Consortium-based identity infrastructure with W3C verifiable credentials
Creating a system that lets different identity systems work together seamlessly is crucial, for trade networks that cross borders
This is especially true when various countries and organizations have their ways of verifying someones identity. A composable identity infrastructure allows for a cooperative approach making it easier for businesses and individuals to navigate these complex networks.
Trade finance networks have a problem. Their know your customer or KYC processes are completely redundant. This means that when a company wants to do a trade it has to go through the verification process every time even if its, with someone they've worked with before.
As a result it can take 11 days to get everything sorted out and 100% of the time the verification process has to be repeated, for counterparties they already know. This slows everything down. Causes a logjam in operations leading to delayed financing.
We've set up a decentralized identity system thats based on a consortium model. This uses a kind of verification called W3C Credentials, along, with something called BBS+ selective disclosure. What this means is that people can use the credentials in places without having to share more information than they need to and it all stays within the rules of the relevant laws and regulations.
Major breakthroughs were made in streamlining the know your customer process. For instance the time it took to complete the cycle plummeted from 11 days, to 2. A drop of 82%.
Some major breakthroughs were made in streamlining the know your customer process:
The platform handles over 12,000 exchanges every month. Its remarkably reliable, with an availability rate of 99.97 percent. When a revocation is needed it spreads across the network in, under five minutes.
Trade finance involves a web of relationships, between importers, exporters, shipping companies and banks. For business to happen these parties need to trust each other, which is usually done through:
The problem is that each institution has to do its check on the partys identity, ownership and make sure they're not, on any blacklists.
The world of trade documentation is a bit of a jumble. With many different countries and rules to navigate it's no wonder things get complicated when it comes to verifying all the paperwork. Banks for instance keep their lists of customers while logistics companies do their own checks, on who they're working with.
When companies do business across borders they're often dealing with amounts of money. If they screw up and don't follow the rules they can face fines. To avoid this regulators demand that these companies:
The problem is, now everything is based on paperwork, which creates pockets of information. This makes it tough for companies to run smoothly and keep an eye on problems.
Major breakthroughs were made in streamlining the know your customer process. For instance the time it took to complete the cycle plummeted from 11 days, to 2. A drop of 82%.
The current system, for knowing your customer or KYC has some flaws that really hurt trade finance. For instance companies have to go through the verification process over submitting the same documents to every bank and logistics company they work with.
Each one of these institutions does its background checks and screens, for sanctions, which's just redundant. As a result it takes 11 days to complete the KYC process. Even when dealing with longtime business partners the entire process has to be repeated from scratch every time.
For a time different departments, within institutions couldn't share information easily which slowed down the approval process for trade financing. The problem was that banks couldn't quickly check if a business partner had already gone through a "know your customer" process with another bank, in the group.
The ease with which personal details can be shared has led to a worrying trend. Sensitive information is now scattered across systems leaving us vulnerable, to security breaches.
Audit and compliance challenges popped up because institutions had documentation trails, over the place. Regulators wanted to see records of whos who. Since these records were scattered across multiple systems it was tough to:
Manual processing of documents, in areas like verification and sanctions screening was prone to mistakes, which in turn limited the ability to handle increasing workloads.
The introduction of a decentralized identity system has led to an overhaul, in efficiency. In one instance it managed to cut down on the know your customer checks reducing the overhead by a staggering 89%.
This was made possible because different members of the consortium could now:
To cut down on compliance risks the system used automated policy enforcement through contracts. This meant that only credentials that met rules were accepted when:
As a result the need, for checks to ensure compliance was eliminated, which in turn reduced the risk of violating regulations.
The time it takes to complete the know your customer cycle has been significantly reduced:
Another key benefit is the ability for businesses to be selective about what information they share with their counterparts releasing the details while keeping sensitive business information private.
Improving a companys security posture can be achieved by taking steps:
The audit trail, for credentials was made efficient by using a log on a shared ledger. This approach provided a record of all actions, which helped meet requirements. As a result the amount of paperwork needed for compliance was significantly reduced.
The ease with which personal details can be shared has led to a worrying trend. Sensitive information is now scattered across systems leaving us vulnerable, to security breaches.
Reduce KYC overhead by 89% and cut processing time from 11 days to 2 with our decentralized identity solution.
The answer lies in a network that lets trade finance companies work together to manage identities. Essentially this network is made up of parts that are all connected. Each company can use it to:
The W3C Verifiable Credentials system was used to verify identities. It did this by packaging up details, like:
These credentials were digitally signed by people we trust which meant they could be checked without needing to look at the systems or share all the documents.
When a company uses BBS+ selective disclosure it can share certain details, about itself without laying out everything. For instance it might need to show that its incorporated in a place. It doesn't have to give away:
This way the company can comply with regulations without putting all its business out in the open.
Smart contract policy templates are designed to capture the compliance rules that vary by jurisdiction. They automatically:
The system, in place managed:
By centralizing this trust infrastructure it became more efficient to operate all while keeping the benefits of verification. This allowed credentials to be used across institutions.
