Hyperledger Ursa Archives – Hyperledger Foundation

Aug 24

Hyperledger-Powered Healthcare Solutions in Action

By Hyperledger Blog, Healthcare

While always critical, public health and healthcare have taken on added urgency in the last 18 months. Technology is a cornerstone of today’s healthcare, and blockchain adds a vital layer to the increasingly digital infrastructure in this complex market. Blockchain’s growing role ranges from managing new challenges relating to COVID-19 testing and credentials to increasing the efficiency of critical, data-intensive workflows like clinical trials or insurance claims to supporting new models that make it easier for patients to access and share critical healthcare information without sacrificing privacy.

A number of Hyperledger technologies are at work helping drive new approaches to the existing and emerging complexities of healthcare. Read on for a sampling of Hyperledger-powered applications and solutions that are in production across the industry. And join the conversation using #HyperledgerHealth on social channels.

Aruba Health App

Indicio.tech, together with SITA and the Aruba Health Department, created the Aruba Health App to make it easy for visitors to share a trusted traveler credential — based on their health status — privately and securely on their mobile device. Using the Aruba Health App, visitors to the island who have provided required health tests to the Aruba government are issued a unique trusted traveler credential, using blockchain technology. This credential then can be verified by hotels, restaurants, and entertainment venues through the unique QR code on a visitor’s mobile device without sharing any private data. The digital credential also enables the Aruba government to restrict visitors from leaving their hotel rooms until they have received a negative PCR test result. Launched initially as a trial, the Aruba Health App is built using Cardea, an open-source code base that has since been contributed to the Linux Foundation Public Health (LFPH) project. Cardea leverages Hyperledger Indy, Hyperledger Aries and Hyperledger Ursa.

MediConCen

MediConCen built a consortium system powered by Hyperledger Fabric that automates medical insurance claims without using any paper. The blockchain has been in production for two years with over 223,000 blocks written. It is a great production use case showing how blockchain technology can sharpen the efficiency of insurance companies and medical providers, while eliminating the need for reconciliation among the participants. By implementing digital signature using QR codes, the platform is scalable and can include any insurers and any medical providers in the world without concern of the integrity of medical providers and the claim data. This greatly relieves the workload of all parties involved, especially the medical staff with more urgent matters to attend to. It has over 600,000 users, who are connected to over 900 doctors. MediConCen was included in the 2021 “Forbes Asia 100 to Watch” that spotlights notable startups on the rise across the Asia-Pacific region.

U.S. HHS COVID-19 Immutable Testing Results Collections and Analysis

As COVID-19 testing ramped up in 2020, getting accurate and complete data from various testing venues on a timely basis needed for pandemic surveillance and mitigation efforts was a challenge. When the FDA started approving at-home test kits and testing moved beyond the controlled environment of medical labs to work places, colleges and universities, airports, sports venues and, eventually, at-home testing, these challenges grew, creating an urgent need to ensure the completeness, integrity, and accuracy of the reported data and the pandemic mitigation efforts that rely on it. Oracle worked with HHS to address the need for a single source of truth across multiple agencies, data integrity, immutability/tamper-evidence, and privacy/confidentiality of the test results. Using the Oracle Blockchain Platform (OBP), which is based on Hyperledger Fabric, Oracle rapidly deployed a permissioned enterprise-grade blockchain network in Oracle Government Cloud.

The solution is in production for HHS/CDC tracking of COVID-19 testing results reported by non-lab-based testing venues and testing manufacturers. It has received Conditional ATO approval from US Department of Health and Human Services (HHS) (full ATO is in process) and has over 1.5 million testing results on-chain. Learn more here: https://www.youtube.com/watch?v=foVdOfsFAeg.

XATP

Designed for licensed pharmacists in the United States to verify drugs under the Drug Supply Chain Security Act (DSCSA), XATP makes it easy to authenticate and and securely exchange information with trading partners. LedgerDomain, working with industry stakeholders including fellow Hyperledger member UCLA, developed XATP to be a new kind of lightweight Verification Router Service designed to authenticate dispenser identities and streamline verification requests. It allows pharmacists to scan a 2D barcode on any drug in the U.S. to bring essential information on expired, short dated, recalled, and counterfeit drugs. XATP, which leverages Hyperledger Fabric, is currently in production for pharmacy workgroups and is ramping up for deployments at major health centers.

