KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Yeah, good evening, ladies and gentlemen. So I will talk about digital identity for enterprises and at 30. So our focus is primarily on yeah. Digital identity and compliance solutions at our mission is that we establish trust for the world value chains and make transparency, universally accessible and reliable, and primarily for compliance use cases. So when I talk today, I'm not so much concerned about selective privacy for humans. So I'm more concerned in terms of attribute ability, verifiability, integrity, authenticity compliance requirements for enterprise use cases.
And that's, that's what I'm, I'm I'm going to present now. It's ity, there are 16 employees.
So we, we primarily focus on S and Verifi with credentials, and we are doing cloud edge wallets because I have philosophers. So when I do an identity supply chain, I might wanna run my software at any infrastructure could be at the edge in a smartphone in Siemens IOT edge device can be in my virtual private cloud, can be on my on premise environment and build softwares can run on, on cloud or the edge. And as mentioned, we focus on compliance.
Our customers are primarily pharma, life science, food customers, and government customers that care about compliance because they're heavily regulated. And they would like to automate compliance to digitize it, to bring the cost down and also deliver additional innovation.
Yo, and I think we all know this in cyber physical value chains, and Gartner's talking about agile defined, dynamically defined value chains, everything connects with everything else, very in very dynamic way today in the more kind of static way with kind of linear supply chains, we have already nuMe scandals in terms of Sanna Plaza, factory collapse that ties back. Do I trust my vendors as in compliance with labor rights, anti-bribery environment, health and safety standard. This ties exactly back to enterprise identity. Can I trust new vendor or not?
And of course it also goes to fake automotive parts can, can attract the authenticity, can check the lifecycle. If I would like to do it, I might wanna have digital signatures kind of to check if I have any assertions about the, the spare part, the objects, the trade object. And for that reason, I think it's, it's important that yeah, that we have kind of end to end verifiability along the lifecycle of a product. And I'm not even talking about green deal. And when I have policy frameworks, I would like to enforce them. I would like to monitor them at the customs organization.
Is this a circular object that's kind of coming into the European union or is the fake circular object with, with a lot of labor rights issues and some environmental issues. I need to be able to check this along the entire supply chain from the manufacturer to the shipper, to customs, to the wholesaler, to the end customer. And if you would like to do this, you know, it's interoperable data, Porwal electronic signatures, and that's why all Z WSC standards are so important to, to, to enable this. So it's faculty.
So we primarily looking into bringing forward the internet today with HTTPS internet is based on encrypted data. And now this big transformation transforms the internet to encrypted and science data everywhere. So today I, I encrypt everywhere, but I'm not signing everywhere. So here and there we use pretty good privacy, couple of X five or nine certificates.
But the, the, the, the technologies providing what we call ambient signing capabilities and ambient verification capabilities. So that really can check is the real enterprise effect product. And I can go back to word of trust to check it out. So we believe if we have not sort out the identity problems, then we don't need to even touch central bank, digital currencies D smart contract. I can touch this in wide west peer to peer world, but I cannot touch this in the B2B B2B to C world because they have a lot of regulation compliance requirements.
I have to check my counterparties, my customer's authenticity of active pharmaceutical ingredients, for example, and pharma industry or food product. And for that reason, I first have to sort out the, yeah, make sure I can I have the instruments to check, sign data. And that's, that's what's for what we do. I think we all know. And you have seen this typically with all the debts and verifiable credentials, we have an issuer, an issuer can be an audit organization, can be the GL. I think we heard about life. It can be a government, it can university, it can be a state of pharmacy.
So in this example here, state port of pharmacy is basically issuing a credential about pharma wholesaler or manufacturer so that they have an authorized trading partner license that can present it to retailer. That's a typically B2B use case from a compliance perspective I can check is the counterpart in the internet really is a manufacturer or the wholesaler. And do they really have a state license to produce products or to hold set products? And that's what we automate from a compliance perspective. And that's just, just one of the use case in terms of the credentials.
I think we are all aware. We heard a bit. So we have decentralized identifiers. We have credentials describing for, for digital identity or for twin the entire back to birth life cycle with, with cryptographically verifiable instruments that can check is assertion really been done by the manufacturer in terms of the, the birth certificate certificate of conformity, some environmental certificates. I really can check this with, with cryptography and with end to end identity supply chain, but it's not only about an individual object human enterprise or thing.
It's also about, let's say the Analyst B meeting can be vendor. Customer can be university. Human can be, anyone else say, can be a car, can be a car in a car sharing customer. Basically I request my verify credentials. I can check the life cycle, the, the integrity, the status, the authenticity of my counterpart established trust. And after I've established trust, I can do content agreements, business agreements. And that's what we call DocuSign on steroids, because then I've cable seat, my counterpart, and a full trust in it.
I can, I can issue contract. I can cook to definitely sign it. The counterpart is countersign it. And suddenly I have a very, very solid contextual agreement in place, not only for humans enterprise, but for machines. And that that's a pretty good capability.
