 Good morning everybody and thank you very much for attending this event and allow the United Nations Joint Staff Pension Fund along with the United Nations International Computing Center to make a presentation today about blockchain, biometrics and geolocation, the implementation of innovative technology at the United Nations Joint Staff Pension Fund. My name is Dino de Lathrom, the Chief Information Officer of the United Nations Joint Staff Pension Fund and today I will be presenting this project along with my colleague Shanshan Gray, Chief Technology Officer of the United Nations International Computing Center. The United Nations Joint Staff Pension Fund is an international organization part of the United Nations that has 131,000 active participants and approximately 80,000 retirees and beneficiaries and is composed of 25 member organizations with a market value of asset as based on the last audited financial statement of $74 billion. This is the public announcement of our solution which is called Digital Certificate of Entitlement which was published on our internet website at the beginning of 2021 when we went live with this solution. So very briefly I'm going to walk you through the business problem that led to the development implementation of the solution and then I will let my colleague Shanshan Gray to speak a little bit more into details about the technical aspect of this solution. Fundamentally what we had to address was a paper-based process, the ASDIS process, which required our 80,000 retirees and beneficiaries located in 195 countries around the world once a year to sign a return a paper-based form to attest, to certify, to confirm that they were alive in order to ensure that they were able to receive benefit that the UN pension fund on the regular basis. So it was an issue of demonstrating and confirming proof of existence by signing a paper-based form. What we did, we transformed this paper-based process into a digital process by developing an application that our users, our beneficiary retirees can download on their smartphone and complete this process in a way where there is no additional action or task required to be taken manually. So basically in the past we were receiving this paper form through mail posts and now instead we're receiving this certification attestation through a digital application. So in terms of the challenges that we had at the beginning when we tried to address this process we fundamentally identified four requirements, four challenges. One was to prove the identity and to authenticate our users. The second one was to provide for a mechanism to confirm the proof of existence. The third one was the proof of transaction and the fourth one was the proof of location because the location was also in an element that with particular regard to specific benefit it was a required element of the process. So here we have graphically depicted the past with the future. So the current process which is still available for those who don't want to take advantage of the digital version of the process is to continue to submit a paper-based form. On the right side instead you can appreciate the element of the new solution which is based on a smartphone, on a mobile application, on the biometric mechanism to recognize user-to-facial recognition and on the use of the blockchain platform to record in an immutable manner the transaction that are taking place during the process in order also to provide ease of use, security and trust. So just to make some reference to the fact that this solution was developed in accordance also with the strategy of the United Nations Secretary General for the adoption of new technology which ultimately are intended to support the deployment and the implementation of the sustainable development goals of the United Nations. Furthermore we also saw how critical was the development implementation of this solution vis-à-vis the history of automation of the United Nations itself. On the left side of the screen that you can see we included the picture of the first mine frame that in 1965 was installed in the U.S. Secretary of Building of the Headquarters in New York. We put in the center the digital certificate of entitlement because in turn this application, the technology that will be illustrated in more detail by my colleague from the ICC actually led to a new initiative for the creation of the United Nations digital identity to be used and applied to all the staff member of the whole entire UN system. So how and what we try to address with a digital see? Well first and foremost I think it would be important to make reference to how we decided because as we know definitely the blockchain is a revolutionary technology that is being bringing benefit to many area of the if you will activities and business and government services. However we are also aware that definitely blockchain are not a solution to all problems. So here we just made reference to the World Economic Forum that provided a decision tree on how to determine whether and how and when the blockchain indeed is a solution that could address certain problem and in a better way than other. So we just wanted to make reference also to our decision process how we went about it. So first and foremost the blockchain was used to provide proof of identity characteristic of providing a mutable and independently audible and feasible mechanism fundamentally a triple entry distributed ledger. Second we needed to provide proof of authentication and we accomplished that by using facial recognition technology which we designed in a way that this data will be stored only and exclusively on the device of the user in order for them to be authenticated and for that