ORIGINAL RESEARCH
Biagio Boi, PhD , Student; Franco Cirillo, PhD , Student; Marco De Santis, PhD , Student; and Christian Esposito, PhD
Department of Computer Science, University of Salerno, Fisciano, Italy
Keywords: authentication, blockchain, healthcare, medical record, SBT, Self-Sovereign Identity, Soulbound Token, SSI
Context: The digitalization of the healthcare sector faces significant challenges due to the diverse representation of data and their distribution across various hospitals. Moreover, security is a key concern as healthcare-related data are subject to the legal obligations of General Data Protection Regulation (GDPR) and similar data protection legislation. Standardization efforts like Health Level Seven (HL7) have been implemented to enhance data interoperability. However, authentication still remains a critical issue with significant challenges.
Aim: This research aims to improve and strengthen the authentication process by introducing a novel architecture for decentralized authentication. Additionally, it proposes a new approach to decentralized data management, which is crucial for handling sensitive medical data efficiently.
Methodology: The proposed architecture adopts a user-centric approach, utilizing Self-Sovereign Identity (SSI). It introduced a new non-fungible token (NFT) type called soulbound token (SBT) in the medical context, which will facilitate user authentication across different hospitals, effectively creating a federation of interconnected institutions.
Results: The implementation of the proposed architecture demonstrated a significant reduction in authentication time across multiple hospitals. The use of SBT ensured secure and seamless user authentication, enhancing overall system interoperability and data security. The decentralized approach also mitigated the risks associated with centralized authentication servers.
Conclusion: This study successfully presents a novel decentralized authentication architecture for the healthcare domain, leveraging SSI and SBTs. This approach accelerates the authentication process and enhances data security and interoperability among hospitals. Future research should explore the scalability of this architecture and its application in other sectors requiring stringent data security measures.
This research addresses challenges in digital healthcare, particularly in data variety, distribution, and authentication. It introduces a decentralized authentication system using Self-Sovereign Identity and a new type of non-fungible tokens called soulbound tokens. This system links hospitals, reduces authentication times, enhances data security, and improves system interoperability. By decentralizing authentication, it mitigates risks associated with centralized servers. This study results suggest that this innovative approach could benefit healthcare and potentially other industries with stringent data security needs, though further research on scalability and broader applications is recommended.
Citation: Blockchain in Healthcare Today 2024, 7: 334.
DOI: https://doi.org/10.30953/bhty.v7.334
Copyright: © 2024 The Authors. This is an open access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, adapt, enhance this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0.
Submitted: July 2, 2024; Accepted: August 9, 2024; Published: August 31, 2024
Corresponding Author: Franco Cirillo, Email: fracirillo@unisa.it
Competing interests and funding: None reported by the authors.
This work was partially supported by project SERICS (PE00000014) under the NRRP MUR program funded by the EU—NGEU and by the project “DHEAL—COM- Digital Health Solutions in Community Medicine” under the Innovative Health Ecosystem (PNC)—National Recovery and Resilience Plan (NRRP) program funded by the Italian Ministry of Health.
Improving data management, operational effectiveness, and patient care, all depend on the healthcare industry going digital. However, there are several major obstacles to this shift, especially when it comes to authentication and data compatibility. Healthcare data are often dispersed throughout several systems and organizations,1 each of which uses a different set of standards and technology to manage patient data. This fragmentation makes it difficult to integrate across different systems and causes discrepancies in data representation. The absence of a standard data format makes data interchange more difficult and increases the risk of errors and inefficiencies. Because many systems do not always work well together, users could have trouble easily accessing their health records. This disarray compromises the effectiveness of care coordination and could lead to mistakes or delays in patient care.
Conventional healthcare authentication methods usually depend on centralized servers to store and validate user credentials. These centralized systems have several difficulties, such as:
Reliance on centralized authentication systems may lead to serious security flaws that compromise the overall effectiveness and security of healthcare data management. This vulnerability is exacerbated in a decentralized environment where data are spread across various institutions.
