 So my name is Marc Spanbroek and my colleague Marcin Czenko. We're both from Philips. And we wanted to talk to you about our project called Kogito. And before we go off and show a really cool demo of it, a real live demo, we want to talk a bit about identity first. So what is identity usually? Identity can be things like your passport or your bank card or your website credentials. But there's a problem with all of these. And if you want to have a real privacy, you'll be really in control of your own data, then these will not suffice. I mean a passport can be taken away by your government if you do things that the government doesn't like. Your bank account can be closed by the bank. Your Google account can be closed by the big advertising company that it is. So we wanted to do something better. We wanted to have an identity that really is a good basis for privacy. So we took a clue from what is happening in blockchain lands, but also already before that in PGP. We wanted identities based on public-private key pairs. So basically what it means is you generate your own public-private key pair. It's yours, you create it. So public key becomes your identifier, and your private key is the thing you use to prove that you are really owner of that identity. So that's all very cool. I mean, you should be standing on this side. Okay, I always like pointing to stuff, but apparently I'm in the way. There's a problem with these identities, and therefore we have to talk about UX. And one thing maybe to add to what just Mark mentioned is that using public-private key pair for identifying people is nothing new. There's even key signing activity going on, and false them of course, and maybe people know that. And PGP, which was kind of the paper from Zimmerman dated in 1991, is something that everyone who is dealing with security and privacy knows. But the problem with public key cryptography and any kind of cryptography and privacy in general is that it's overwhelmingly for average user difficult to use basically. So I think if you see what's happening with Zimmerman's paper, it's kind of updated every couple of years. I think with checking what the society speaks about privacy, how society adapts to it. Are we ready to use it or not? But in general, even people that are more technically oriented and try to use PGPs, just for signing their emails and sending maybe simple content encrypted, I was doing it for many years, may find out that it's in some way cumbersome and still difficult to use. That's why people are actually not using it. So all those things related to PGP are often just failed because of how user experienced them. And how difficult is to use them? And we see the same thing happening in the blockchain space. I have here two examples of identities in Ethereum. As you can see, there can be quite overwhelming user interfaces. So basically every time you want to use blockchain, for instance, for also something that is not related to sending money and sending Ether and sending Bitcoins, every time you still, in almost every tool that people have to use, you are bumped with this kind of information that are for general user completely irrelevant. And as mentioned already, we come from Philips, so we do lots of health care things. So of course those things are rarely related to applications that we do and not related to smart contracts that we want to execute. So things like this, just making people sometimes wondering what the heck is this thing telling to me, basically. We made some prototypes and we showed it to doctors and they said, what's this? Why do I have to pay money for this even though there was no money involved? But the user interface was really confusing. So basically the two problems, the first, user experience is crucial. And I think there's lots of technology and lots of knowledge out there that can be just actually taken and used. But UX sucks for many of the products nowadays. So one of the things we want to improve is UX so that people can experience difficult security things in a much easier way. The second problem with PGPs and general publicly cryptography is, as you probably know, key distribution. And as user experience makes it often fail for users not to understand that key distribution make it hard from technical perspective and make it even harder for users because they have to take care for the keys. They have to understand what doesn't mean to share the keys, where to put it, which kind of key server to use for that. This all makes it unusable for general public. Which is why we started creating Cognito. Yes. So we started a bit with blockchain initially but we very soon realized that application of what we do and what we improve over blockchain can actually be generalized. So we're trying to develop something that we call now identity framework. And this identity framework is set of building blocks, components, things that you can take off the shelf, open source, and use them to build your own security solutions. So shall we just show it to them? Yeah, let's show what we have currently. So let me show you this first. So we have a demo application. This is really for developers because we're still in that stage, right? We want to get developers interested in adopting Cognito. Therefore, we made a demo application where you can see all the facets of what you can do with Cognito. And the first thing, of course, is identifying yourself. So we'll start with that. As you can see here, left-hand side is a web application. On the right-hand side, it's actually my phone. Let me unlock it. So this is my phone that I have here in my hand. I'll share it on the screen for you to see. Now, the first thing we're going to do is we're going to read the identity that is on my phone. So let me start with that. It asks me to scan the QR code. I hope you have network on your phone. Yeah, and this QR code is really small on this resolution. Good, there it is. So as you can see, it read my identity. Here, because it's for developers, it also shows this address. This is basically the derivative of the public key. But it also shows the name that I have here on the screen. The cool thing about Cognito is, of course, that you can have multiple identities, right? I mean, now I just have one, one identity called Mark. But I could create another one. For instance, especially for the purpose when I'm at FOSDEM, it asks for my touch ID, so it stores it safely. And I can switch between these two identities now. And I can choose which one I present to the website. And you can show QR code, basically. I'll read the other one as well. I can take my phone to the same. So one important thing here is that you see this identifier that you see as your identity is