Last part, not least I don't wanna address it today, but you can also Providence to data, especially in industry for zero supply trends. If I have a digital twin, I can basically go back to, to, to burst of an object of a 3d printer product and check the datas digital twin. What's the prevalence, where are they from? Was the real 3d printer, real design real QA device for quality assurance, or was the fake QA device. And if I cannot check this, I cannot trust the digital twin. And then it's kind of in the, the physical product was worthless.
And that's what we call verifiable data chains and data Providence that's. That's where we also have kind of first initial products coming here. Cool. So at we provide a digital identity cloud cloud edge wallet, this focused on security and compliance that can be integrated via APIs and backend systems, EAP systems, manufacturing, execution systems, transport management systems, you name it with apps. It can be integrated with labeling systems for products.
And of course, that app and the, the primary focus is to leverage digital signatures for compliance use cases to fully digitize it, to drive out the manual effort, but also to bring the enforcement of policy frameworks to the next level. And that's, that's what we do here. It's kind of it's living in the cloud.
It's it's, it's, it's, it's fully scalable. It's API based. The customization effort typically is very low, so it can be easily integrated in existing legacy infrastructures.
And that's important for us because when we about peer to peer blockchain and all the other things it's primarily very often discussed in the Greenfield approach, but we have, we have tons of assets, legacy systems out there in the brownfield, and we are basically kind of retrofitting integrating them so that we can leverage all benefits across multiple supply chain actors for the end to end verifiability with existing systems. That's, that's what we do at Phillip.
I think high level, typical use cases are corporate master data is it's a re counterparty life cycle credentials and environment, health and safety standard antibi child labor, my counterpart kind of all this credential. I onboard a vendor. I request the credentials and then I can run my third party, risk management about a vendor that I'm just onboarding. And then if they can provide the proper credentials, I can trust them and then I can do business risk. And then I reduce my, my third particle, but they also reduce my, my compliance effort.
Same for object it's primarily I have an object that's often done in the pharmaceutical industry. Pharmaceutical industry is fully serialized the medical products, the pharmaceutical product, which means everyone is a single serial number. I scan it. I go to digital twin. I have all my verifiable credentials. And then I have back to birth lifecycle transparency, fully end to end verifiable for regulator, for wholesaler, but also for patient. And it's not only about authenticity of COVID vet. People are kind of working on this. It's also about simple things, such as digitizing the E leaflet.
Today. We have paper E leaflets, we digital signature. We can transform it to digital version of the, of the leaflet E leaflet. And if you do it in a, in a GXP relevant environment, we have compliance requirements because you don't wanna score with the health of your patients. Then digital signatures have kind of to, to create an leaflet and that that could be done, but also it's for all kind of products. That's what we call product pass.
You can put assertions, verifiable lifecycle credentials about the product in digital twin, and then any actor, any previously unknown actor along value chain can basically verify established trust in the, in the object. And last but not least, you can also digitize process, process auditability. And that's what we show a bit later. Cool. Yeah. So it's fairly, we primarily work with pharmaceuticals and food, food supply chain actors, because there is heavy regulation. There's a lot of standardization in place terms of data structures. There's also serialization in place.
And that's nice because then, then we can put our digital trends, verifiable end to individual trends on top of it. And, and we are also doing work for the us depart performance security.
It's not, let's say a pharmaceutical product. It's a lifecycle history for a shipment. Shipment has a shipment number. And if I have the lifecycle history and when eCommerce items are being imported, I can pretty much digitize what's happening on the customs boundary to basically provide something such as digital pre-entry form, but with full verifiable life cycle verifiability of a, of a eCommerce shipment. And this has a lot of value when it comes to illicit goods.
So when it comes to yeah, problems with some customers in the, in the home country, obviously fake manufacturer, you can sort this out. And this goes, even if you would like to enforce policy policies as a customs border to only let in circle green products, you basically check the history, leave them in or not, but only if it's weapons drag, that's also what's what's going on today and verify credentials of helpful by having set this, I would like to present what we are doing for the us tax supply chain security act with pharmaceutical manufacturers and wholesalers in us.
That's what we call our size trading partners. That's a simple use case where all the ingredients are coming together to bring this into production now. So basically the full end to end identity supply chain sorted out for this use case.
And so we, we reviewed hundreds and hundreds of use cases all the time. At least one component is missing here. All components are in placed and that's very nice.
So the, the food and drug administration in us, they came up with the us black supply chain security act. And basically in the use case of so-called sellable returns, which means an items is coming, coming back to wholesaler, the wholesaler must scan. It must can see the number and must send a PI PI verification request to the, to the manufacturer to check the authenticity and life cycle of a sellable term. And in addition, the law says both the manufacturer and the whole seller have to check the license status of each counterparty.
And this is where we are, what we are digitizing, so-called training partner status. And I show how it's being done with VCs and visits. So basically that's a system that's in place today.