Strict laws like the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) apply to healthcare data. To safeguard patient privacy and guarantee compliance, these regulations impose strict controls over data access and management. Conventional authentication methods frequently fail to strike a compromise between user ease and security. Complicated authentication standards may result in more administrative work and possible noncompliance. For traditional systems, it is difficult to guarantee that only authorized personnel will access important information while preserving a seamless user experience.
The complexity of healthcare data networks is increasing along with the number of users, and existing authentication solutions might not be able to keep up.2 Several conventional systems are based on inflexible infrastructures that make it difficult to modify them in response to changes in the healthcare industry or in technology. It is possible that old authentication techniques will become obsolete or require expensive modifications as healthcare systems develop and incorporate new technologies. This lack of flexibility and scalability may make it more difficult for the industry to develop and adapt to new problems.
This research aims to address the authentication challenges in the healthcare sector by proposing a novel decentralized authentication architecture. The proposed solution leverages self-sovereign identity (SSI), a user-centric approach that empowers an individual’s control over their digital identities. Additionally, the architecture introduces a new type of non-fungible token (NFT) known as the soulbound token (SBT). The SBTs are a specific type of non-transferable token introduced to represent personal credentials and achievements on the blockchain in a secure and verifiable manner.
Unlike traditional fungible tokens or transferable NFTs, SBTs are bound to a specific individual and cannot be transferred or traded to another party. The origin of SBTs lies in the need for a reliable method to digitally represent and verify personal attributes and credentials such as academic degrees, professional certifications, and membership records. This need has become more pressing as human verification gains importance in various domains, from education to professional networking and beyond. The term “soulbound” metaphorically represents the idea that these tokens are inherently linked to the individual’s “soul,” meaning their personal and unique identity, and are not meant to be detached or exchanged. By implementing this decentralized approach, we aim to create a federated network of healthcare institutions, enhancing data security and interoperability while significantly reducing authentication times. To complement this decentralized authentication architecture, we propose the integration of a Solid data management system (a medium for the secure, decentralized exchange of public and private data), which provides a robust framework for decentralized data storage and management. By utilizing Solid, patients can store their personal health data in personal online data stores (Pods), which they fully control. This ensures that patients have the authority to grant or revoke access to their health information, fostering trust and enhancing privacy.3
In this report, we detail the methodology behind the proposed architecture, including the integration of SSI and SBTs, and present the results of our implementation. We demonstrate how this approach mitigates the risks associated with centralized authentication servers and improves the overall efficiency and security of the healthcare data management system. Finally, we discuss the potential implications of this architecture for the broader healthcare industry and suggest avenues for future research.
In the field of digital credentials management, the integration of blockchain technology and cryptographic protocols has led to significant advancements. A prominent development is the use of SBTs for issuing and managing digital access credentials.
This section examines various contemporary approaches and innovations in this domain, highlighting the strengths and limitations of each, with a particular focus on privacy, non-repudiation, and regulatory compliance.
The digital credentials management system proposed in Ref. 4 introduces an innovative approach by leveraging an enhanced version of SBTs, referred to as rejectable soulbound tokens (RejSBTs). This system enhances traditional credential features by embedding terms and conditions during issuance and ensuring non-repudiation of reception upon acceptance by users. The RejSBTs guarantee non-repudiation of reception and origin proofs, a critical aspect for legal and security purposes. However, the current protocol lacks encryption measures, as it primarily handles non-sensitive digital access credentials. It is crucial that future integrations align with GDPR regulations to address potential privacy concerns.
Another notable approach is the integration of decentralized identifiers (DIDs) with SBTs in digital authentication systems, particularly in the Web3 and metaverse environments. This scheme proposed by Kim and Ryou (2023)5 utilizes DIDs for user verification via smart contracts and issues SBTs for seamless integration. To enhance privacy, verification authorities’ service providers use zero-knowledge proof (ZKP) systems, ensuring that critical user information remains undisclosed during the verification process. This method increases user convenience by allowing the generation of cryptographic proofs without direct user involvement. Additionally, a unified wallet manages both DID credentials and SBTs, simplifying credential management.
In the context of privacy-preserving credential systems, the use of SBTs combined with selective disclosure mechanisms is gaining traction. One framework6 proposes issuing credentials as NFTs stored on the Interplanetary File System (IPFS) in an encrypted format. Although this system empowers users with complete control over their credential information, the verification process does not employ ZKPs, potentially limiting its privacy assurances.
