And if you would like to bring decentralized identity SSI solutions into production, it's pretty difficult because they have to have a lot of prerequisites in place. Yeah. Such as an educated ecosystem, a complete ecosystem, such as ability to rate of it, existing systems to scale it such as existing identity solutions and identity verification solutions. And this is really a challenge to find a need and a haystack to where all the ingredients I place to bring a use case into production already today with existing technology.
And I would like to talk about what the use case here from the us pharmaceutical market and pharma supply chain management, why the timings perfect. The regulation is per is perfect. And all the ingredients are there to bring decent, less identity SSI solution into production.
And yeah, as mentioned. So at verities, we look into security and compliance with verifiable digital identities.
And this means a lot of people are kind of motivated by the cyber punk manifesto ands identity. They're looking on human privacy and we believe that decentralized identities who, on the left hand side, we have zoom privacy, cyber manifesto with a lot of proof, lot of complex cryptography. On the other hand, I have full Correl relatability, full traceability, full end to end verifiability in compliance use cases.
And it's a bit two sides of continuum that the technology could be applied and we look more on yeah. Security and compliance use cases in enterprise and B2B use cases.
And ah, okay. So, and yeah, so it's basically about the trust and end to end verifiability that we address, and this is somehow required everywhere. So if you think about circular economy and then we have a product passed, we suddenly need end to end verifiability of a circular product.
Or we think in other regulated industries, we have regulated product with a lot of certificates. I would like to prove that have all the certificates and then digital identity verified credentials play important role.
And that's exactly the opportunity space that we also explore for the us life science, pharmaceutical market. And I dive directly into it. The us Congress then acted so-called track supply chain security act DSCs a and that's a regulatory framework. And when we talk to, let's say to other established identity and trust providers, they're basically like decent last identity, very far credentials a lot, but they don't invest. They don't move.
They're basically looking for where's the regulation in place today that enforces use of decentralized identity of a decentralized identity can make a huge, huge difference. Yeah. And to find this regulatory niches it's difficult. There are not many out there, but use drug supply chain security act.
And I will, I will provide some, some context here provides the perfect context, a regulatory context to, to be a good yeah, good ground to deploy decent, less identity.
Overall it's about protecting patients health because a lot of fake products are being brought into pharmaceutical supply chains, and this has impact direct impact on patient health. And the overall goal of supply chain security act is to product supply chain and make sure we only have legitimate products. And one of the reason of one of the, yeah, one of the instruments to bring fake products in a pharma supply chain, it's, what's been called sellable returns. Yeah. So I sold something and then I get a return and I have to prove that still the real product and not fake product.
And I have to check the history. I have to check the serial number. I have to make sure that not a malicious actor kind of let's say produced fake returns and try to bring it back in the supply chain.
And that's that's use case I focus on today because that's, that's the best explored use case here and trading partners by law, they have to scan so-called 2d data metrics, 2d data metrics is a 2d barcode on each pharmaceutical product. And the 2d data metrics contains a gin global trade identification, number, a batch number expiration date, and a serial number.
And that's important because if you would like to apply this technology in supply chains, it's always beneficial. It's a supply chain with the serialization of products it's already been implemented and the entire pharma supply chain as a pharma company, they invested hundreds and hundreds of million dollars already to introduce a serial number of each pharmaceutical package and a serial number that's machine readable.
So on, on, on some packages in fast consumer, go to find a serial number somehow printed on the package, but here it's machine readable.
It's a two so-called 2d data metrics. It's truly standardized by GS one. And that that's a big benefit because there's an existing identity standard already established that could be retrofitted and piggy packed for the solution.
So every, every, every farmer package is serialized has now serial number. I can scan it and I can do a verification. The other thing is, so we have a lot of different supply chain actors. We have around 70,000 supply chain, actors, farmers, companies, wholesalers, secondary wholesalers dispensers. And then we have even more actors than all the com community pharmacies will be counted as well.
A lot of, a lot of thousands of supply chain actors, and they're all unknown. They have never met before. And for that reason, an interoperable identity and trust framework yeah. Is required. And the law even says industry has to implement full interoperable electronic system by November, 2023, by the way, this was mandatory to implement until November last year and because of pandemic and some other things, they, they, they pushed the penalization of the law to 2023, but industry has to fulfill a lot of requirements now.
And for that reason, they would like kind of to get rid of, let's say, low hanging foods. And what I'm demonstrating here is kind of lowing food for them. And for that reason, that's now being implemented yo, to secure the drug distribution. So where do we start today? We have manufacturer and wholesaler. They somehow know each other. They do a due diligence. Do they really know each other? So then I scan my 2d data metrics on a pharmaceutical product.
I have my, my global trade ation number, batch number and serial number. I have it, I, as the wholesaler, when I get a saleable return, that's flowing back into my, my store. Then I can basically scan it sent to the manufacturer and the manufacturer can check is an authentic product or not. How do they do this? All the serial numbers are random serial numbers derived from entropy.
So which means an attacker it's impossible for them to guess valid, valid serial numbers.
And for that reason, the wholesale and they get cell return is sending the serial number to the manufacturer manufacturers, looking it up in the database is the valid serial number. Yes, no. And then the drug is okay. If it's a fake fake drug with a, with a fake serial number, then this can be easily found out.
However, having said this manufacturer and wholesalers prime, secondary wholesalers dispensers, they don't know each other. There's a long time for due diligence for onboarding. And in addition, when some of the players, they lose license license from the FDA to manufacture products or from the state board of pharmacy to hold their products, no one will recognize it. Yeah. And by law, this should be optimized. This is today. Somehow people kind of exchange with some data and there's long onboarding, a lot of manual expensive processes, a lot of manual compliance work.
And now with the new D S CSA regulations in place, this should be automated. The license status of either manufacturer wholesale or dispenser. So whether they're allowed to sell a drug to manufacture drug shall be verified in less than one minute. Yeah. Fully machine readable, fully automated. And then you need digital identity and verify the credentials to do this.
And in, if some of these people lose the license somehow takes up to one month, two months, enter this information of a counterpart that lost the Oscar trading partner license. The ATP license is being distributed and broadcasted to the individual players in the farmer supply chain. And we think verify the credentials, the process can be automated. And we think about the vocational registries. If someone lose a license, it can be in real time can be checked. So this fulfills the requirements of the drug supply chain security act.
Yeah. Okay.
Today it's, non-compliant couple of complications here and now with the, with decent identity solution, it looks like this. So if we digitize the us state license, it's a very far credential. Do I have a state license as a, as a, as a manufacturer? Or do I have an FDA license as the, as a manufacturer or state license as a wholesaler? So that's being digitized. That's being kind of combined with what's called so-called verification, routing service providers on the slide before you saw that manufacturers and wholesalers talk to each other, but this is, this was oversimplified.
There's a man in the middle and that's important for adoption. So around 12 so-called verification routing service providers and the top three have maybe 95, 90 8% of all transactions and the verification routing service providers, they do a simple look up service. Yeah. So I have my 2d data metrics, my serialized of a product with a serial number.
And then I do a look up where's the service endpoint. So as wholesaler I'm, I would like to send a PI verify request. And then the verification routing provider is doing a look up. So who manufactures the drug?
And then they're forwarding this PI verify request to the manufacturer. And this is important because verification routing service providers, they would like to implement the solution. And if we implement the solution with the 12 verification routing service providers, then we can adopt an industry because they men in the middle, they provide a business services to the, to the farmer supply chain companies. And that's important because implementing wallets to all these 7,000 supply chain actors. So this is a big task. Yeah. So it's almost impossible.
But if there's man in the middle, we all need to integrate two simple APIs with the verification holding service providers.
And by doing this, every pied message can embed in the header, an ATP status license credential, so that when a requester, a manufacturer sends a PI verify request to a manufacturer, the ATP license being embedded in the header, the manufacturer can check the ATP status, can check the revocation registry. And in real time, they can prove that the trading partner, that sense request is truly authorized, has a full license. That's not expired, not, not revoked.
And yeah, that's, that's Tru the, the, the whole teller that sensors. And by way, the post going in, in the other other direction, the same way, there's another interesting PCF adoption. That's an existing GS one standard. So when all the communication in the pharma supply chain is happening, there's, so-called lightweight messaging standard. That's implemented fully implemented by the industry. And what we basically do with the verify credentials, we piggy pick the standard.
So in the PI verify message, we blend our ATP license credentials in the header, and then we submit it with the PI verify request. We don't need to change anything on the existing infrastructure. We only need to implement two APIs and the entire industry via verification, routing service providers can now use it.
So how, how does it go now? Yeah. People get the wallets, the manufacturers and the wallets are integrated with the verification routing service providers. They do stuff on behalf of the manufacturers and wholesalers and okay.
That's, that's, that's our strategy cloud identity technology. We use all the Ws we see and dif standards for DDS verify credentials for DCOM V two communication to have a fully interoperable platform so-called meta platform.
So, but what we do cannot be controlled by any, any single party it's basically standards and by adoption of the standards.
Yeah. So we can make sure of an interoperable solution in place. Now we have couple of errors. Heres we basically digitize the license. Then we blend this with GS light messaging standards with the header, and then we can basically integrate it via two simple API cards. And I think this is really the, yeah, that's really the secret sauce here that we only two simple APIs. In addition, what's not on the slide and what we need for adoption.
So how do we know Novartis Novartis, John, and is Novartis me McKeson Pfizer, Pfizer, and Umang sauce. Bergers main sauce burns and make sauce Berg. And this problem was also solved. We don't need to, to, to, to manually verify the identity. And that's interesting because the so-called drug enforcement agency, they started 10, 10 or 15 years ago and provided X 5 0 9 certificate to all supply chain actors.
So that's what is called controlled substances. That's Nao and drug and NACOA and some, some heavy drugs. And if you, if you work with controlled substances, you need digital identity.
You need to sign stuff with X 5 0 9 certificates. And we are basically retrofitting or yeah. Piggy packing on, on this X 5 0 9 identity. So we derive a D ID identity from this, and I show you on the next slide, how's this being done? And this is how we can verify in a pretty automated way, the identity of the individual supply chain actors. Yeah. Again. Oh fact. Hold. So how much time do we have?
We have six
More minutes. Six more minutes. Okay. Yeah.
So you see, as the verification routing service providers, as the men in the middle, everyone wants to get rid of the men in the middle, but they are there. They have an important role for look up and that's buys very important. So if you have just one look up repository, look up directories, then you have a big kind of tech vector, because everything can be correlated.
You have, you have full Correl relatability for entire supply chain. And with couple 12 verification routing service providers is a bit mitigated from a, from a privacy perspective. So definitely important role. They accepted integrate to APIs, yo, and then people get digital identity, basically the wallets, that's an onboarding process. And now there's a whole of system.
I hope, by the way, we anchor our DDS, we don't do Y privacy. We don't need to do para pseudonymous and zero knowledge proof and, and linked secrets.
All the indie stuff, we don't need it simple system. And we get the, the, the trust from, from, from the underlying verifiable data registries, there's a DD anchor on Ethereum blockchain because it's there, it's, it's secure, it's handy. And industry is already using this. I mentioned, there's a look up directly decentralized from a company called middle ledger. And they're also using Ethereum.
And for that reason, this, this technology was already adopted. So we don't need to explain why serum secure to anchor a D I D document there. This was also in place. Yeah. Identity and verification, credential issuer. This is how it started. First was SAP and Novartis. Couple of others. We did the pilot edit of proof that to pilot with even more companies and now ledge them here. And that's important. So that couple of companies, such as, I think Mepo and ledge is the other one.
So we are very much working with ledge. They have validated processes to verify X 5 0 9 certificates.
So then Novartis is onboarding to our wallet. Then we are blending existing X 5 49 certificate with a D I D wallet. We are blending this and M can verify it. M can in simple terms of a wrapped credential of, of D ID and X 5 0 9 certificates, very simple terms, M gets this and can verify X 5 49 certificate. And then they know Novartis is Novartis. This is pretty automated. They fully validated post to do this because drug enforcement agencies does, does not want to mess around for 6, 5 49 certificates. They're issued so fully validated posts.
They do some secondary checks, and this is how the supply chain actors can, can get a D ID identity credential pretty fast. In addition, when the D ID identity credentials in place, then letter them does the second step letter them goes to their license database.
They basically replicated all license data from the FDAs, from the how states, 51, 52 states in us. They replicated all the license data of supply chain actors in their database and what they then can do in a fully automated way.
They can issue ATP license status credential is the manufacturer allowed to produce a drug, is the wholesaler allowed to, to, to yeah. To sell the wholesale drug. And this is fully automated and vice this high degree of automation. Then we have valid have easily integrated kind of two APIs valid via verification, holding service providers. We could issue identity credentials by now reusing X 5 0 9 of the FDA. And we can issue ATP status, license credentials in a pretty automated way. And this is all what we need yeah.
To, to feed them in the PI verification messages based on the GS one standard. And I think that that's important.
The GS one standard cause industries knows it and we wants to have it. And that was pretty, pretty important. The other industry groups, the HDA, the health distribution Alliance and the PPG and some others. So they're also collaborating with us. Now we have an open credentialing initiative.
So it's, it's kind of, yeah, it's kind of a foundation because it's not enough that we provide the wallets. We would like to have interoperability. There shall be competition of different wallet providers. There are two other technology companies participating in the open credential initiative that are providing wallet services.
And, and right now we are finishing the conformance criteria to make sure that when other credential issuer such as S are being onboarded. So they have to fulfill a minimum set of conformance criteria. But if everyone else wants to buy wallets, so we cannot afford to store private keys and exit spreadsheet.
And for that reason, we also have conformance criterias for the wallets. It's also important is not, let's say a commodity wallet. Like I go to wallet provider and send copies of wallet integrated.
So it's wallet with additional features to two APIs and features that can be integrated with industry standard, the GS one light message standards, couple of other standards. And that's, that's also being pretty much defined by conforms criteria. So to make sure the solution is working, even if different providers providing services and wallets, and it's working on a, on a, on a reasonable level assurance across the anti-industry that's, that's, that's what being done and what, what we have here. Yeah. Now we are launching a product that's being launched.
It's already in production with some of the big wholesalers and manufacturers. And so we, we also kind of did a lot of stuff to make sure we have low latency and this cashing is kind of stuff.
So it's really, really, really could work in real time. Yeah. People like it from FXL SAP also likes it. It's also good.
So we are, we are easily 27, 1 certified, but also we are SAP certified and use the APIs to make sure it can be easily integrated and secure and compliant way with visit existing systems. Yo, I think I mentioned this regulatory needs super important. No regulatory needs, difficult technology ecosystem should be educated collaboration. We have X 5 0 9 circuits from FDA. It's a super simple use case. It can be fully automated and yeah, this ensures the interoperability and own standards and promotes competition. Yeah. That's what we do there.
Credentialing credentialings pharma supply chain, us and yeah, I guess we have some time for questions.