The general public and personal data have had a complicated relationship, especially in the age of social media and data hacks. Most of us that think critically about ethical situations involving data have many questions, both as individuals and for the enterprises that we’re a part of. As individuals, we wonder things like “How can we trust the data and documents that I receive?” and “How do I know this data or documents are authentic and not manipulated?” Simultaneously, as enterprises, we are concerned about keeping private data compliant with regulations such as Europe’s General Data Protection Regulation.
Sphereon Verifiable Data Exchange (VDX) provides a platform with advanced features for digital identities and the verifiable exchange of data between people and companies. Sphereon’s VDX enables organizations to quickly build and deploy advanced solutions to manage, share, and process data in a secure, verifiable, and privacy-protective manner.
There are four principles for a trustworthy exchange of data that are crucial in a digital, decentralized world:
- The authenticity of the data is independently verifiable
- The data is sovereign and independent of third parties
- The exchange of data is interoperable across systems and jurisdictions
- The data – and consent for sharing or not sharing – is under the control of the owner of the data
What is Sphereon?
Sphereon is the leading Self-Sovereign Identity technology that keeps data control within reach of the user and makes privacy a top priority. The solutions for Sphereon include healthcare, Clinical Trials, Mobility, and many more, which will be discussed in the use case section of this blog post.
One of the main focuses of Sphereon is the implementation of decentralized identities and verified credentials which is currently being referred to as the “Identity Ecosystem.”
Sphereon focuses on developing solutions around decentralized identities and has done so with many different organizations, large and small, which include:
- A major Clinical Research Organization (CR2O), that use Sphereon to add Trust to clinical trials
- International group of casinos (more information on this topic will come, but it is confidential at this time)
- Certificate of Origins in supply chains for the Japanese Ministry of Agriculture, Forestry and Fisheries
- Identification solutions for the Dutch Ministry of Justice and Security
- Land registration systems for nation states
Benefits of Sphereon
Data or documents are digitally signed at the source by the issuer, securely held and controlled by the owner in a secure, private data space, and when shared, automatically validated for their authenticity by the recipient.
Based on open W3C standards and specifications for Decentralized Identifiers (DID) and Verifiable Credentials (VC), Sphereon’s data exchange solutions are globally interoperable and can connect seamlessly with existing IAM and Business Applications – this ranges from existing OpenID Connect integrations to trustless, self-issued OpenID Connect, and OpenID Connect for Verifiable Presentations.
Sphereon enhances the way data processors can handle private information. For the users, this isn’t so much of a problem. People agree with questions like “Do you want to share?” or “End-User Agreements, or Cookie Agreements.” However, it’s a more significant obstacle for the data processors that receive this personal information, and have to deal with GDPR/PII regulations, which is a big pain point this technology addresses.
Sphereon VDX can help with the onboarding process; if you check someone’s identity or credentials data issued by a trusted party like a government agency, you don’t have to keep all the information in your system. You just have to prove you did the KYC/AML data in your system. In other words, you don’t have to keep the actual data. This reduces processing information and obstacles associated with hosting all of the data. While this level of privacy-preserving technology is a little far out from being widely available to the general public, the potential for this technology is heading in the right direction.
Elaborating on that point, Sphereon VDX doesn’t force you to upload your data across many different apps. Instead, your Decentralized Identifier would contain information about your identity, bank accounts, or other credentials necessary for onboarding processes. As a data processor, this means less of a headache to keep up with GDPR compliance because you’re not holding all of this data.
The Sphereon Verifiable Data Exchange enables your enterprise to:
- Quickly build and deploy solutions to manage and share data and documents
- Automatically verify the authenticity and trust the data and documents you receive
- Automatically integrate and process them into your backend systems
- Guarantee that any data and documents that you share are authentic
- Independent verification, no need to provide access to your systems
- eIDAS and GDPR-compliant
- The data processors are holding less data because you’re not holding data; instead, identities and credentials are verified through the Decentralized Identifier (DID)
Additionally, Sphereon empowers privacy preservation by allowing you to control whether or not you want to share personal data on a case-by-case basis. This type of sharing power has historically not remained with the data’s owner. Instead, it has been controlled by the exploitative Web2 companies that have sold-out billions of people’s private information to the highest bidder without any ethical consideration.
Why Should You Trust Sphereon?
They’ve been building technology and solutions as part of EU European Digital Identity programs alongside governments and companies, large and small. Given the smaller size of European countries, in terms of both resources and landmass, the continent is uniquely challenged to work together to figure out solutions that can benefit everyone.
To read more about how Accumulate can drive the future of identity with GovTech, check out this blog post.
There are many different use cases for the Sphereon VDX. Below is a brief explanation of how each can potentially be implemented. There is a wide range of industries and verticals that Sphereon can improve with this user-first, regulation complaint paradigm for data.
For example, in GovTech, we’ve built a product with the Dutch Ministry of Justice and Security for a digital ID card. Initially built for special investigators, VDX enables the holder to identify themselves and their mandate. Government agencies can selectively disclose personal or detailed information depending on who requests this information, e.g., the general public receives only limited information. In contrast, another judicial branch or government body is entitled to see the complete information.
In Healthcare, they’re working with a large CRO to provide them with a digital patient passport to manage consent, but with guardianship and delegation of power built-in.
We see that use cases are mainly focused on the individual holder. We’re releasing a solution for companies and enterprises that enable them to hold and share company data. The Company Wallet holds general credentials such as the Chamber of Commerce. It enables verifiable delegation of authority to other officers and employees to share specific data.
Sphereon is working with the concept of Mobility-as-a-Service that reduces data processing for travelers going from Point A to Point B (taking a bus to a train to an electric bike). You would use several different mobility providers (Uber, Citi Bike, etc.) along this journey. If you want to book a bike, you have to use an app from the bike company, and for a train, you would use a train app, but the idea is to provide one app that you can use that books all of the mobility providers for you. However, a solution under development with Sphereon seeks to minimize all of these different aspects of your commute into one simplified application. Through the app, each of these mobility providers knows who you are and that you are the person who is responsible for using the bike.
The Transition from Factom to Accumulate
Currently, Sphereon VDX is built on Factom but will be ported over to Accumulate following the hard fork. However, this partnership is a long time in the making as one of the first engagements for Sphereon was through Factom in 2018. They both worked as part of a DHS grant in which Sphereon did the more technical implementation, and Factom did the technical engagement with DHS. Building on this foundation and deploying government solutions, Sphereon became more involved with European enterprises building decentralized identity solutions for governments and enterprises there.
With the resources that Accumulate has to offer– from software developers to marketing– it is an excellent fit for the next phase of Spehreon’s growth.