additionally, the team has created two smart contract templates; one for creating issuer contracts which allows on-chain claim registry, and one for Root of Trust contracts which enables hierarchical trust topologies.

After a smart contract has been deployed, it can then be used to issue claims via the SDK. Swisscom Blockchain has also published the two issuer contracts used by the interactive demo; one for the government entity (to issue the passport) and one for the real estate agency (to issue property access keys).

Swisscom and NEO

In the Seraph ID whitepaper, Swisscom Blockchain highlighted NEO’s vision to support the ‘Smart Economy’ as the main driving factor in its choice to build on the platform. The smart economy consists of three key elements; the creation of digital assets, smart contracts for the automated and trustless transfer of those assets, and digital identity services for compliance and verification.

Swisscom notes that its self-sovereign identity solution is designed to help empower the NEO network by acting as part of its decentralized identity protocol, NeoID. The team also referenced NEO’s technical capabilities and Swisscom Blockchain’s existing collaboration with NEO Global Development as another reason they elected to help develop NEO’s public infrastructure.

In addition to its adoption of the NEO platform for the development of its digital identity service Seraph ID, Swisscom also operates one of the consensus nodes responsible for maintaining the NEO TestNet. Following the launch of NEO3, it is expected that the Swisscom consensus node will be elected to the NEO MainNet.

Moving Forward

According to the roadmap found in the whitepaper, the next phase for the Seraph ID framework includes the addition of an agent-to-agent communication layer and the creation of an offline wallet for identity owners, potentially in the form of a Chrome extension.

Swisscom Blockchain also aims to create a universal resolver for decentralized identifiers (DIDs) on NEO, which would behave similarly to how a DNS resolver allows a domain name to be resolved to an IP address. In the case of DIDs, this would instead allow information such as contact details to be retrieved, allowing communication between entities.

The creation of a NEO universal resolver would theoretically allow new protocols to make use of DIDs deployed using NEO, and also allows NEO-based services to accept DIDs created elsewhere. This makes the resolver an important tool for spearheading the migration to a world of self-sovereign identities.

More information on the Seraph ID solution may be found at the link below: