An incremental and scalable method for giving people and companies better control of their own data

Read the paper or download it here: MOIaaS v23

1.0.      Problem Statement

Have you ever spent too much time verifying official documents like diplomas, licenses, birth certificates, etc.? Imagine you need to do business with a new overseas partner… Our society is paying dearly for trust, draining much effort, time and money without adding value.

To make the matter worse, people often have to repeat the process.  Because the companies that capture or validate a piece of your information typically keep that information in their own system, and treat it as their digital asset, not yours!  Many dominant, centralized business giants – social media, retailer, bank or telco – are trying to benefit by positioning themselves as the single provider of the solution to this problem, envisioning themselves as the central information hub, with full control over the information on you that they have in their repository. Unsurprisingly, public sentiment generally aligns against such “solutions”.

It will be ideal for the society to be able to provide trust without wasteful repetitive validation; and give both  individuals and businesses control of their own information. The world is surely moving toward that.  The EU PSD2 (Payment Services Directive) regulation enacted in 2018 practically declared that, people have the right to their own financial information. With PSD2, bank is obligated to share financial information with Fintech companies when a customer requests that they do so. We believe the spirit of PSD2 should go beyond financial information, and extend to cover all information that people and business need to own, keep and share.

The time to take on this challenge is the right one because of the emergence of Distributed Ledger Technology (DLT).  DLT, of which the first and best-known implementation is Blockchain, brings new hope of solution with its unique capabilities:

  1. Decentralized and shared – before writing a record into a ledger, multiple parties need to endorse it. Only when a pre-defined condition (consensus) is reached can the record be written.  This ledger is shared by all of the parties in the relevant network; in some cases, this relevant network can even be the public at large.
  2. Governance of who is allowed to participate in the network can be either centralized or decentralized depending on the needs of the individual application
  3. Immutable – Once a transaction is written to a distributed ledger, it cannot be changed. No single party can have full control of the content, making the data very difficult to manipulate.
  4. Secure – due to the combination of consensus, immutability, and the diligent use of cryptography, the records in the ledger are far more secure than they would be if stored in a traditional database, and visibility is restricted so that each party can only see the individual rows and columns of data that they are entitled to see.

The first and most successful application of blockchain so far is Bitcoin, where people can transfer money anonymously without central party or intermediary.  Arguably, it is the fact that people can hide the money movement from any regulatory authority makes Bitcoin successful. Many countries have banned cryptocurrency, and blockchain is only now emerging from being associated in people’s minds with criminality and starting to gain traction in mainstream business.

But instead of guaranteeing the anonymity of criminals, these same unique characteristics of DLT – consensus, immutability, and easy facilitation of sharing a single version of the truth, can be used to solve the problems of data ownership and agency.  Many people have talked about this; we are building it.

2.0.      Introducing MOIaaS

MOIaaS stands for My Own Information as a Service.  It is a class of application that give ownerships and control of information to people (individual or business), and to provide trust and transparency through technology.

With MOIaaS, parties are able to retain full control of their data, and decide with whom they want to share it, to what extent, and for what purposes. It provides a resilient platform for automated validation of business or personal information, leading to productivity and efficiency gains, adding value to legitimate business activities.  It is built for sharing, rather than hiding.

We are, of course, not the only people trying to solve the data agency problem, and MOIaaS is far from the first solution to be suggested.  What we believe differentiates MOIaas is that most solutions we have seen posit a single public ledger that everyone uses.  We don’t think this is workable, for several reasons

  • Individual use cases have widely different requirements for on-chain/off-chain storage
  • They vary widely in the sorts of business rules and/or smart contracts that would need to be reflected in their model
  • Despite the breathtaking vision of truly global trading networks that DLT makes possible, the reality is that the world’s regulations are strongly jurisdictional and are going to remain so for at least a generation

For these reasons, we have designed MOIaaS from the outset to be modular and multi-jurisdictional.  The best solution in the world will go nowhere if businesses and regulators perceive it as a threat.  MOIaaS does not require the world to change before it will work; it provides a way of changing the world as it really is now.