An advanced method for private identity verification7 involves zero-knowledge SBTs, which combine SBTs with ZKPs. This protocol uses the identity holder’s private/public key to encrypt data stored in an SBT. A ZKP is then used for verification, ensuring that the data have not been altered, and that the identity holder meets specific requirements without revealing any personal information. This approach effectively balances privacy and security, making it a robust solution for identity verification.
The metaverse presents unique challenges and opportunities for digital identity management. One implementation8 focuses on providing age-restricted access in Decentraland (a 3D virtual world browser-based platform) using Ethereum smart contracts and ZKPs. This method allows users to prove their eligibility for certain activities, such as accessing a virtual cinema, without disclosing their real identities. It leverages existing legal frameworks like eIDAS (electronic identification) and W3C Verifiable Credentials, demonstrating the practical application of blockchain technology in maintaining privacy while ensuring compliance with legal standards.
A practical use case for SBTs is the certification of COVID-19 vaccinations. This proposed system9 employs a decentralized application, where SBTs are issued as non-transferable and revocable tokens, ensuring they align with the non-transferable nature of vaccination records. While this approach addresses the administrative aspects of vaccination certification, it does not explicitly tackle privacy and confidentiality, highlighting an area for future improvement.
Furthermore, the concept of data decentralization extends beyond credential management, offering broader applications across various sectors. One significant challenge, aside from security, is the storage of large files on the blockchain network, as traditional blockchains lack the capacity to store extensive files like medical images. Integrating decentralized storage solutions such as an IPFS and Solid Pods (personal data stores that provide a place to access, update, and share data) can revolutionize data management and sharing across networks. For instance, IPFS provides a peer-to-peer network for storing and sharing data in a distributed file system, enhancing data availability and mitigating the risk of central points of failure. A security model proposed for datastore on IPFS10 utilizes Shamir’s Secret Sharing (SSS) to encrypt data before storage, implemented in Ethereum and operating on a Proof of Work consensus algorithm, necessitating high computational power.
Another challenge with IPFS is that it only provides a hash of the data, complicating the search for related patient records. To resolve this, an Interplanetary Name System-based blockchain has been proposed in Ref. 11, which facilitates data searching by providing a name instead of a hash, thus reducing search time. Blockchain systems are thus used for storing, sharing, using, and manipulating patient data. Another solution is to use Solid pods to store healthcare data. Examples of their use and techniques to optimize a search have been published.12,13
Based on Table 1, our solution outperforms existing methods by offering a comprehensive and scalable framework that balances privacy, security, and regulatory compliance. It uses decentralized authentication with SBTs, a private blockchain, and privacy-aware oracles, ensuring high privacy and strong security. Unlike other approaches, it addresses key limitations such as lack of encryption, complexity, and application constraints, making it a superior and more robust option.
Source | Key Features | Strengths | Limitations | Privacy | Non-Repudiation | Regulatory Compliance |
Pericàs-Gornals. et al. (2024)4 | Enhanced SBTs with T&C, ensures non-repudiation of reception | Legal and security assurance, non-repudiation of reception and origin | Lacks encryption measures, primarily for non-sensitive credentials | Low | High | Needs future GDPR alignment |
Kim et al. (2023)5 | DIDs for user verification, ZKP for privacy, unified wallet | Enhanced privacy with ZKP, seamless integration | Complexity of implementation | High | Medium | Aligned with legal standards |
Reddy and Kushwaha (2023)6 | NFTs stored on IPFS, encrypted format | User control over credential information | Lack of ZKP, limited privacy assurances | Low | Medium | Privacy enhancements needed |
Cabot-Nadal et al. (2023)7 | Combines SBTs with ZKP, uses private/public key for encryption | Balances privacy and security effectively | High complexity | High | High | Strong alignment with privacy regulations |
Zichichi et al. (2023)8 | Ethereum smart contracts, ZKPs, eIDAS, W3C VCs | Practical application in metaverse, maintains privacy and compliance | Specific to age-restricted access | High | Medium | Strong compliance with legal standards |
