A New Approach to Client Onboarding Using Self-Sovereign Identity and Distributed Ledger

Soltani, Reza; Nguyen, Uyen Trang; An, Aijun

doi:10.1109/cybermatics_2018.2018.00205

Cited by 54 publications

(48 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, the verification of GDPR rules on the system was only limited to the rule: right to be forgotten. The authors in [21] took advantages of Blockchain and GDPR to develop a digital onboarding framework that defines some security policies for users' identity attributes stored on multiple centralized repositories. However, the automatic verification of GDPR rules over the framework was not studied.…”

Section: Related Workmentioning

confidence: 99%

Tracking GDPR Compliance in Cloud-Based Service Delivery

Barati

Rana

2022

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

The European General Data Protection Regulation (GDPR) has had a far-reaching impact on data privacy and compliance for cloud providers. GDPR influences access to, storage, processing and transmission of personal data, requiring these operations to be verified by a cloud user through explicit consent prior to execution. GDPR rules implemented for such operations can be ambiguous and often open to interpretation, making manual verification a time consuming and error prone process for cloud providers. An encoding of GDPR rules is described, with each operation carried out using these rules recorded into a Blockchain for auditing purposes. Specifically, this work shows how some GDPR rules can appear as opcodes in smart contracts to verify the operations of providers on user data in a transparent and automatic way. An abstract model is designed to demonstrate how cloud providers can access and deploy such smart contracts through a Blockchain-based virtual machine. A case study is used to demonstrate how this approach can be used in practice. The case study uses a collection of design patterns and smart contracts to verify provider operations, including read, write, execution and transfer on user data. Validation is undertaken by deploying the smart contracts in a Blockchain test network to investigate the execution costs of GDPR compliance checking.

show abstract

Section: Related Workmentioning

confidence: 99%

Tracking GDPR Compliance in Cloud-Based Service Delivery

Barati

Rana

2022

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

show abstract

“…At present, there are only few academic papers on the application of SSI in business scenarios. They include the application of SSI in "know-yourcustomer" processes in banking [7], access to public health services [8], remote management of industrial equipment [3], payback programmes in retail [9], student exchange [10], e-petitions [11], assigning medical information to persons without regular identity, e.g. to fight Covid-19 [12].…”

Section: Motivationmentioning

confidence: 99%

“…• User data does not need to be stored at the service provider [7] • Identity issuer is not involved in identity access, verification, and resolution [7], [8], [10] • Identity data integrity and availability is ensured [7] • Privacy of users is ensured [7]- [12] • Users can trade their data for rewards [9] • Users can link different identity attributes from various issuers on their own [10] • Anonymous participation in transactions [11], [12] Besides these, also critical issues were raised that limit the adoption of SSI:…”

Section: Application Of Self-sovereign Identities In Business Scenariosmentioning

confidence: 99%

“…• Lack of effective key management [7] • Insufficient knowledge on alignment of technical, institutional, and societal aspects [12] • Frameworks are not production-ready and prone to feature changes [3] • SSI is in early stage and lacks of widespread adoption [3] • Incomplete standardisation hampers interoperability [3]…”

Section: Application Of Self-sovereign Identities In Business Scenariosmentioning

confidence: 99%

“…The most important opportunity is also the eponymous property of the SSI paradigm: Users should gain sovereignty over the data they own and thus enable them to decide which data is shared with whom. In conjunction with zero-knowledge proofs, it is also possible to prove the correctness of data without disclosing its contents [7]. The use of zero-knowledge proofs could therefore contribute to a lower utilisation of networks and databases.…”

Section: Identification Of Options For Applying Ssi In Ev Charging Servicesmentioning

confidence: 99%

See 2 more Smart Citations

Exploring Potential Impacts of Self-Sovereign Identity on Smart Service Systems

Richter

Anke

2021

Bus. Inf. Sys.

View full text Add to dashboard Cite

Self-sovereign identity (SSI) is a new paradigm, which puts users back in control of their own digital identity. This does not only strengthen the position of the users but implies new interaction schemes that may improve interoperability and usability. Smart services systems enable the integration of resources and activities and use smart products as boundary objects. As such systems typically involve digital interactions between multiple actors, it can be assumed that utilising SSI has a positive impact on them. To investigate how these potential improvements manifest themselves, we investigate electric vehicle charging as example of a smart service system. At the core of our conceptual analysis is the service process, which we extract from a reference model. Based on a SWOT analysis, we identify areas for transformation and derive an SSI-enabled interaction model for an electric vehicle charging service. The evaluation of the new process shows that SSI can reduce complexity of integration with partners and can provide a better customer experience through simplified registration and authentication. Moreover, SSI might even lead to the disintermediation of actors in the service system. Although SSI is still emerging, our findings underline its relevance as a mechanism to establish trust in smart service systems through the seamless and standardised integration of digital identities for humans, organisations, and things.

show abstract

Privacy‐aware cloud ecosystems: Architecture and performance

Barati

Rana

2020

Concurrency and Computation

View full text Add to dashboard Cite

With an increasing number of cloud providers offering services made use of by both individual users and other providers, there is a realization that service provision now involves an "ecosystem" of providers. Some providers may be directly visible to a user, while others may be contributors to composite services and not directly known to the user-as only the provider offering the composite service is visible. Such services may include: domain specific services (eg, simulation), advertising services, or profiling/analytics services. Understanding the impact on data privacy of a user for such a composite service remains a challenge, and providing transparency (and obtaining user consent for data use) remains a key requirement of the European General Data Protection Regulation (GDPR). An architecture that makes use of blockchains and smart contracts is proposed that addresses this requirement. An implementation of the architecture is used to demonstrate how access control can be managed and audited. The scalability and cost of undertaking access control, as the number of actors (both service providers and "voters") increases, is also described. The proposed approach can be used to support service aggregation across both private and public clouds. K E Y W O R D Sblockchain, cloud architecture, data privacy, general data protection regulation, smart contracts INTRODUCTIONWith increasing number of on-line services, often hosted over cloud infrastructure, there is a realization that such services can involve an interlinked set of cloud providers. To access a service, users primarily interact through a Web interface, and are (often) unaware of the larger collection of services that are made available behind the Web interface, and deployed across a distributed infrastructure. Users entrust their data without realizing that the providers may share their data with back-end services such as cloud hosted analytics and advertisers-the growth in Internet-connected devices adds further complexity to this challenge. In order to address this, the general data protection regulation (GDPR) is implemented to impose obligations on providers to ensure that consent is obtained from users before their data are made use of, thereby enabling nonexpert users to make informed decisions about their privacy. 1The key elements introduced in GDPR are a data subject, a controller or joint controller, and a processor. 2 The data subject is the data owner and the controller a person/organization specifying aims of processing a user's personal data. The notion of joint controller is introduced where two or more controllers jointly specify the purpose of data processing. Finally, the processor is responsible for processing personal data on behalfThis is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

A New Approach to Client Onboarding Using Self-Sovereign Identity and Distributed Ledger

Cited by 54 publications

References 11 publications

Tracking GDPR Compliance in Cloud-Based Service Delivery

Tracking GDPR Compliance in Cloud-Based Service Delivery

Exploring Potential Impacts of Self-Sovereign Identity on Smart Service Systems

Privacy‐aware cloud ecosystems: Architecture and performance

Contact Info

Product

Resources

About