4. About
Ken Ebert
Indicio前の主な経験
・Chief Technology Officer, Perfect Search/IMAT
Solutions
・Senior Manager Software Development/Senior
Software Architect, シマンテック
・Software Architect & Open Standards Engineer,
Sovrin Foundation
2020年 インディシオ設立(co-founder/ CTO)
Creation of Cardea, a complete ecosystem for the
transmission of digital health credentials, as a project
to Linux Foundation Public Health.
5. About Indicio
Indicio provides development and hosting for
Trusted Data Ecosystems (TDEs).
Enterprise, consumer, and mobile applications run on Indicio’s
network and use its comprehensive ecosystem of software to
issue, verify, and exchange verifiable digital credentials. Founded
on the belief in reducing fraud, privacy by design, and
user-friendly security, Indicio supports the open source and
interoperability goals of the decentralized identity community.
6. About Indicio
Indicio is committed to advancing Trusted Data
Ecosystems as a public good that enables
transparency, consent, and control of data
exchange for all participants.
Identity and application teams rely on Indicio’s
simplicity, extensibility, and expertise to make
trusted data work for everyone.
7. Copyright 2021
Trusted Data
Ecosystem (TDE)
A TDE allows seamless, efficient
data exchange that eliminates
the cost of untrustworthy
data, bringing immediate value to
participants
Value
Trusted Data Ecosystem
ISSUER
HOLDER
VERIFIER
8. TRUST (or lack of)
The main reason we have identity systems is to
establish trust.
9. The goal of decentralized identity
Analog functionality with digital efficiency
Analog World
3200 BC ~ 1964
TRUST EFFICIENCY
Physical documents sent, shown,
signed, notarized, sealed…
PRIVACY
10. The goal of decentralized identity
Analog functionality with digital efficiency
Hybrid World
~1964 - 2020
Analog World
3200 BC ~ 1964
TRUST EFFICIENCY
TRUST EFFICIENCY
Physical documents sent, shown,
signed, notarized, sealed…
Duplicate and/or digitized
documents sent electronically
PRIVACY
PRIVACY
11. The goal of decentralized identity
Analog functionality with digital efficiency
Hybrid World
~1964 - 2020
Analog World
3200 BC ~ 1964
Decentralized World
~2020 ---
TRUST EFFICIENCY
TRUST EFFICIENCY TRUST EFFICIENCY
Physical documents sent, shown,
signed, notarized, sealed…
Duplicate and/or digitized
documents sent electronically
Verification of digital document
authenticity and integrity is possible!
PRIVACY
PRIVACY
PRIVACY
12. Why does it work in “analog” life?
•Trusted issuers and trusted physical credentials
•Individuals who hold the credentials
•Independent verifiers
DMV
Trust
Business
It works, because I can visually
verify where the data came from
and whether it’s been altered by
the presenter
13. TRUST in the DATA
Trust in data comes from two forms of verification:
Integrity Being able to identify if the data is “real,” or has arrived “as-issued”
Has it been altered or tampered with?
Authenticity Being able to identify the source of the data
Does it come from the place it claims to be from?
DM
V
Trust
Business
I know it’s real, unaltered, and it
comes from a source that I trust
14. Placing Trust in Representations and Attestations
Carries Cost and Risk in a Hybrid World
SCAN
Email/Uploa
d
How do I know it’s real?
How do I know it hasn’t been digitally altered?
How do I know it’s coming from the person they
claim to be?
No one has ever used a fake email, or had their
email hacked, have they??
2FA with email is fine… really…
15. SCAN
Email/Uploa
d
A Forced Choice
Between Trust and Efficiency TRUST Processes?
Integration or callback
to origin database?
In-person /zoom
presentation?
Manual review?
Migration effort to put
data in your system?
IAM processes -
passwords
Privacy / GDPR Expensive Inefficient
Expensive Inefficient
Privacy / GDPR Expensive Inefficient
Expensive Inefficient
Fraud / Security Expensive Inefficient
Fraud / Security
16. SCAN
Email/Uploa
d
A Forced Choice
Between Trust and Efficiency TRUST Processes?
RISK Assumption?
Integration or callback
to origin database?
In-person /zoom
presentation?
Manual review?
Migration effort to put
data in your system?
IAM processes -
passwords
Trust the
representation, scan,
upload, password, etc
Efficient
Fraud / Security Expensive
Privacy / GDPR
Privacy / GDPR Expensive Inefficient
Expensive Inefficient
Privacy / GDPR Expensive Inefficient
Expensive Inefficient
Fraud / Security Expensive Inefficient
Fraud / Security
17. A Forced Choice
Between Trust and Efficiency
Trust or Efficiency Choice
Until now you couldnʼt have both and still
minimize risk/fraud/errors
Risk
Efficiency
Trust
TRUST Processes?
Integration or callback
to origin database?
In-person /zoom
presentation?
Manual review?
Migration effort to put
data in your system?