The focus was, on building privacy into the design. This was achieved by:
The systems architecture was built around four key components. These components made identity and also worked with the existing trade finance infrastructure.
The Consortium Ledger is a network built on Hyperledger Fabric, overseen by a group of participating banks and logistics companies. Its designed to store:
One of the benefits of this ledger is that it provides an unalterable record of everything that happens within the system, which helps with tracking and security.
The Credential Broker Service acts as a hub overseeing the process of:
By doing it populates credentials, with the current information available making them verifiable and reliable.
The Policy Engine is a contract framework that puts into code the compliance rules that vary by country. This helps automate the process of checking that everything's in order, for trade finance deals.
The system includes templates for:
The event bus is a Kafka-based system that allows us to share changes, to status such as:
This way everyone stays up, to date on the information without having to constantly check the ledger for updates.
The connection, between systems is made through a layer of APIs. This integration layer bridges the gap, between:
We're tracking metrics using Prometheus like:
All this info is displayed on Grafana dashboards making it easier to spot trends and patterns. We also have a custom alert system in place, which keeps an eye on compliance targets.
The system uses a design that pairs up relationships to prevent organizations from comparing notes while still letting them do the checks. Basically each organization has its set of IDs for dealing with partners, which keeps all the identity related stuff separate.
The BBS+ signature schemes offered a way for people to share information, from their credentials without having to reveal everything. This was particularly useful because it let companies comply with regulations while still keeping their business info private.
The plan was to roll things out in stages starting with a couple of banks to test the waters. They launched pilot programs and things seemed to work out so they brought in:
The team set up their development environment using containerization with Docker Compose, as the backbone. This allowed them to run:
A team of experts including compliance officers and identity architects came together to establish a set of standards, for credentials. Specifically they defined the underlying structure, for:
Using the W3C Credential schema as a guide. The goal was to strike a balance between meeting demands and providing a way to disclose the necessary information.
For the development of contracts policy templates were put in place using Hyperledger Fabric chaincode. This allowed for the encoding of compliance rules that applied to:
The testing strategy was pretty thorough. It included:
We took an approach, to migrating our existing KYC records using:
Security was a priority, in this implementation. To meet requirements the system handled:
The team kept an eye on:
Custom alerts were set up to flag:
When it comes to mitigating risk the implementation included safety nets:
The rollout of a decentralized identity system made a difference, in how things ran. It really improved:
The time it takes to complete the know your customer process has been significantly reduced:
A big part of this acceleration is due to the fact that we can reuse credentials for counterparties we've already verified, which cuts out a lot of steps.
The hassle of verifying customers over and over is a thing of the past:
The accuracy of sanctions screening has taken a leap forward:
Data quality and stricter automated enforcement of rules have been key, to achieving this level of precision.
The platform saw an uptake in reuse with, over 70 percent of credentials being reused within just six months of going live. This suggests that members of the consortium really bought into the idea.
When it came to system performance, one key measure was how quickly it could spread the word about changes in status:
| Metric | Before | After | Delta |
|---|---|---|---|
| Average KYC cycle time | 11 days | 1.8 days | -84% |
| Repeat KYC for existing partners | 100% | 8% | -92% |
| Sanctions screening false positives | 7% | 0.8% | -89% |
| Credential reuse rate | 0% | 73% | +73% |
| Manual document review hours/month | 480 hours | 85 hours | -82% |
| Customer complaints (KYC-related) | 28/month | 4/month | -86% |
| Service Level Objective | Target | Achieved |
|---|---|---|
| Credential verification latency (95th percentile) | <500ms | 320ms |
| Revocation propagation time | <5 minutes | 3.2 minutes average |
| System uptime (30-day) | >99.95% | 99.97% |
| Credential issuance rate | >100/hour | 145/hour |
| Policy evaluation latency (99th percentile) | <200ms | 165ms |
| Event bus message delivery success | >99.99% | 99.995% |
| False credential acceptance rate | <0.01% | 0.003% |
Getting multiple institutions to work together on a shared system of governance isn't easy. When it comes to issues, like verification and policy creation each organization has its own:
To make this work a tremendous amount of coordination is necessary:
When BBS+ selective disclosure came on the scene it brought some tools to the table in terms of privacy. However it wasn't all smooth sailing:
Once they had templates to work with institutions found it much easier to adopt the technology.
When it came to integration, designing an API architecture was key, to making integration with core banking and trade documentation systems work:
As the consortium grew managing credentials became more complicated:
The first hurdle came when initial evaluation of policy took longer than expected:
When it comes to coordinating response, to incidents that affect institutions:
Getting people on board with the system wasn't easy:
When putting systems in place it's crucial to start by setting up a framework for governance, designing an experience that works for users, and automating operations as much as possible.
When putting systems in place it's crucial to start by setting up a framework for governance, designing an experience that works for users, and automating operations as much as possible.
Processing time improvement
Redundant verification elimination
Sanctions screening improvement
Monthly availability rate
Discover more insights and solutions in our featured articles
Join the companies that have transformed their business with our blockchain solutions. Let's discuss how we can help you achieve similar results.