Lunesu et al. (2023)9 | SBTs as non-transferable and revocable tokens | Addresses administrative aspects | Lacks focus on privacy and confidentiality | Low | Medium | Needs enhancements for privacy |
Naz et al. (2019)10 | IPFS for storage, SSS for encryption, PoW consensus | Enhanced data availability, mitigates central points of failure | High computational power, search difficulties | High | Medium | Strong potential but needs optimization for healthcare |
Saharan and Prasad (2020)11 | Facilitates data searching with names instead of hashes | Reduces search time, enhances data sharing and usage | Implementation complexity | Medium | Medium | Strong alignment with data management standards |
Prop. | Decentralized authentication with SBTs, private blockchain (Hyperledger Besu), PoA consensus (QBFT), privacy-aware oracles (Chainlink) | Comprehensive framework, scalable, enhanced security with private smart contracts | Private Blockchain | High | High | Strong compliance focus, private blockchain ensures privacy |
DID: decentralized identifiers; eIDAS: electronic Identification, Authentication and Trust Services; GDPR: General Data Protection Regulation; IPFS: InterPlanetary File System; NFTs: non-fungible tokens; PoA: Proof of Authority; PoW: proof of work; QBFT: Quorum Byzantine Fault Tolerant; SBTs: soulbound tokens; SSI: Self-Sovereign Identity; SSS: Shamir’s Secret Sharing; T&C: terms and conditions; VCs: verifiable credentials W3C: World Wide Web Consortium; ZKP: zero-knowledge proof. |
The advancements in digital credentials management systems using SBTs illustrate significant progress in enhancing privacy, security, and user convenience. However, each approach has its set of strengths and limitations, particularly concerning privacy preservation and regulatory compliance. Future developments must focus on integrating robust encryption measures, comprehensive privacy protections, and adherence to regulatory standards to fully realize the potential of these innovative systems in digital credential management.
The current state-of-the-art highlights a significant lack of interoperability among data generated within the healthcare domain. By leveraging standards such as HL7, it is feasible to develop interoperable solutions across different hospitals. However, the existing data storage methods, which predominantly rely on centralized servers, require careful redesign. This includes revisiting the mechanisms provided for data access.
The proposed architecture aims to deliver a comprehensive framework for managing authentication in a decentralized manner while also considering the decentralized data solutions discussed in the preceding section. The objective is to validate this approach by providing insights into the mean response time and a thorough security assessment of the protocol.
The use of DID is not a directly applicable choice in the medical domain due to complex interaction. Moreover, authenticating with SSI poses significant challenges within decentralized applications due to the requirement for signature verification on the credentials, which cannot be performed on-chain without revealing user data. These concerns become more critical when using public blockchains such as Ethereum.
Our architecture aims to provide all the advantages of SSI while incorporating a novel authentication mechanism based on NFTs, specifically an extension known as Soulbound Tokens (SBTs). SBTs are designed to bind tokens to their owner, thereby leveraging the benefits introduced by NFTs.
To analyze our system, we divide it into two main phases: the enrollment phase, depicted at the top of Figure 1, and the authentication phase, shown at the bottom of Figure 1. Before going deeper into analyzing these phases, it is necessary to clarify some technical aspects related to our architecture.
Fig. 1. System Model: enrollment phase (top figure) and authentication (bottom figure). HL7: Health Level Seven; IoT: internet of things; Pods: personal online data stores; SBT: soulbound token.
Credential verification is complex to on-chain; for this reason, we adopted a hybrid approach, where identity is verified off-chain, and then an SBT is released using a private blockchain, such as Hyperledger Besu. Needs for a private blockchain come from the need to guarantee a user’s privacy when performing on-chain transactions.
The architecture has been deployed on a private blockchain using Hyperledger Besu, composed of four nodes as part of an experimental project. This setup is easily scalable because we only use blockchain to release SBT. In the employed Proof of Authority (PoA) consensus mechanism, the validators, which are nodes authorized to mine blocks, are pre-authorized by the blockchain owner.