IAM processes -
passwords
Privacy / GDPR Expensive Inefficient
Expensive Inefficient
Privacy / GDPR Expensive Inefficient
Expensive Inefficient
Fraud / Security Expensive Inefficient
Fraud / Security
19. The Trust Model
DECENTRALIZED IDENTITY
NETWORK
Credential
Issuer
Credential
Verifier
PROOF OF DATA
AUTHENTICITY
VALIDATION OF DATA
INTEGRITY & PROVENANCE
Philosophical TRUST
Cryptographic TRUST
data
data
➔ The data resides
with its owner
政府・病院など
証明書の発行元
お店・空港など
証明書を確認する側
20. Trust accumulates in a TDE
CREDENTIAL
ISSUER
Trust Exercises
CREDENTIAL
HOLDER
CREDENTIAL
VERIFIER
政府・病院など
証明書の発行元 お店など証明書を
承認する側
21. Copyright 2021
TDE Constellations
give birth to new stars
In any given ecosystem the
participants instantly gain
measurable value from the
credential data model, which
attracts new issuers, users and
verifiers.
Value
Trusted Data Ecosystem
ISSUER
HOLDER
VERIFIER
22. Copyright 2021
Creating a Universe
One TDE demonstrating value can
easily link with other TDEs,
rapidly growing value for all.
Credentials issued in
one TDE provide value,
efficiency and risk
reduction for other
TDEs
Value
Travel Ecosystem
ISSUER
HOLDER
VERIFIER
Value
Financial Ecosystem
ISSUER
HOLDER
VERIFIER
Value
Health Care Ecosystem
ISSUER
HOLDER
VERIFIER
24. PII (and all Credential Data) stays with data’s owner or authorized
controller
Privacy-by-design and compliance protections
The ledger is a means of verifying the authenticity/source and integrity of data
Issuer
Holder
Verifier
Ledger
Signed Data Signed Data
DID
Schema
Definition
Revocation
25. Integration and accommodation of existing infrastructure
DB DB
Issuer Agent
Verifier Agent
Holder Agent
API
API
Mobile Wallet
Mobile Agent
Integrated Wallet/Agent
Custodial Wallet/Agent
26. A credential is created by the “issuer”
Offered and accepted to a positively
identified data owner, the “holder”
Data holder initiates a connection
to a verifier who needs access to
the data.
Using cryptographic tools in the software, the
verifier can look up a permanent public
Decentralized Identifier (DID) for the issuer. If
the issuer is deemed trustworthy, the data
points may be deemed trustworthy.
The verifier can view the
cryptographic signature of the
issuer, and know that the data
has arrived unaltered, and as
written to the credential.
BLOCKCHAIN-BASED
Verifiable Credential Verifiable Credential
CONSENT
BASED ON PRIVACY-BY-DESIGN FUNDAMENTALS
How the technology works
Linux Foundation Public Health, Cardea (cardea.app)
A verifier can request ONLY the
data required, not the entire
credential; this protects
privacy. No data is sent until the
holder explicitly approves.
DECENTRALIZED IDENTITY NETWORK
28. Open Source Project
Contributions
- Hyperledger Indy
- Hyperledger Aries
- Hyperledger Aries- Bifold
- Linux Foundation Public Health Cardea
29. Cardea, a complete ecosystem for
digital health credentials contributed
to Linux Foundation Public Health for
global public health implementation
30. Others
Comprehensive launch
Plans and strategies
Sales enablement
Custom design
Use of open source
Best practices
Machine readable
governance
Timeline to launch
Schemas
Transaction Endorser
Transaction Author
Node Operator
• Mediator
• Enterprise
• Holder
Professionally
staffed
Indicio Complete Identity Ecosystem Building Model
• Indicio MainNet
• Indicio DemoNet
• Indicio TestNet
Trusted Data Ecosystem Components
by Indicio
Ecosystem
Deployment & Hosting
Applications
Agents
Network
Business Technical
Launch
Customer Facing
System Design
Foundational
Governance
Marketing
Strategy
UI / UX
Architecture
Network
Governance
31. Customer in action
Credential infrastructure for tourism-based national
economy
Allows for scaling and expansion to border crossing prior
to departure
“…biometrics and digital identity as important but
complex enablers so that travelers can look forward to
automatic and identification and clearance… Indicio
providing a real-world case study to prove our theory.”
—Jet Blue Ventures Newsletter
SITA, Indicio pave way to safer traveler
experience with launch of Aruba Health App
Health
32. Customer in action
Digital wallet and platform for identity assurance using
avatars to manage online personas
Bringing together credentials from banking,
government, retailers, gaming, entertainment, and
healthcare
Focused on digital native market segment
Liquid Avatar digital identity wallet
supported by Indicio Ecosystem
Entertainment, Finance and more
33. Customer in action
Bonifii and GlobaliD– Financial Institution digital
credential on the Indicio Network
Bonifii credential, a decentralized digital identity that
provides underserved individuals with access to
traditional banking services in a way that maximizes
their privacy and security.
GlobaliD, a trust platform and digital wallet
Financial institutions that use the Bonifii credential can
achieve higher levels of assurance than traditional
application methods.
Bonifii Credential
Finance and Identity