Een kritiek en voorgestelde oplossing voor digitale identificatie en authenticatie in productpaspoorten

Critics on Cirpass Proposed Solution

The Cirpass solution suggests GS1 Link as the standard for HTTP-based access in digital product passports, aiming to establish a universal identifier for product information. However, the reliance on GS1 Link raises concerns about market monopoly, as no alternative has been presented, limiting flexibility and potentially stifling competition.

In response to these limitations, a DID-based (Decentralized Identifier) Access model is proposed to enhance market adaptability. This approach allows for unique, unlimited DID resolvers stored within a QR code. When scanned, the code leads to a resolver URL stored within it. In case the primary URL is unavailable, the system automatically redirects to a backup URL, enhancing reliability and preventing data silos.

Proposed Solution: An Integrated Approach for Secure Digital Identification and Backup Access

1. Generating Digital Credentials

1. Obtain a Digital Certificate: Secure a certificate from a trusted Certificate Authority (CA) containing a public and private key.
2. Sign the QR Code Data: Use the private key to digitally sign QR code data, ensuring authenticity.

2. User Verification

1. Submit Credentials: Companies submit their credentials, such as a digital certificate, via a web application.
2. Backend Verification: The backend validates the credentials through the CA's verification service.
3. Authorization: Upon successful verification, companies are authorized to create DID resolvers and generate QR codes.

3. Creating the DID Document

1. Register DID: Create a DID using a method supported by either Polygon or Ethereum.
2. Primary and Backup URLs: Include both primary and backup URLs in the DID document.
3. Signature: Sign the DID document with the company's private key.

4. Embedding Verification Information in the DID Document

• Embed the certificate and signature information in the DID document for decentralized storage on IPFS, ensuring the document's integrity and immutability.

5. Integrated Solution Using IPFS and Ethereum/Polygon

• Storage on IPFS: Securely store the DID document on IPFS for cost-effective retrieval.
• Blockchain Alternative: Companies can alternatively store the DID document directly on Ethereum or Polygon through a smart contract, preserving the document immutably.

6. Publishing the IPFS Hash on Blockchain

• The IPFS hash can be stored on Ethereum or Polygon, ensuring immutability and traceability of the DID document.

7. QR Code Generation

• The QR code encodes the DID URI and the digital signature, serving as a bridge between the physical product and its verified digital counterpart.

8. Verification Process

• Signature Verification: The resolver verifies the signature with the public key upon scanning the QR code.
• DID Document Retrieval: It retrieves the DID document from IPFS and validates the URL, ensuring secure access to product information.

How to Detect Fake QR Codes

• Digital Signature Verification : Only the public key from the corresponding company can validate the QR code's digital signature.
• Certificate Verification : The public key in the CA-issued certificate confirms the company’s legitimacy.
• Immutable IPFS Storage : Storing the DID document on IPFS prevents unauthorized modifications.
• Verifier Application : A dedicated application scans QR codes, verifies digital signatures, and compares metadata with internal records.
• IPFS Hash Verification : This verification ensures the stored document remains unchanged.
• Additional Metadata : The DID document may include product-specific metadata, such as manufacturing details, aiding verification against the company's internal database.
• Public Ledge r: Publish a hash of each DID document on public ledgers like Ethereum or Polygon, further reinforcing document authenticity.

9. Role-Based Access Control with Digital Wallets

• Role Assignment: Different roles, such as customers, authorities, and recyclers, are granted access to varying levels of product information.
• European Digital Identity (eID): This identity platform helps manage roles through verified credentials.

10. Backup URL Notification System

• Primary URL Access: Initially, the resolver seeks the primary URL for data retrieval.
• Automatic Backup URL Access: If the primary URL is unavailable, the resolver switches to the backup URL.
• Notification System: A monitoring system alerts the backup URL of any primary URL downtime to maintain seamless access.

11. Ensuring Machine-Readable Data

• The system ensures that resolved data is accessible in a machine-readable format, streamlining digital verification processes.

This integrated DID-based approach to digital product passports offers a secure, flexible alternative to GS1 Link, fostering a decentralized verification process that minimizes monopolistic constraints and enhances system reliability.

Our services

To understand how ComplyMarket can support you to build your Digital Product Passport,  visit this Page or contact us directly.

Warning: ComplyMarket Solutions are patented and any use without written permission from ComplyMarket will lead to severe legal consequences.

written by : Alaa Rezk , Senior software developer