Each block is validated by one of these pre-authorized nodes. Hyperledger Besu supports various PoA schemas, including QBFT, IBFT 2.0 (Istanbul Byzantine Fault Tolerance), and Clique. For the purposes of our project, we selected QBFT due to its ability to ensure the privacy of transactions, which is essential for implementing a privacy-aware oracle based on Chainlink infrastructure. These transactions are secured and accessible only to the parties involved. The scalability of PoA is advantageous, as it supports network growth without significant performance issues. Security and trust are enhanced because validators are trusted entities, reducing the risk of malicious activity and ensuring credible issuance of SBTs. We selected the QBFT schema within PoA for its transaction privacy features, crucial for our privacy-aware oracle using Chainlink infrastructure. Overall, PoA’s efficiency, scalability, security, and privacy make it an ideal choice for our SBT deployment.
The need for an enrollment phase arises from the complexity of creating a timely procedure for authenticating users within the system. Authentication based on DIDs requires verification of credentials and the generation of verifiable proofs by the holder, which can introduce overhead. Additionally, these processes cannot be applied to a public blockchain as previously described.
In our proposal, the first phase involves nine steps to deliver an SBT to the user. During this phase, the user shares the SSI credentials and receives an SBT. The procedure begins with the holder requesting an SBT release from the hospital. During this request, the holder communicates their DIDH, which, in our case, is a did:eth (decentralized identifier:Etherium) method identifier, to ensure compatibility with the Ethereum blockchain. Such DIDH is associated with a DIDDocumentH through the use of the smart contract previously registered. The hospital forwards the request to the MedicalRecordSBT smart contract containing the same DIDH, previously deployed on the Besu blockchain. The function requestSBT then forwards this request to the Chainlink infrastructure, which handles off-chain communication with the external server.
As illustrated in Figure 1, during steps 4, 5, and 6, the requests follow the classical SSI trust triangle approach, where the verifier, which, in this case, is the ChainLink node, sends a request to the off-chain server, which generates a VPR. The users generate a verifiable presentation connected to that VPR and transmits it to the off-chain server, which performs credential verification. Once the validity of the transmitted credentials is confirmed, a callback is executed on the MedicalRecordSBT, releasing the final SBT to the user. This SBT can now be used by the user to authenticate themselves on hospital-trusted platforms.
At the beginning of the authentication, the patient already possesses an SBT representing their identity within the hospital. This token is used to authenticate the user and access personal data stored on the POD. The entire procedure is managed through the SBTAuthorizer smart contract, which contains references to the issued SBT and is capable of performing the authentication process. This smart contract also includes metadata related to revoked tokens and roles within the system, allowing the hospital to revoke access if a user loses ownership of their wallet.
Similarly to the patients, the internet of things (IoT) devices and the doctors will access the data spaces by using a decentralized approach. As described in Ref. 14 and in Ref. 15, both doctors and IoT device can implement this kind of authentication using SSI. In particular, the doctors will manage authentication through the use of the HSM as a mechanism for reducing time needed for authentication, while IoT devices can leverage physical characteristics, such as Static Random Access Memory (SRAM), or electrocardiogram in order to create a private key used in the SSI wallet generation. Finally, the proposed architecture separates the authentication process from data storage.
The proposed approach also includes a novel decentralized data storage system, which is fully compatible with the proposed decentralized authentication mechanism. Solid, a relatively new framework, aligns with the user-centric data storage paradigm by empowering users to take responsibility for the data produced by applications. In this specific use case, this pertains to the medical data generated by both IoT devices and analyses conducted by doctors. Solid offers a well-structured method for storing data, utilizing knowledge graph technology. This representation is fully compliant with contemporary data representation mechanisms in the medical domain, such as HL7, which provides a well-documented ontology. This approach enhances the compliancy with respect to GDPR by promoting decentralized data storage, where users can manage data produced by IoT devices, without any copy on external servers.
To evaluate the quality of the proposed architecture, we mainly focus on the cost for the deployment of the solution in terms of fee for the execution of a smart contract. For the evaluation of our proposal, we deployed a Hyperledger Besu Docker image equipped with QBFT consensus over an iMac 3.3 GHz Intel Core i5 6 cores equipped with 16 GB 2667 MHz DDR4.