transaction the creation of the biometric profile to be also recorded on the blockchain. And in addition we also took note of the fact that for certain type of benefit we also needed to capture the proof of location and we accomplished that through the use of the global positioning system technology available in many other modern smart form. We created a step by step process for our user which is available on our internet and they can download at any time. We also created a demo video which is available on YouTube for those who are more interested in looking at the details there is a complete demonstration of how the solution works. We received some very important knowledge mental recognition first and foremost from Gartnet that publish a case study on our solution as well as from an industry specialized publication investment at pension Europe. We conduct the proof of concept and pilot project with specific objective and principle that are depicted on this chart such as innovative and secure technology provided by a reliable application establish technical feasibility and the pilot that was based on biometric information to reside only on the device of the user adoption of secure technology and also to implement the pilot to prove the viability of the solution. The pilot project was conducted in several countries in 48 countries and basically the successful result led to the implementation into production in January of this year. We referenced many international standards of best practices for security many from the for example the ITU but also from the ISO standardization organization control domain that we took from the technical specification published the ITU that we use for the cybersecurity assurance as well as we conducted an identity privacy assurance vis-a-vis the fact that we store biometric information the device of the user. So I leave now the floor to my colleague Shanshan Gray chief technology officer at UNICC that we walk you through on the technical aspect of the solution floor is yours Shanshan thank you thank you very much Dino and hopefully technology is working and my slides can be seen yes they can so a very short and quick intro to ICC we are a 50-year-old organization and as you saw in the picture that Dino had shared you know it all started with a main frame and ICC was actually created to 50 years ago by the UN General Assembly you know the big tall building in New York to actually operate this main frame just an administrative fact that we actually all UNICC staff belongs to the World Health Organization and as part of the UN family obviously we are a not-for-profit cost recovery IT organization here's a bunch of stuff we do this is pretty much standard as any IT operation system integrator shop does our uniqueness is that we do operate the UN systems private cloud as well so in and that's important because of the fact that UN enjoys certain privileges and immunities over the national laws so this is an extrajudicial private cloud that we operate right now on to the technical solution and as Dino was mentioning the user blockchain the mobile app and and the whole she bang over there from a user perspective the way this works and that's the I can then talk about the underlying technology is we expect the beneficiaries or the users of the pension fund to download an app from the app store Google or Apple once they download this app they're undergoing onboarding process where they provide certain information they are given an verification code for us to ensure that they are really the beneficiaries of the pension fund and then they actually take what I would simply say they try and take a selfie so they hold the phone in front of their face and they take a picture now in that process of 8 to 10 seconds is when we build their biometric profile of the user and that profile as Dino said because of the principles laid by the fund for us that it should not leave the mobile device of the user it should be totally in users control is actually created and stored securely on the mobile phone itself once this biometric profile is created they actually submit in a proof of a national ID and schedule a call with one of the pension funds call operators now this whole call operator business is something new which came in during the covid deployment of this whole solution during the pandemic as you are deploying this solution out because clearly with all the restrictions in place we did not want the beneficiaries the who would obviously be 65 years or over in age to actually travel to a UN office for formal verification purposes so we built in within the mobile app itself a solution whereby they can have a video call with the funds call center and the funds call center the operators can look at the person they are talking to look at this profile picture that's been taken look at a government issued ID card that the beneficiary has scanned in and sort of matching all of these three things confirm and finish the onboarding process for the beneficiary once this confirmation is done the next step is the actual issuance of this digital certificate of entitlement and for that what happens is the beneficiary again opens the app they the app actually creates a bio or compares their biometric profile with the one that's already being verified and is stored on the app itself upon the successful verification of the biometric profile the app also prompts the beneficiary or the person using the app to change their facial features now that is important because we wanted to ensure that you know nobody's holding a static photograph in front of the phone for just biometric verification so we do a proof of liveness check as well and that as dino had mentioned