very often everything that service provider needs. So we also, with identity, the way we once approached it, we once also addressed, like, two cases from the user perspective and the service provider perspective. So from user perspective, there are often cases when you just want to have account on a service, use the services of the service provider, but you don't want to be bothered with what's your name, what's your email, what's your other things that you absolutely know are not relevant to the service. And even more, the service providers, they absolutely don't care about who you are, really. Sometimes they really only need to distinguish you from another user and then add on additional packages and options later when you want. So this identity is normally for service provider enough to provide you a service and add later things to you when they need it, basically. And the cool thing is we just logged in with passwords, right, so really quick, really intuitive. We think it is a good UX. But of course, this is not the only thing we can do. I mean, just identifying ourselves is nice. But for instance, one of the things we were really looking for is to be able to do blockchain transactions. Because we made a lot of prototypes around blockchain, we wanted to have an easy way for our users to execute a smart contract. So to show this, we have a very, very, very simple smart contract. A smart contract is a bit of code that lives on the blockchain. And this smart contract, all it does is keep track of a single value, a number. It's currently zero, and I can increase it by five. That's it. But the thing is if you do something on a blockchain, you always have to sign it. And therefore, we use the keys that are now on the phone. So I'm going to click this increase by five button. This will trigger execution of the smart contract. And on my phone, it now asks, do you really want to sign this transaction? And it's really just a simple accept-reject kind of thing. I'll just say sign here. And it also says from who is it coming to, so that you'll be using this identity to do that. So you can switch identity and sign as different identity, different blockchain transactions with full separation between them. So we just increased it. As you can see, the value is now five. And it was that simple. If you've ever done anything with Bitcoin or Ethereum, then you may know that there's always the case that this is so simple. We really tried to make it really, really simple. So simple concept, basically. The keys, publicly cryptography, compatible with Ethereum and blockchain signing, they live on your phone. They never leave your phone. What just happened, the keys didn't leave the phone, right? Yes. So the sending request was sent to the phone and the phone signed it with the keys on there and sent back the signed transaction. Exactly. Okay, but now that we have keys on the phone, we can do more cool stuff, right? Not just signing. Yes, and this is something that many identity, I think management approaches a little bit, means once you have those keys, it seems to be just automatic that you can sign things. But you can also encrypt and decrypt content. So you can start doing end-to-end encryption at your own discretion with your own identities that you want to use. Yes, yes. So here's an example application here. I'm going to encrypt something for myself, which is not, like, the most interesting use case you could think of, but it makes for an easy demo. So I'm going to type some secret text here that nobody is allowed to know. And I'm going to type, and I'm going to click Encrypt here. And as you can see, there's now no interaction happening in the phone, but it is encrypted. So the original text disappeared on the left-hand side. Encrypted text is on the right-hand side. Which is standard for public key cryptography. Under Encrypt, you don't need to do anything special. You need to have public key. But we are connected with the phone, so we have access to publicly associated to the private key for your identity. But now if we want to decrypt it again, then we need access to the private key. And, of course, we're never going to do that without asking the user first. So let's click the Decrypt button. And now it asks you for my touch ID to decrypt it. And there it's decrypted again. So Antoine Encryption made really, really simple. That's what we aim for. Yes. And based on those things we can build more sophisticated things. We will see more stuff from us coming soon. But for now what we want to, when you leave here, we want you to remember two things. So Cogito Identity Framework is open sourced. It's hosted on GitHub. From Philips is maybe a bit a special thing. Philips doesn't have good history in open source, as you probably know. But we are changing that. So there are more and more stuff coming from us. And this is one of the things. So Cogito is an open source software. You can find it in the repository. Number of packages, building blocks that you can use to start building identity solutions. And what we just shown is one of the things in the repo that we have there. And you can immediately start playing with it. So you can do the same demo we did here on your own. Everything is included and documented. And we hope to develop more solutions based on this and get Cogito slightly more popular and encourage service providers, especially to start using it to give users access to their services based on their sovereign identity and not the identity that you get from open identity providers like Facebook or Google problem. I think that's our talk. I think this is what we want to share. And we are ready to answer some questions. We have one minute to answer the questions. We'll be here around, of course. So we have time for one very burning question and then 30 minutes to answer it. And then the rest of the questions that you might have, the guys will be outside for you to talk a bit further. Thanks a lot for your talk. What I've been missing is how the private keys are secured. What you showed is anybody who can unlock my phone has access to my private key. If I lose my phone, my identity is lost. So there are lots of questions that land answers in this call. Correct. Very good question, by the way. So currently as you saw the key was protected by your fingerprint. So you still need your fingerprint and able to do any thing or a decryption. For whatever it's worth, I know. But as for losing your phone, currently at the moment you are correct. If you lose your phone, you lose your identity with the current system. But we are looking at ways of making this recoverable. I think that concludes our time. Thanks for the question. Perfect. We're in time. Thank you very much.