Today, the wholesaler scans the 2d data metrics in of a fast circle product in the 2d data metrics. I have the gin global trade identification number, a bachelor number exploration date, and the serial number. Then the wholesaler creates a PI product information verification request sends it via so-called verification. Routing sales provides to the manufacturer manufacturer returns and okay on other status bot from a single product. And then the wholesaler can continue to proceed this.
And the problem today is the manufacturer has no instrument to check the ask trading partner of the wholesaler and the wholesale. I mean, the wholesale, I get the response back. The wholesale has no instrument to check the training partner of the manufacturer. The training partner status is being determined by state board of license or regulator or the FDA. And only if I, if I know that contract manufacturer are a small wholesaler who have never done business with, if they have a proper training partner status only then I can co proceed with my business process.
And if they have manipulated trading status and must report by a national reporting to FDA, and that's that's use case here today, the ATP status is being manual process, and we basically digitize it by providing identity wallets. So every wholesale manufacturer becomes an identity wallet. It's being integrated by so-called verification, holding sales provider. They do lookups today.
And yeah, so when hold said, has it, the manufacturer has it. So hold Celler gets been onboarded with a very, very far credential issuer. So there are companies such as M and they basically, even today checks the identity of hold cell as a manufacturers and checks the ATP status.
And now they basically not only check it on paper, they issuer credential this them an identity credential plus an authorized training partner credential so that when the wholesaler sends a PI verify request, the ATP credentials being embedded in the PI verify request is being sent to the manufacturer manufacturer can check the ATP status. And then the manufacturer is sending the response manufacturer is packaging its own ATP credential here. And then the wholesaler can verify it as, as well. So what's very interesting all ingredients in place to bring in production.
And that's, that's, that's what we are kind of working on right now to bring in productions next weeks. And this scalable system is enterprise identity fully started out end to end supply chain. That's nice here. You see how our system's not only being integrated with the, with the wholesale manufacturers. It's also been integrated withm people are issuing identity certificates, plus the ATP status certificate license certificates. And we have basically found a very nice way to put step an existing hood of trust of signing capabilities of a drug enforcement agency it's fully existing.
So we have a hood of trust that we can boot stamp. In addition, it's fully automated with existing legacy database.
So, which means if they have an update there immediately, the credentials being revoked and everyone is informed in the entire ecosystem. That's, that's a very nice use case. How does it look like in the wallet? Basically just two credentials, identity credential, ATP credential plus, and all the PI verify requests are handed. So our APIs, we have full ATP monitoring about all the requests about all PI verify requests for compliance.
That's a big, big step forward to digitize compliance in this use case and to kind of, to, to, to bring kind of the, the ATP status transparency to the next level. In addition, I think Kim mentioned the GL, that's also something pharmaceuticals and DHS and other companies are looking into it. So what's the hood of trust for enterprise identity and TC an example for, for Aon, how we integrated this real life system. Basically we integrated the mock up real issuer, but so it's kind of, it's the objective have operational couple of months.
Then the gly has kind of put the governance in place and, but it's working today and basically see Aon, Aon has info. And then you basically can immediately kind of connect the, the verifiable legal entity identifier and, and fetch the data from the gly CLO gold master database. And then for Aon, you have all the data, you see the hundred numbers, the company registry number, and then you have full, full verifiability. Who's your counterpart is really Aon or not. And you can even go back in the company registry in Germany, in Delaware, wherever you are.
And that's, that's very nice to establish trust with a very verifiable legal entity identify as of life. And before close, I think with, with these use cases. So we have the credential issuers verified legal entity issuers. We establish company identity, and there's a prerequisite to go deeper, to go deeper to enterprise resources, such as systems, employees and marketplaces.
And then when this is in place, a system can, a labeling system can issue a credential when a thing, a pharmaceutical products being labeled, they can add a leaflet to this, and then suddenly you have full lifecycle transparency, but you don't need to start with lifecycle self transparency of objects. If you have not sorted out the hood of trust and the enterprise identity, that's about to be sorted out and then could be broken down to things. And that's what we do. I mentioned here, a digital twin of sensible good pharmaceutical product.
And here in this case have digitized the E leaflet, some authenticity credentials, and suddenly have a full digital twin of pharmaceutical product. That that's, that's very nice. But if you think below beyonds, it's not about patient health only, which is very important. It goes to circular economy and to the CO2 footprint of objects, to environmental standards, to the manufacturing process. And that's what we see where people leverage enterprise master data, responsible sourcing, third party, risk management, ESG sustainability propositions, supply chain law can exist circular product path.
So we see a lot of work on circular product paths for, for green deals. And then you need to have this transparency end to end verified lifecycle transparency. That's what we basically do. Usually work with industry leaders, combine our decentralized identity capabilities, our consulting, B2B B2B TOC knowledge, yeah. To bring kind of the product pass and, and, and enterprise and object, identity, and poses all the, all the ability to life, our customers. Thank you.