Here is a brief introduction to the components of MOIaaS, and an outline of how it operates.

fig1

Figure 1 – Conceptual MOIaaS Application within one Jurisdiction

Technically, the MOIaaS application contains the following components:

  • MOIaaS App (the App) – this is the end user web/mobile app that enable participants to keep, pick and share information with chosen counter With the App, users can:
    • Manage (but not modify) their private information;
    • Request information from others;
    • Receive information requests and explicitly approve, provide private data.
  • MOIaaS Host Application (the Host) – this is the de-centralized application deployed with DLT that facilitates information requests and responses, validates the information through a pre-built integration with Verification Authorities, and publishes the outcomes in a controlled and resilient environment. The Host cannot in anyway, create, manipulate the data on its own.
  • Validation Authority (the VAs) – are organizations that are legally acknowledged to accredit, validate, and certify various types of data. For many types of data, the VA would be a government agency, but for some use cases it might be an international agency like the World Health Organization, a professional body like the American Bar Association, or a degree-awarding university.
  • MOIaaS Global Network (the Network) – this is the integration framework that connect MOIaaS Host Applications from different jurisdictions, so that information can be exchanged cross borders with standards. It supports global trade and cross-border businesses.

Because it is designed from the beginning to be multi-jurisdictional. Within a jurisdiction, MOlaaS applications can fully respect local laws, regulations, culture sensibility and privacy.

In a global network, hosts from each jurisdiction connects through the MOIaaS Global Network, where standard and seamless integration are provided. The differences of Jurisdictions can be totally transparent to users.

fig2

Figure 2 – MOIaaS Global Network

3.0.      Benefit of MOIaaS

Fundamentally, MOIaaS looks beyond the typical blockchain battleground of “digital asset transfer”, provides trust, transparency and efficiency to individuals and businesses through a better way of sharing.  It delivers the ultimate use case for DLT that all parties in the ecosystem benefit:

  • Individual – individuals will benefit by taking back control of their personal information. By controlling the granting of data explicitly, individuals will be able to share data in a controllable environment, e.g. downstream consumers of the information are disabled from sharing without explicit consent.
  • Government – Governments waste huge amounts of time and money responding to requests to provide and/or validate matters of public record. Implementing MOIaaS for these public records would
    • Allow a government’s citizens the ability to access and share official government data about themselves without the time and expense of visiting government offices, filling out forms, or waiting for government officials to fulfil those requests
    • Provide a far more secure basis for restricting access to government records to those with a legal right to have that access
    • Reduce opportunities for corruption by making it impossible for government officials to tamper with government records
    • Significantly reduce the cost for a government to provide its citizens both access and safe custodianship of public records.
  • Enterprise – All the good intentions in the world are worthless if there is no good business case for enterprises to adopt MOIaas. Fortunately, there are some powerful incentives for them to do so.
    • Ease of onboarding. Collecting the necessary information from a customer to begin a business relationship is often complex, time-consuming, and expensive, especially so when it comes to financial services.  MOIaaS can significantly streamline customer onboarding, saving money, improving conversion ratios, and making the customer happier.
    • Expanding the base of reachable customers. By making it easier for customers to provide the necessary information to deliver goods and services to them, businesses will be able to reach segments of customers it was never possible or profitable to reach before.  Once again, this is especially true in the area of financial services, where the existence of MOIaaS, could be a major vector for financial inclusion.
    • Competitive advantage. Research has already shown that customers have a strong preference for enterprises that are viewed as safe custodians of their data; they will prefer to do business with enterprises that implement MOIaas over those that do not.
    • Cost of compliance. When an enterprise is obligated to provide customer information due to regulations like PSD2, MOIaaS automated verification can keep the cost of the non-revenue generating services to minimum.
  • DLT Service Providers – There is of course a great deal of work to be done to implement MOIaaS applications.  DLT service providers, as well as the system integrators that work with them, can be very successful in helping both enterprises and validating authorities with their adoption.

With most other data agency solutions being proposed, the delivery of actual value is delayed until some future inflection point, when a sufficiently large number of people and enterprises adopt its use.  Beyond that point, the value exponentiates, but before that point, the business case for adoption is minimal.  One of our aims with MOIaaS is to design a solution that adds direct incremental value to adopters before that inflection point is reached.  The future exponentiation of social value is still there, but the quality, security, and operational efficiency benefits manifest from day one.