Health and healthcare updates from Hyperledger Global Forum

At Hyperledger Global Forum, there was a range of business, technical and demo sessions focused on health and healthcare developments and deployments, including:

Covid Vaccine Beneficiary Identification using Verifiable Credentials – Punit Kumar & Hitarshi Buch, Wipro Technologies

Blockchain-based Decision-support and Longitudinal Data Storage, with Illustration for Diabetes Type 2 Management – Alevtina Dubovitskaya, HSLU (Lucerne University of Applied Sciences and Arts)

Bringing Trust and Privacy-Preserving Smart Contracts to Clinical Trials in Healthcare – Andrew Weiss, UMBC (in partnership with Softhread) & Bruno Vavala, Intel

Fast, Secure, and Accurate Evaluation of Prescription Drug Reimbursement Claims using Hyperledger Fabric – Alevtina Dubovitskaya, Swisscom AG

Blockchain in COVID-19 Fight – US HHS Testing Results Reporting Using Distributed Ledger – Mark Rakhmilevich & Bala Vellanki, Oracle

Ongoing activity in the space is driven by the very active Hyperledger Healthcare Special Interest Group (SIG), which unites healthcare professionals and technologists from around the world in advancing the state of the healthcare industry through the implementation of technology solutions using blockchain technologies in general, and the umbrella of Hyperledger frameworks and toolsets in specific. It includes subgroups focused on patients, payers and healthcare interoperability.

Cover image: Piqsels

Apr 21

Love1

Why Distributed Ledger Technology (DLT) for Identity?

By Stephen Curran, Hyperledger Aries Maintainer, Cloud Compass Computing Inc. Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa, Identity

As we continue our pandemic journey that is 2021, more and more people are getting vaccinated against COVID-19. Once vaccinated, people are (finally!) able to do more “in the real world.” However, in some cases such as international travel, there is a need to prove that you have been vaccinated before you can participate. In the past, that proof has been accomplished in the form of the paper World Health Organization Carte Jaune/Yellow Card. But in our 21st century pandemic, a handwritten paper document is not particularly trusted. It’s just too easy to buy or make your own. The sudden, urgent need to be able to prove health information in a safe, privacy-preserving and secure way has brought the spotlight on the concept of verifiable credentials and, for Hyperledger, on the three identity-focused projects in the community, Indy (a distributed ledger for identity), Aries (data exchange protocols and implementations of agents for people, organizations and things), and Ursa (a cryptographic library underlying Indy and Aries).

While people understand that paper credentials are insufficient and that a trusted digital solution is needed, they don’t understand why verifiable credentials, or more generally, identity, works extremely well with distributed ledger technology (DLT)—a distributed database spread across multiple nodes, of which blockchain is an example. To be clear from the start, it is not to put the credentials on a public ledger so everyone can see them! We’ll reiterate that a lot in this post. No private data ever goes on the blockchain!!!

To understand why DLT is useful for identity, we need to go back to the basics—paper credentials, how that model has worked for 1000s of years, and how the use of DLTs with verifiable credentials allows us to transition the great parts—security and privacy—of that model to the digital age.

Since as far back as 450BC, people have used paper credentials to enable trusted identity. Legend has it that King Artixerxes of the Persian Empire signed and gave Nehemiah a paper “safe transit” authorization that he used in travels across the empire. People have been using such documents ever since. In technical terms, a credential is an attestation of qualification, competence, or authority issued to an entity (e.g., an individual or organization) by a third party with a relevant or de facto authority or assumed competence to do so. Examples of credentials issued to people include a driver’s license, a passport, an academic degree, proof-of-vaccination and so on. Credentials are also issued to companies, such as business registrations, building permits, and even health inspection certifications.

Examples of Paper Credentials
*By Peter Stokyo,* *peter.stoyko@elanica.com, Licensed under* *CC By 4.0*

The Paper Credential Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Verification in the paper credential model (ideally) proves:

Who issued the credential.
That the credential was issued to the entity presenting it.
That the claims have not been altered.

The caveat “ideally” is included because of the real possibility of forgery in the use of paper credentials. Back to our “proof-of-vaccination” problem.

Let’s see how the good parts of the paper credential model are retained in the verifiable credentials model. With verifiable credentials:

An authority decides you are eligible to receive a credential and issues you one.
You hold your credential in your (digital) wallet—it does not go on the distributed ledger!
At some point, a verifier asks you to prove the claims from one or more credentials.
If you decide to share your data with the verifier, you provide a verifiable presentation to the verifier, proving the same three things as with the paper credentials.
Plus: You may be able to prove one more thing—that the issued credentials have not been revoked.

As we’ll see, verifiable credentials and presentations are not simple documents that anyone can create. They are cryptographically constructed so that a presentation of the claims within a credential proves four attributes:

Who issued the credential–their identifier is part of the credential and they signed the credential.

