Decentralized Identity Management for Public Transporation Authors Georgios Kokosioulis (121735) & Lukas Stockburger (121695) Programme MSc Business Administration and E-Business Course Master's Thesis Place, Date Copenhagen, 16.03.2020 Supervisor Raghava Rao Mukkamala Pages/Characters 98/192.244 Table of Contents Table of Contents _________________________________________________________________________________________ 1 Table of Figures ___________________________________________________________________________________________ 4 Table of Tables ____________________________________________________________________________________________ 5 Table of Abbreviations ___________________________________________________________________________________ 6 Abstract _____________________________________________________________________________________________________ 7 1. Introduction _____________________________________________________________________________________________ 8 1.1 Motivation _____________________________________________________________ 10 1.2 Current State of Public Transportation ______________________________________ 12 1.3 Current State of Digital Identity Management _________________________________ 13 1.4 Blockchain Technology in Identity Management ______________________________ 14 1.5 Problem Formulation ____________________________________________________ 16 1.6 Scope ________________________________________________________________ 18 1.6.1 Aim _______________________________________________________________ 18 1.6.2 Delimitations ________________________________________________________ 18 2. Literature Review _____________________________________________________________________________________ 19 2.1 Digital Identity Management ______________________________________________ 19 2.1.1 Types of Identities ____________________________________________________ 20 2.1.2 Identity Management Ecosystem _________________________________________ 23 2.1.3 Know Your Customer __________________________________________________ 23 2.2 Blockchain Technology __________________________________________________ 24 2.2.1 Types of Blockchains __________________________________________________ 25 2.2.2 Data Privacy _________________________________________________________ 26 2.2.3 Data Storage in Blockchains ____________________________________________ 28 2.2.4 Trust Infrastructure ____________________________________________________ 29 2.2.5 Foundations and Entities _______________________________________________ 29 2.2.6 Technologies and Standards ____________________________________________ 31 2.2.7 Zero-Knowledge Proofs ________________________________________________ 41 1 3. Design Science Methodology ______________________________________________________________________ 42 3.1 Design Science Research ________________________________________________ 42 3.2 Research Approach and Design ___________________________________________ 45 3.3 Research Philosophy ____________________________________________________ 45 4. Analysis of Relevant Systems ______________________________________________________________________ 48 4.1 Ticketing in Public Transportation _________________________________________ 48 4.1.1 Pre-paid Tickets ______________________________________________________ 48 4.1.2 Smart Cards _________________________________________________________ 49 4.1.3 Account-Based Ticketing (ABT) __________________________________________ 50 4.2 Comparing Ticketing Systems_____________________________________________ 51 4.3 Analysis of Blockchain-based SSI Management Systems ______________________ 52 4.3.1 Sovrin______________________________________________________________ 52 4.3.2 uPort ______________________________________________________________ 53 4.3.3 Civic _______________________________________________________________ 54 4.4 Comparison of Available SSI Management Systems ___________________________ 55 5. System Objectives & Requirements _______________________________________________________________ 57 5.1 System Objectives ______________________________________________________ 57 5.1.1 Stakeholder Relationships ______________________________________________ 57 5.1.2 Domain-specific Trust Framework ________________________________________ 58 5.1.3 Stakeholder Identification _______________________________________________ 58 5.1.4 GDPR Considerations _________________________________________________ 59 5.1.5 Read and Write on the Blockchain ________________________________________ 60 5.1.6 Off-chain Data Storage_________________________________________________ 61 5.1.7 Schema Registration __________________________________________________ 61 5.2 System Functional and Non-Functional Requirements _________________________ 63 5.2.1 Establishing a Digital Identity ____________________________________________ 63 5.2.2 Establishing Relationships ______________________________________________ 64 5.2.3 Issuing Credentials ____________________________________________________ 65 5.2.4 Credential Management ________________________________________________ 65 5.2.5 Proving Claims/Assert Claim ____________________________________________ 66 5.3 User Scenarios and Use Cases ____________________________________________ 67 2 5.3.1 Scenario 1: Requesting Base Credentials __________________________________ 67 5.3.2 Scenario 2: Requesting a Discounted Travel Credential ________________________ 69 5.3.3 Scenario 3: Using the Travel Credential across Europe ________________________ 70 5.4 Sequence Diagrams _____________________________________________________ 71 5.4.1 Sequence Diagram 1: Base Credentials ____________________________________ 72 5.4.2 Sequence Diagram 2: Using the Travel Credential to Travel ____________________ 73 6. System Implementation of the Artefact ___________________________________________________________ 74 6.1 Underlying Technology of the Artefact ______________________________________ 74 6.1.1 Key Features of Hyperledger Indy ________________________________________ 75 6.1.2 Typical Components of Hyperledger Indy ___________________________________ 76 6.2 Development of the Artefact ______________________________________________ 76 6.2.1 Registration of DID ____________________________________________________ 77 6.2.2 Relationships between Stakeholders ______________________________________ 78 6.2.3 Schema Designs & Definition ____________________________________________ 82 6.2.4 Issuing Verifiable Credentials ____________________________________________ 85 6.2.5 Proof Requests of Credentials ___________________________________________ 86 7. Discussion ____________________________________________________________________________________________ 88 7.1 Why Decentralization of User Identity in Public Transportation __________________ 88 7.1.1 SSI Framework Alignment ______________________________________________ 89 7.2 Positioning in the Current Ticketing Systems ________________________________ 89 7.3 Possible Feasibility Assessment ___________________________________________ 91 7.4 Limitations ____________________________________________________________ 93 7.5 Future Outlook _________________________________________________________ 94 8. Conclusion ____________________________________________________________________________________________ 96 Bibliography _____________________________________________________________________________________________ 99 Appendix _______________________________________________________________________________________________ 104 EMC Flow ______________________________________________________________ 104 Prototype ______________________________________________________________ 104 Register DID ____________________________________________________________ 104 EMC Credential Definition __________________________________________________ 105 EMC Credential Issuing ___________________________________________________ 106 3 Table of Figures Figure 1. Identity Provider Market Share. ___________________________________________ 11 Figure 2. Components of a Blockchain-Based Self-Sovereign Identity System. ______________ 16 Figure 3. Types of Identity. ______________________________________________________ 20 Figure 4. DID Syntax. __________________________________________________________ 32 Figure 5. Sovrin DID Example. ___________________________________________________ 32 Figure 6. Example of Basic Schema of a DID Document._______________________________ 34 Figure 7. An illustration of DIF’s universal resolver model. ______________________________ 35 Figure 8. An Example Ecosystem That Illustrates the Roles and Information Flows Forming the Specification Basis. ___________________________________________________________ 38 Figure 9. An Example of a Basic Claim Illustrated as a Directed Graph. ___________________ 38 Figure 10. An Illustration of Verifiable Credential Basic Components. _____________________ 39 Figure 11. An Illustration of Verifiable Presentation Basic Components. ___________________ 40 Figure 12. Design Science Research Methodology (DSRM) Process Model. ________________ 43 Figure 13. Design Science Research Framework for this project. ________________________ 44 Figure 14. High-level System Design of a Card Centric System. _________________________ 50 Figure 15. High-level Architecture of ABT. __________________________________________ 51 Figure 16. Use-case Diagram of Requesting Base Credentials. __________________________ 68 Figure 17. Use-case Diagram of requesting a discounted Travel