earlier is one of the important things for fun because that is one of the factors based on which pensions are disimbursed to the beneficiaries so we basically do a liveness check by asking the person to change their facial expressions which are then again matched using the deep neural network algorithms sitting on the mobile phone itself with the mobile app itself and all that if that transaction is successful then all that information we send back to the back end if you see overhead the point number two is to sort of record in the blockchain that the beneficiary had successfully passed the biometric and the liveness check and in case of particular use case their location information as as dino mentioned again the location information is important for the fund because in certain cases the pension renumeration is dependent upon the local currency and and sort of local currency adjustments are done by the pension fund to disimperse the pension so that location is very important so people are living in the location they promise to live in from a tech stack point of view obviously we are speaking in the hyper ledger forum here so we are using the hyper ledger set of technologies the underlying blockchain is hyper ledger indy and it's been an interesting journey for us also from a tech point of view so we started this project about a couple of years back a tad bit more i would say and at that point in time the shape of indy versus what how indy ares and ursa the whole ecosystem looks like was very different in fact as dino mentioned when we did the the business proof of concept it is from that point on actually ares was born as a project removing the whole wallet piece out of the underlying indy chain so we had to adopt that whole technology change as well in flight so we are using indy today the wallets as they stand are stored on our systems so they are what typically a commercial provider will call cloud wallets and then we have sort of got the whole shebang of security to ensure that only authorized programs during verification process can unlock these wallets and issue credentials for the purpose of this project we have two sets of issuers one from the front side and one from icc to actually have the onboarding process and the dc issuance those are the credentials that we store in the wallet we do not store as i said we do not have access to the biometric information so obviously we have no way of storing it the future plans do include as we work on what is called the un digital id solution again dino alluded to in one of his slides as we are looking to move this across the whole of un as a decentralized id solution for un staff the future plans are to then push the wallet into the mobile app of the user right i think i've i've sort of covered yes of course then then from a tech point of view there is another important layer which is we built a whole for lack for better description i would call it a middleware between the underlying blockchain the the agents and the wallet's business and the mobile app and and that's basically a Django application that we have built which covers all the workflows the management of for the fund there's some unique terms you see over here the spc secretary so these are the people who work within different un organizations and are responsible for helping the people who are retiring from these organizations into moving into the pension fund so so we built a whole web application solution for them to really from both as a beneficiary point of view where you're interacting with the mobile app and then also as a fund administrator point of view to sort of really ease out and smooth out this whole blockchain business so from from a user perspective this is totally transparent they don't understand that this is all going in a chain what transactions are recorded and how they are recorded for them it's it's an app or for the administrator it's a website which has you know administration features right as i've walked through most of this so i'll not spend time you know going through this as i said the agents are sitting over here in the cloud layer with the wallets the mobile and the app for the fund representatives as well as the vanish fishery and the whole decentralized id layer using hyper ledger indy over here as we speak we've got roughly 9 000 beneficiaries around the globe who have already resisted within the system and roughly 3000 successful dcs issued since the launch and the general availability was roughly in in february so february march april may in four months that's the kind of adoption technical challenges apart from all of the getting all of this technology working together trying to adapt the solution in flight was the fact i would say the most challenging bit was to get the mobile app correct for anybody who is over 65 to use and and i think that was i think the most important or most complex bit for us to achieve but then again working with the friends communications team i think that was very well handled where we were able to pass on to the beneficiaries exactly how to use the application and how to sort of go about getting their dcs visual circuit or entitlements achieved just as a side note we are an associate icc is an associate member of hyper ledger and the linux foundation so we joined the foundation about three years back again as we started exploring the blockchain technology to be applied within various social development sectors as dean organ alluded to the technology is quite transformative it can bring in a lot of changes in the in the social development sector and as we look at sustainable development goals we do all believe that the technology that the decentralized or ledger technology distributed