Who holds the credential–there is a cryptographic binding to the prover.
The claims have not been altered–they were signed at the time of issuance.
The credential has not been revoked.

Unlike a paper credential, those four attributes are evaluated not based on the judgment and expertise of the person looking at the credential, but rather by machine using cryptographic algorithms that are extremely difficult to forge. Like the paper credential, the verifier does not go back to the issuer to ask about the credential being presented. Only the prover and verifier, the participants in the interaction, need to know about the presentation. So where do the prover and verifier get the information they need for their transaction? We’re just getting to that…

The Verifiable Credentials Model
By Peter Stokyo, peter.stoyko@elanica.com, Licensed under CC By 4.0

Compared to the paper credentials model, verifiable credentials are far more secure. When the cryptographic verification succeeds, the verifier can be certain of the validity of the data—those four attributes stemming from verifying the presentation. They are left only with the same question that paper credentials have—do I trust the issuer enough

So where does the DLT fit in?

Three of the four things that the verifier has to prove (listed above) involves published data from the issuer that has to be available in some trusted, public distributed place, a place that is not controlled by a central authority (hmm…sounds like a DLT!). In Indy and Aries, data published to a DLT is used to verify the credential without having to check with the issuer. In particular:

The verifier has to know who issued the credential based on an identifier and cryptographic signature. From the presentation, it gets an identifier for the issuer, looks it up on a DLT to get a public key associated with the issuer to verify the signature in the presentation. Thus, the identity of the issuer is known.
The verifier has to verify that the claims data has not been altered by verifying a cryptographic signature across the data. Based on an identifier for the type of credential, the verifier gets from a DLT a set of public keys and verifies the signatures. Thus, the verifier knows no one has tampered with the claims data.
The issuer periodically updates a revocation registry on a DLT indicating the credentials that have been revoked. If the holder’s credential is revoked, they are unable to create a proof of non-revocation (yes, that’s a double negative…). If the holder can generate that proof, the verifier can check it. Thus, the verifier knows the credential has not been revoked.

The fourth attribute (the binding of the credential to the holder) in Indy is done using some privacy-preserving cryptographic magic (called a Zero Knowledge Proof) that prevents having a unique identifier for the holder or credential being given to the verifier. Thus, no PII is needed for sharing trusted data.

So why DLT? First, we can get the good parts of paper credentials—private transactions between holders and verifiers and no callback to the issuer. Second, the issuer gets a trusted, open and transparent way to publish the cryptographic material needed for those private holder-verifier transactions. Third, there is no need to have a “Trusted Third Party” participating in the interactions.

And did I mention, no private data goes on the DLT!!!

Hyperledger Indy, Aries and Ursa are enabling this approach to “self-sovereign identity” in a big way, bringing about a new layer of trust on the Internet that will let us preserve our privacy and give us control over our identity and data—where it belongs. There is a lot to learn. If you’re curious, a great place to start is this Linux Foundation edX course.

Cover image by Nick Youngson CC BY-SA 3.0 Alpha Stock Images

Jan 20

Love1

Kiva Protocol, Built on Hyperledger Indy, Ursa and Aries, Powers Africa’s First Decentralized National ID system

By Hyperledger Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa, Member Case Study

For the 1.7 billion unbanked adults around the world, access to financial services is extremely limited. Without even a basic savings account, economic opportunity is often limited to informal offerings such as local shopkeepers who extend credit to their customers, microfinance institutions that work to serve the last mile, and community savings and credit associations that are setup by individuals living in the same village.

In the unbanked world, individuals borrow a few hundred to a few thousand dollars at a time, paying back over a relatively short time frame of 12-18 months. But despite excellent credit records, they are unable to receive even similar credit facilities at local banks. This is because the data from their informal transactions is essentially invisible: the banks either do not trust the data sources, or are otherwise unable to verify the provenance of the data.

While this is the state of the world today, it does not have to be our future. Kiva, a US-based nonprofit organization focused on financial inclusion, has built Kiva Protocol to bridge the data disconnect and help enable universal financial access. In 2019, Sierra Leone, a West African nation of about 7 million, launched the National Digital Identity Platform (NDIP) that used Kiva Protocol to enable fast, cheap, and secure identity verification for its citizens.

Kiva Protocol is built using Hyperledger Indy, Aries, and Ursa, and as implemented in Sierra Leone, allows citizens to perform electronic Know Your Customer (eKYC) verifications in about 11 seconds, using just their national ID number and a fingerprint. With this verification, it is possible for the nation’s unbanked to open a savings account and move into the formally banked population.