4.0.      Use Cases

The use cases portrayed in this section assume the following:

  • Information requester and provider all use the MOIaaS App (the App).
  • There is an integration between the local MOIaaS host application (the Host) and trusted Validation Authorities (the VAs) that can issue, certify or validate the information.
  • Going forward, VAs are likely to be decentralized trustless networks themselves, and the exchange of trusted information can be accomplished with minimal integration work. In the interim, however, governments and other VAs can still provide automated service through current-standard integration techniques
  • When automated information validation is not yet available, human based processing can still play a role to bridge the gap; MOIaaS still provides the framework from communication and removes  significant  element of manual or electronic form-based processing

4.1.        G2C Use Case – Paperless Visa in Thailand

This use case focuses on MOIaaS enabled G2C interaction. In this scenario, a Thai citizen (the Applicant) applies personal visa from the foreign embassy (the Embassy).  The embassy requires all applicants to provide:

  • Citizen tax record from the Thai Government
  • Bank statement
  • Proof of employment status

The Embassy also has its own trusted agent (the Agent) to perform manual validations when needed.

The process flow for this use case is shown below. It was intentionally designed to reflect the real-world situation in which some participants in the process have fully adopted the MOIaaS solution while others have not.  In this way, it becomes clearer to see how MOIaaS can start adding value even without universal adoption.

In this example, the government, the bank, and the applicant are using the MOIaaS app, while the applicant’s employer and the government’s private agent (whom the government employs to do manual verification checks) have not.

Visa processing business process using MOlaaS is as follows:

fig3

Figure 3 – G2C Use Case, Paperless Visa Application

  1. The Applicant applies for entry visa in the Embassy through the Embassy’s website, and provided necessary information.
  2. Upon receiving the application, the Embassy sends a request to the Host.
  3. Upon receiving the request from the Embassy, the Host checks the business and node registers to retrieve party membership and node info. The Host also checks the Business Network register to get all related business rules and parties, through which the validation flow is identified.
  4. The Host sends notification to the Applicant about his visa application, and asks the Applicant if he would like to share the info with the Embassy.
  5. The Applicant receives the notification, and authenticates himself with the MOIaaS mobile App.  Due to the sensibility of the information needs, the App may require multi-factor authentication (e.g. facial recognition with liveness test).
  6. Once authenticated, the Applicant can review the info request, select the information he agrees to share (in this case, he agrees to all), and press AGREE TO SEND in his App.
  7. The Host gets the approval of sharing the info, so it invokes the validation flow registered in the business rule it retrieved earlier.
  8. Through the integration module, the Host invoke APIs to the Government agency and the Bank to get the tax statement and bank statement.
  9. Because the employer of the Applicant is NOT integrated with the Host yet, per business rule, the Host passes on the employment request to the Agent.
  10. The Agent gets the request and performs a manual check with the Applicant’s Employer and sends the result back to the Host.
  11. The Host determines that the employment check is valid for 1 year, and writes this to the ledger, so that within a year, the same validation does not require manual check by the Agent.
  12. The Host notifies the Embassy and the Applicant about the completion of the validation, and the business as usual process can continue.

The step 11 is a significant one because it provides a graceful transition for legacy topics that are not yet digitized, or not available for automatic verification.  As long as society can reach an agreement of that verification, we can store the outcome in blockchain and avoid repeat the same manual step later on.

If the Embassy has an electronic visa system, the rest of the process can be automated as well:

  1. The visa is issued electronically, stored in DLT, and sent the reference to the destination country’s border control authority, and the applicant is notified.
  2. This person arrives in the country’s port and walks through the border control authority area, where his/her face is recognized, and hence his/her identity.
  3. The border control system searches the visa-issuing DLT and validates the visa.
  4. The person is allowed to enter the county.  If necessary, a slip can be printed to welcome the travelling person with a reminder that he/she can stay for up to 90 days, but not is allowed to work, etc.

In this use case, an IDaaS (identity as a service, like the Thai National Digital ID, or NDID) can be very well-integrated with the MOIaaS.  MOIaaS is an application leveraging IDaaS, but not a provider of IDaaS.

4.2.        B2B Use Case – Cross Border Trade

This use case demonstrates how MOIaaS ecosystem can be used to support global trade.