To implement our solutions, we deployed five smart contracts:
As reported in Table 2, the smart contract deployment is the most expensive operation, together with SBT minting, needed to generate and release the SBT to the user. Operational requests are required to setup the entire environment and refer to the mapping of created DID to the internal registry containing the roles. The gas estimation offers insights about the complexity of the operations involved by the smart contract, but the costs will depend by multiple factors such as occupancy of the network, fee required. By assuming a cost of 3 gwei per gas needed, which is in-line with normal cost of Ethereum blockchain, it is possible to make an estimation over the total cost of the different operations.
The deployment phase is executed only once at the adoption of the system while enrollment and SBT Minting operations are executed for each new patient belonging to the system. A total cost below $30 per new user in the system is reasonable for the advantages introduced by the proposed approach.
No cost is provided for the authentication procedure, which only consists of reading data from the blockchain, without requesting any additional fee.
The overall time for the enrollment procedure is about 16.03 s on average; the greatest part is spent verifying credentials (12.54 s). That is the main motivation that led us to move to a fully decentralized and on-chain approach. With our proposal, it is possible to authenticate now using the SBT and by only checking the presence of the SBT on the MedicalRecordSBT smart contract.
With the current research, we tried to reduce the overall time needed for authentication by providing an on-chain verification method while preserving the privacy of nodes and all the advantages introduced by SSI. The overhead introduced by the proposed architecture is relatively low, considering that the enrollment phase is executed only once for each user, and the authentication phase is reduced to a single call to the smart contract. Moreover, the system is strictly based on the blockchain and on the asymmetric mechanism behind the blockchain. SBTs increase security by leveraging a cryptographic wallet, which stores the private key associated with the public one.
In the future, we plan to enhance our evaluation of the proposed methods by integrating provider access into real-world scenarios. By incorporating provider access, we will be able to simulate more complex, multi-stakeholder environments, which will offer a more comprehensive assessment of our approach’s effectiveness in practice. This will allow us to better understand the real-world impact on medical data security and privacy. For example, in a diabetes use case, provider access would enable healthcare professionals to interact directly with patient data stored in Solid Pods while also contributing to and benefiting from a distributed machine learning model. This added layer of provider interaction is essential for validating the scalability and practicality of our architecture across various medical use cases.
Mr. Boi contributed to the conceptualization of the system, the evaluation of the system, and the writing. Mr. Cirillo contributed to the conceptualization of the system, the state of the art, and the overall writing of the paper. Mr. De Santis contributed to the conceptualization of the system and the writing of the paper. Dr. Esposito contributed to the conceptualization of the system and the review of each draft.
All authors have approved the manuscript and agree with its submission to Blockchain in Healthcare Today.
Contact the author.
Artificial intelligence and related technologies were not used in the preparation of this article.
This work was partially supported by project SERICS (PE00000014) under the NRRP MUR program funded by the EU—NGEU and by the project “DHEAL—COM-Digital Health Solutions in Community Medicine” under the Innovative Health Ecosystem (PNC)—National Recovery and Resilience Plan (NRRP) program funded by the Italian Ministry of Health.
DID: decentralized identifiers/identity
did:eth: decentralized identifier:Etherium
DIDDocumentH: digital identity document (holder)
DIDH: digital identity (holder)
eIDAS: electronic Identification, Authentication and Trust Services.
GDPR: General Data Protection Regulation
HIPAA: Health Insurance Portability and Accountability Act
HL7: Health Level Seven
HSM: hardware security module
IBFT: Istanbul Byzantine Fault Tolerance
IoT: internet of things
IPFS: InterPlanetary File System
NFT: non-fungible token
PoA: proof of authority;
Pod: personal online data store
PoW: proof of work
QBFT: Quorum Byzantine Fault Tolerant
RejSBTs: rejectable soulbound tokens
SBT: soulbound token
SRAM: Static Random Access Memory
SSI: self-sovereign identity
SSS: Shamir’s Secret Sharing
T&C: terms and conditions
VCs: verifiable credentials
VPR: verifiable presentation request
W3C: World Wide Web Consortium
ZKP: zero-knowledge proof
Copyright Ownership: This is an open-access article distributed in accordance with the Creative Commons Attribution Non-Commercial (CC BY-NC 4.0) license, which permits others to distribute, adapt, enhance this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited, and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0.