To find the right platform, Kiva assessed more than 20 software stacks, both centralized and decentralized. Blockchain and decentralized ledger technologies quickly emerged as good solutions for the developing world as they enable data provenance at the protocol level and stakeholders can act relatively independently to enable their various activities in the formal and informal sectors.

After deep consideration, Kiva decided to use Hyperledger’s stack for identity: Indy, Aries, Ursa. While all three projects are closely related, each has a distinct mandate:

Hyperledger Indy is a distributed ledger purpose-built for decentralized ID with transferable, private, and secure credentials;
Hyperledger Aries is infrastructure that supports interactions between peers and between blockchains and other DLTs; and
Hyperledger Ursa is a modular, flexible library that enables developers to share time-tested and secure cryptography.

In August 2019, Kiva launched the beta of Kiva Protocol with a public event opened by the president of Sierra Leone. Since that launch, global regulators have made significant progress in terms of how they are considering digital identity and eKYC verifications. There is a growing global movement towards user-owned and -controlled data, better privacy, and more universal access.

As of today, Kiva is focusing on building additional ecosystem applications and services to make it easier for all stakeholders to access and use Kiva Protocol. Much of this is being contributed upstream into the Hyperledger Indy and Aires projects, with the remaining components hosted in Kiva’s repository.

Hyperledger teamed up with Kiva on a detailed case study covering the challenges of the unbanked, requirements for a solution that delivers fast, cheap and secure ID exchange, and plans for expanding Kiva Protocols’ use to other countries and other applications.

Read the full case study here.

Dec 06

Love6

Why SSI Incubator: An inside look at the program and startups

By Maya Kanehara, Managing Director, Self-Sovereign Identity Incubator Blog, Hyperledger Aries, Hyperledger Indy, Hyperledger Ursa

The identity community at Hyperledger is lucky to see the groundbreaking toolboxes, libraries, and resources grow by leaps and bounds in just a very short time. From Hyperledger Indy, then Hyperledger Ursa, to the new project Hyperledger Aries, widespread adoption of decentralized identity is closer than ever. It was this excitement and optimism for the growing industry of identity products and solutions being born out of this community from which the Self-Sovereign Identity Incubator (SSI Incubator) was launched. By combining the expert mentors from all over the decentralized identity world with some of the most passionate innovators in the identity startup scene today, the Hyperledger identity community is poised to see growth that we’ve all been waiting for.

The SSI Incubator is designed to remove barriers to startup financing and success within the self-sovereign identity (SSI) industry. More than just seed funding and high-profile pitching opportunities, participating startups also receive co-working space, educational workshops, mentorship, and networking events with some of the most influential voices in the decentralized identity community today. The startups in this program are nearing the end of this time-limited and mentor-focused program, with the 12 weeks culminating in a final evening devoted to exploring the future of SSI.

The five startup projects are:

Domi (Berlin): Digital passports for landlords and tenants that would create a fairer rental market.
HearRo (Los Angeles): A blockchain-powered phone system for trusted, effortless communication
MetaDigital Inc (Toronto): An Intelligent Healthcare Platform that would eliminate medical prescription and insurance claim fraud with real-time digital verification.
Spaceman ID Inc (Chicago): Tools for companies to easily implement private, secure, and portable digital credentials.
Xertify (Bogotá, CO): A network where people and institutions can exchange trusted information based on blockchain technology.

“The Hyperledger identity community holds the secret to growing the use and interoperability of SSI. The SSI Incubator has shined a light on the breadth of organizations of all types and sizes that see the value of decentralized identity,” said Heather C. Dahl, CEO & Executive Director of the Sovrin Foundation. “The mix of SSI solutions and startups focused on healthcare, enterprise adoption, the home rental market, telecommunications, and education joined us from around the world shows the widespread interest and development in self-sovereign identity technologies. This range of diverse solutions is what is driving SSI adoption.”

The SSI Incubator is a joint venture between the Sovrin Foundation and investment firm Hard Yaka. Join the SSI Incubator and startups for the culmination of their work by registering for their final event of the year.

May 14

Love0

Announcing Hyperledger Aries, infrastructure supporting interoperable identity solutions!

By Nathan George, CTO, Sovrin Foundation, and Hyperledger Aries sponsor and contributor Blog, Hyperledger Aries

Identity is commonly cited as one of the most promising use-cases for distributed ledger technology. Initiatives and solutions focused on creating, transmitting and storing verifiable digital credentials will benefit from a shared, reusable, interoperable tool kit. Hyperledger Aries, the newest Hyperledger project (the13th!), is a shared infrastructure of tools that enables the exchange of blockchain-based data, supports peer-to-peer messaging in various scenarios, and facilitates interoperable interaction between different blockchains and other distributed ledger technologies (DLTs).