During an international trade show, company A (the Buyer) from Kenya would like to purchase goods from company B from China.  The two companies have no prior relationship, and trust has not been established. With the MOIaaS application enabled, a complex business transaction can be conducted as follows:

fig4

Figure 4 – B2B Use Case, Cross-Border Trade

  1. Chinese company B (the Seller) initiates the trade in the MOIaaS client App after verbally agreeing it with company A.  B authorizes provision of its identity and any relevant credentials to trading partner A, with the detail of their proposed trade.
  2. Having received the request, the Host in China process the request: look-up up a set of registries:
  1. Business Registry – to verify Company B is registered in the system;
  2. Business Network Registry – to fetch the predefined trade rules, where the trading partners local banks may be unveiled.
  • Business Node Registry, associate the trade network node for each entity, including the local banks that need to be notified. Each entity may have one or more nodes. The node represents the entity in the consensus process of the DLT.
  1. After identifying this is a cross-border trade with Kenya, the Chinese MOIaaS application host passes on the validated requests to its Kenyan counterpart.
  2. The Kenyan Host first validate Company A is registered in its Business Registry, then notifies Company A (the buyer) about the validation requests from Company B, and waiting for Company A’s approval.
  3. Company A receives the request on their App, reviews the Bill of Materials of the requested information, and approves the request, thus releasing the information to Company B through MOIaaS.
  4. The Kenyan Host performs a set of lookups of its registries, and identify the interested parties (in this case, Company A’s local Kenyan bank), and all nodes associates to each party.
  5. Based on the original request from the Chinese company, the Kenyan Host will invoke information validation workflow to verify all information listed by Company A, and approved by Company B. The validation will go through its own integration model to connect to different VAs.  The Kenyan bank may be one of the VAs (see step 7.4).
  6. Once all information has been matched (akin to a confirmation process in a Straight Through Process), the Kenyan Host will notify the local parties: Kenyan Company A and its Kenyan bank. Also, the final outcome is sent to its Chinese counterpart through the MOIaaS Global Network.
  7. The Chinese Host receives authenticated and approved requests from the Kenyan counterpart. The request is formatted for the local jurisdiction and notifies company B and its China bank;
  8. Once all validation is completed, the trade is executed.

Every step of the process is registered in the immutable and secure blockchain.  When action is transferred to different jurisdiction, the reference to the chain is passed on with the request, so actions happened in difference jurisdiction can be correlated and audited.

We selected this cross border trade use case to illustrate a streamlined system interaction. The real-world use case is far more convoluted and inefficient.

This use case is architecturally significant since it covers all the key elements in MOIaaS eco-system, and shows how MOIaaS can handle very complex business rules and routing requirements.

5.0.      Key Considerations

To enable this new class of applications, MOIaaS application must be high performing, scalable and secure. And to meet regulatory requirement, the blockchain foundation should steer clear of any form of cryptocurrency, coin, or token to gain access to major markets like USA, China, etc. In short, MOIaaS requires an enterprise grade, legal compliant blockchain.

5.1.        Fit-For-Purpose Consensus

As the core the MOIaaS enabling architecture is the Fit-for-Purpose Consensus (F4PC), which is a minimum acceptable consensus for a specific business scenario, or use case. E.g. academic record and diploma requires a different consensus model than a renewable business license, or a supply-chain transaction.  With F4PC, all of these information in MOIaaS business cases can be written to a shared ledger and leverage the benefit of DLT/Blockchain.

As with all components of MOIaaS, the consensus mechanism is designed to be modular and pluggable, so that each use case and jurisdiction can use a consensus model that makes sense for it.  This model can be as anonymous as the proof-of-work mechanism that powers Bitcoin, as centralized as a traditional governance model where the “consensus” is in fact the approval of a single central party (typically a government agency), or anything in between as dictated by the needs of the individual use case.

Making everything as simple as possible, but not simpler – Albert Einstein

5.2.        MOIaaS Application Accelerator

Work is in progress to create a framework, helping developers in different jurisdiction to create the MOIaaS host application, as well as the end-user Apps. Through this application framework, standards and protocols can be enforced for easy integration.

5.3.        MOIaaS Global Network and Ecosystem

MOIaaS enables partners to start tackling the topics (validation processes) discretely, with localized user interfaces, with full respect to culture, regulatory and religious differences.   Due to these differences, there is a need to integrate MOIaaS host applications from different jurisdictions.  Such integration will support cross-border trust.  Obviously, government endorsement and support will be critical for the global network.

Discussions are already under way to explore this concept with partners and developers in Canada, China, Ghana, Kenya and Rwanda.

5.4.        MOIaaS Roadmap

The MOIaaS foundation, including the Fit-for-Purpose Consensus model, and main chain itself and the application framework, are on target to be delivered as a working prototype in early 2019, followed by pilot projects in selected countries. Negotiations for these pilots are already under way.