ledger technology or blockchain technology can play a really really transformative role in the whole process i'll just pause here in case there are any questions being cognizant of time as well i don't see anything in my chat window yet otherwise i can sort of talk a bit more on on the technology side of of pieces again as i said the whole change for us when when the aries agent was introduced the aries piece was introduced was to change the solution to start looking at how wallets would interact with each other and and how the agents start interacting with each other fii from a cloud agent point of view we are using akapai and and that's the sort of the cloud layer which is interacting between the agents the in the initial rollout and again the technology was not there at that point in time when we went live the whole edge wallet piece was quite immature we've started working with the broader community on the edge wallet piece we started as i said for the u and digital id project we're looking at it and also for the pension fund project now the edge wallet we started working with the react native framework which now but now standardizing upon the aries javascript framework and actively participating in the development of that for the community so that the edge wallets can be developed and we can actually try and push the wallets into the mobile phones this itself will bring in its own set of challenges especially we will we know we do know people will change phones people will lose phones and we have to figure out on on how to manage those pieces uh i do see a few questions so maybe i can pause this and and and we can have a look at this right so jakub the question is what technologies software provider are using for liveness verification so very quickly both the biometric piece and the liveness freeze because of the unique requirements to keep it one on the mobile phone itself to really to provide complete auditability to the pensioners and the fund that you know it does as they say it does what it says on the tin we have developed a custom solution uh so we've we've looked at some deep neural network algorithms uh which do liveness check and based on these deep neural network algorithms the team actually took those algorithms ran them through different training models looked at the tensorflow light outputs of those training models and then wrapped them around our react native uh framework uh we we are getting these works audited uh specifically because a lot of times with these i don't like the word ai but ai models uh bias is always a factor especially based on the training data it seems that shanshai has some problem with the with the audio uh maybe if i can try to address the question i'm answering some of the question on the chat the the question that i'm currently answering the one from oliver vis-a-vis who are the parties who are part of the consortium hosting the nodes basically just to confirm that the nodes are hosted by the united nation international computing center so it's within the system also for us to ensure that all our system are protected by the privileges immunity of united nation shanshai i see that you're back online if you want to continue thank you sure yeah and yes so all it's it's a permission to chain that we're running currently within the un ecosystem for just the un entities uh so back to your coops questions on uh liveness verification hopefully that answers that uh do you have any protection against gps poofing no we particularly uh we're using fairly what standard protections against gps poofing come in which is you know looking at if you've got uh apps installed which allow you to fake gps locations etc i think i must clarify and and dino can jump in here as well from a business context point of view uh this is this was this was a topic we discussed quite in detail from a business context point of view there is a very limited uh element of the beneficiaries who need i'm afraid that uh my colleague has some connection issues i believe that they you probably cannot hear him uh so if you will like to continue to see this 10 38 a.m i'm trying to address the question on on the chat so if you will like to submit your question please do so i'll try to do my best to answer you know and yeah i apologize but again yaku hopefully uh at least in terms of answers you've got the answers you were looking for all right i am still looking at the question and answers window i do not see any further questions at the moment and i can see satish the question you'd asked dino has already type in his reply so no we're not looking at any uh sort of uh crypto-based what do you call payments at the moment yeah dino we can hear you so there's one more question from yaku about that the current mobile app is just a light client accessing the cloud wallet yes uh you're right the today the the mobile app will i i will slightly shy away from calling it light because the app itself does quite a number of things but in from a pure blockchain point of view yes we are using cloud wallets and the app basically talks to the cloud wallets or i should say it actually talks to the back end and the back end then talks to the the wallets which are running in our data center right uh any other questions do you store any biometric information the cloud no we do not store any biometric information in the cloud it is stored on mobile app itself it's encrypted using the hsm modules of the of the mobile itself so it's not even an option we don't we don't want to bring in this solution we don't want to bring the biometric information back to the to our back ends right um cliff i think uh we've reached the end of the time uh and leave it in your hands to close this