Hyperledger Aries intends to:

Provide code for peer-to-peer interaction, secrets management, verifiable information exchange, and secure messaging for different decentralized systems.
Foster practical interoperability in support of ongoing standards work and extend the applicability of technologies developed within Indy beyond its current community components from the Hyperledger stack into a single, effective business solution.

What is Aries?
Hyperledger Aries is infrastructure for blockchain-rooted, peer-to-peer interactions. It’s not a blockchain and it’s not an application.

It includes:

A blockchain interface layer (known as a resolver) for creating and signing blockchain transactions.
A cryptographic wallet for secure storage (the secure storage tech, not a UI) of cryptographic secrets and other information used to build blockchain clients.
An encrypted messaging system for off-ledger interactions between clients using multiple transport protocols.
An implementation of ZKP-capable W3C verifiable credentials using the ZKP primitives found in Ursa.
An implementation of the Decentralized Key Management System (DKMS) specification currently being incubated in Hyperledger Indy.
A mechanism to build higher-level protocols and API-like use cases based on the secure messaging functionality described earlier.

The generic interface of Aries will initially support the Hyperledger Indy resolver but is flexible enough so that someone could build a pluggable method using other DID method resolvers such as Hyperledger Fabric, Ethereum, or another DID method resolver they wish. These types of resolvers would support the resolving of transactions and other data on other ledgers.

Additionally, Hyperledger Aries will provide features and functionality outside of the scope of the Indy ledger to be planned and fully supported. We have reached out to other groups, including Ethereum-based decentralized identity efforts and others participating at the W3C to contribute to this code base.

With all of these capabilities, the open source community will now be able to build core message families that are necessary to facilitate interoperable interactions a wide variety of use cases involving blockchain-based identity.

Where did Aries come from?
Hyperledger Aries is related to both Hyperledger Indy, which provides a resolver implementation, and Hyperledger Ursa, which it uses for cryptographic functionality. Aries will consume the cryptographic support provided by Ursa to provide both secure secret management and hardware security modules support.

One of the main purposes of this project is to change the client layers in Hyperledger Indy to be interoperable with other identity projects. Hyperledger Indy has been incubating protocol work for peer interactions between identity owners for some time but as the development community has grown, it has become clear that the scope of that work extends beyond the functionality provided by Indy for support of other systems and networks.

With the main wallet and cryptographic code moving to its own project, it makes sense to move the pieces necessary to support that process with them in order to support a standards-driven approach and avoid cross dependencies between Indy and Aries.

What’s next for Aries?
The ultimate goal of Hyperledger Aries is to provide a dynamic set of capabilities to store and exchange data related to blockchain-based identity. These capabilities will range from the secured, secret storage of data such as private keys, up to the capability of globally accessible data that can be viewed and accessed by anyone. An example of such support is the creation of a secure storage solution similar to the wallet available in Hyperledger Indy today.

Other Aries functionality that would be in scope for a 1.0 project release would be a Decentralized Key Management Solution (DKMS) which would add key recovery, social recovery, and wallet backup and restore functionality. Using DKMS, clients will need a way to interact with one another peer to peer that is currently in development within Hyperledger Indy. Much of this work would be based on the DKMS documents outlined in the Indy-HIPE dkms design folder. This would be capable of storing verifiable credential data, private keys, relationship state data, and functionality that could perform operations with this data without having to extract this data.

We also hope to eventually have a scalable, searchable storage layer which is capable of storing other associated data necessary for identity maintenance. Examples of such data would be pictures, health records, or other personal information.

Who’s Involved?
The Sovrin Foundation has been the primary contributor to this initial initiative along with the team from the Government of British Columbia, but endorsements and possible contributions are in flight from several other organizations. Hyperledger has proven to be a collaborative and open environment for growing the community and has helped attract a variety of contributors. We are excited by the enthusiastic response from like-minded members of the community and look forward to collaborating further.

Want to Learn More?
If you’re interested in learning more about Aries, Indy, or Ursa, consider visiting https://wiki.hyperledger.org/display/HYP/Hyperledger+Aries+Proposal or #Aries on Hyperledger chat at https://chat.hyperledger.org/channel/aries

We welcome interest from all groups and organizations, including enterprises and standards organizations. We are looking forward to hearing from you!