Think Big, Start Small, Scale Quickly – Louis V. Gerstner Jr.

The initial implementation of MOIaaS applications will need to deal with the fact that the vast majority of personal and business data artefacts are not currently stored with blockchain technology. This will entail some compromises on decentralization, e.g. utilizing many government authorities for some validations.

Once a piece of information is formally validated, it may be transferred into the blockchain storage and secured, ready for re-use.

As the technology is adopted, further transformation will extend the DLT into issuing process by authorities, thus the total elimination of validation processes.

6.0.      Conclusion

The MOIaaS concept leverages the immutability, security, and single version of the truth delivered by DLT to solve the data agency problem and return control of data to the person or company the data is about.  In doing so, it is our aim to bring a much greater level of trust, transparency, and efficiency to the way people live and work. We envision a society in which both data and process are decentralized and locally owned, replacing the monolithic, redundant, and inefficient mechanisms that govern both our personal and business lives today.

We believe achieving this vision will benefit everyone.  Not just individuals who want to protect their data, but governments who want to do a better job taking care of their people and corporations who want to deliver greater value to their shareholders.

We invite anyone who shares our passion of transforming life with technology, to join our MOIaaS community and help us start building the ecosystem.

7.0.      Acknowledgement

Special thanks to all my friends and partners for your inspiration, comments and feedbacks!

Erik Fertsman https://www.linkedin.com/in/erik-fertsman-bb8350155/

Ethan Gilmour  https://www.linkedin.com/in/ethan-gilmore-679120a4/

Ian Gilmour https://www.linkedin.com/in/iagilmour/

Cassie Hill https://www.linkedin.com/in/cassie-hill-0a9367143/

Dawn Hukai https://www.linkedin.com/in/dawnhukai/

Shane McQuillan  https://www.linkedin.com/in/ico-advisor/

Paul Mears https://www.linkedin.com/in/paul-mears-80224b4/

Matthew Pickup https://www.linkedin.com/in/matthew-pickup-64883535/

Pete Prinyaroje https://www.linkedin.com/in/pete-prinyaroje-8426665/

Ewan Puckle Hobbs https://www.linkedin.com/in/ewan-puckle-hobbs-6a367a7/

Joseph Sevilla https://www.linkedin.com/in/joseph-sevilla-6820971a/

Bob Sorensen  https://www.linkedin.com/in/bobsorensen/

Clemment Uwajeneza https://www.linkedin.com/in/uwajeneza/

Ko-Yang Wong https://www.linkedin.com/in/koyangwang/

8.0.      About the Authors

RapahelRaphael Hukai served as the CIO of the Equity Bank Group, Kenya’s largest retail bank and microfinance delivery firm.  As an executive architect with IBM, he has helped design technical solutions for many of the world’s largest banks and financial service companies, as well as eCommerce and life sciences enterprises.  Raphael specializes in helping customers to setup IT vision and strategy, manage adoption of new technologies, establish overarching architecture and governance, and improve the IT quality through identifying and addressing deficiencies.

With over 30 years of professional and leadership experience, Raphael developed unique capabilities of translating technology into practical and actionable business value, then packaging it for different C-Level stakeholders and different audiences.

Raphael believes DLT/Blockchain is not a solution looking for a problem, but an opportunity to solve a number of problems that have already existed for some time, and in so doing, dramatically improve the way people live and work all over the world.

https://www.linkedin.com/in/rhukai/
raphael.hukai@concordia.services

Mugshot 2Areiel Wolanow is the Managing Director of Finserv Experts, an independent consultancy that provides both delivery and advisory services for technology-enabled business transformation to financial service enterprises around the world.

Areiel also worked with IBM for a significant portion of his 30-year career in business transformation.  He led the team that implemented a machine learning based credit scoring algorithm for mPesa in Kenya, and delivered IBM’s first commercial consulting engagement in blockchain, a trade finance prototype for two of the top ten global banks.  He is currently engaged by Lloyd’s of London to design a completely new, DLT-enabled business model for the London insurance market.

Areiel is passionate about financial inclusion. He has addressed the G20 about the transformative potential of emerging technologies for developing economies and advised central banks and financial regulators on fintech and blockchain adoption as a way of offering dramatically better prosperity financial security to the most world at a cost people can afford.

https://www.linkedin.com/in/areiel/
areiel@finservexperts.com