Cardano & Klüh Group: IAM Blueprint for the Security Industry. Klüh Group: 1bn+ EUR revenues, 59,000 Employees Across 49 Branches, 4,200 B2B customers

[GENERAL] Name and surname of main applicant

Tim Heidfeld

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Incorporated)

[GENERAL] Co proposers and Additional applicants

Felix Fiedler, CIO, Klüh Multiservices

https://www.linkedin.com/in/felix-fiedler/

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

5

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Summarise your solution to the problem (200-character limit including spaces)

Implement IAM to benefit Klüh & clients, enabling secure access to IoT buildings, areas, vehicles, and industrial systems under the principles of self sovereign identity using ZKP where possible.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

Yes

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

Project has dependencies on Apple and Google regarding app in store. We have done this succesful before.

[GENERAL] Will your project’s output/s be fully open source?

No

[GENERAL] Please provide here more information on the open source status of your project outputs.

The commitment to fully open-source our project involves navigating substantial legal complexities. Our goal is to maximize the open-source components of our project; however, the intricate legal landscape surrounding permissions, licenses, and intellectual property rights precludes an unequivocal guarantee of this objective. Legal constraints may limit our ability to open-source certain elements, although we are dedicated to upholding the principles of open-source development as extensively as possible.

[SOLUTION] Please describe your proposed solution.

A. What is the solution

1. Novel Real-World Application: Klüh pilots Cardano blockchain for global identity and access management, reducing costs, enhancing customer experience, and minimizing fraud for employees, visitors, and partners
2. Cost Efficiency: Utilizes smartphones and biometric technology, significantly lowering expenses compared to traditional systems involving keys, NFC cards and scanner
3. Decentralized and Self-Sovereign Identity: Empowers users by giving them control over their digital identities, contrasting with centralized identity model
4. Enhanced Security: Biometric data, such as facial recognition, cannot be transferred or lost like traditional keys, reducing fraud and unauthorized access
5. Lost Key Solution: Biometric authentication eliminates the risk of lost physical access token
6. Regulatory Compliance and Auditing: Streamlines compliance with stringent regulatory requirements and provides detailed audit trails for sensitive sector
7. User Lifecycle Management: Simplifies onboarding and offboarding processes, ensuring efficient management of access right

B. For what areas will it be used

1. Single Sign-On (SSO): SSO allows users to log in once and gain access to multiple systems without being prompted to log in again at each of the
2. Multi-Factor Authentication (MFA): MFA adds an additional layer of security by requiring users to provide two or more verification factors to gain access to a resource. 
3. Identity Governance and Administration (IGA): IGA involves the management of digital identities and their access rights, ensuring that the right individuals have the access they need at the right times and for the right reason
4. Directory Services: IAM provides centralized directory services where user information, such as credentials and access rights, is stored and manage
5. Compliance and Auditing: IAM systems help organizations comply with regulatory requirements by enforcing access policies and providing audit trails of access event
6. Onboarding and Offboarding: IAM streamlines the process of adding new users (onboarding) and removing access for users who are no longer part of the organization (offboarding). 
7. Consumer Identity and Access Management (CIAM): CIAM solutions manage identities and access for customers accessing online services and applications. 
8. Risk Management: By monitoring and analyzing user activities, IAM systems can identify and mitigate potential security risks, such as unauthorized access or suspicious behavior patterns. 
9. Secure access in critical infrastructure: The KRITIS-DachG requires stringent security protocols for critical infrastructure, highlighting the importance of robust smart access systems. These systems, incorporating Identity and Access Management (IAM) with biometric authentication, ensure secure, efficient, and controlled access to sensitive areas. IAM with biometrics provides higher security by verifying individuals through unique physical characteristics, reducing the risk of unauthorized access and enhancing protection against intrusions. NIS2UmsuCG underscores the necessity of cybersecurity in essential services. In high-security environments, IAM solutions with biometric authentication are crucial for meeting these standards. They provide secure authentication, continuous monitoring, and audit capabilities to prevent breaches, ensure compliance, and improve overall system resilience. Biometric authentication adds an additional layer of security by ensuring that only authorized personnel can access critical areas, thereby enhancing the integrity and reliability of the security infrastructure.

C. For what kind of access will it be used

1. Corporate-owned endpoints (computers, laptops, smartphones, tablets, and other network-connected devices, POS systems, routers, firewalls, workstations, printers)
2. On-premise network (routers, switches, firewalls, WLAN, file server, database server, application server, storage systems, DNS servers, intrusioin detection, virtal 
3. On-premise databases 
4. On-premise data center servers 
5. Employee-owned endpoints / BYOD 
6. Cloud based databases 
7. IoT buildings, doors, areas, vehicles, objects (Access control, buildings, office, storage room, energy management, heating, ventilation, air conditioning, lighting, locking systems, residential buildings, hotels, offices, security areas, vehicle access and start, fleet management, personalized settings in vehicles, production facilities, manufacturing industry, machinery, production processes, medical devices.)
8. Industrial control systems

D. Value to Klüh

1. Cost Reduction: Significantly lowers operational costs by replacing traditional systems with a biometric-based approac
2. Improved Experience: Enhances interactions for customers, employees, and partners through streamlined processes
3. Security and Fraud Prevention: Minimizes risks associated with unauthorized access and fraud
4. Compliance and Auditing: Enhances ability to meet regulatory demands and perform thorough audit
5. Business Process Enhancement: Integrates advanced technology to refine organizational workflow
6. Revenue Opportunities: Positions Klüh to offer this advanced solution to clients, particularly in heavily regulated industrie

E. Benefits

1. Traction: Piloting Cardano blockchain technology with a multinational enterprise
2. Generating Revenue: Transactions on Cardano generate fees, which contribute to the blockchain’s revenue and support the ecosyste
3. More rewards for Stake Pool Operators: More transactions mean more rewards for those who operate and maintain the Cardano network, encouraging their continued support and participation
4. Blueprint: We’re creating a model (blueprint) for identity verification and IAM that others across various industries can follow, proving Cardano's versatility and reliability
5. Attracting New Interest: As we demonstrate how Cardano can handle identity and access management, more organizations and investors will be interested in using and supporting the Cardano ecosystem

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

A. Positive Impact on the Cardano Community

1. Decentralized Trust: Our project places a trust anchor on Cardano using decentralized identifiers (DIDs)
2. More Transactions: Creating DIDs means more transactions on the Cardano network, which helps to test and improve its capacity and performance
3. Attracting New Interest: As we demonstrate how Cardano can handle identity and access management, more organizations and investors will be interested in using and supporting the Cardano ecosystem
4. Setting Standards: We’re creating a model (blueprint) for identity verification that others across various industries can follow, proving Cardano's versatility and reliability
5. Leadership in Blockchain: By leading in blockchain-based identity solutions, Cardano can set itself apart as a leader in blockchain innovation
6. Increased Network Activity: Every time a DID is created, it creates a transaction on Cardano, enhancing network activity and scalability
7. Wider Application: Our identity management systems are applicable in many sectors, expanding how Cardano can be used in real-world scenarios
8. Generating Revenue: Transactions on Cardano generate fees, which contribute to the blockchain’s revenue and support the ecosystem
9. Rewards for Stake Pool Operators: More transactions mean more rewards for those who operate and maintain the Cardano network, encouraging their continued support and participation
10. Funding Innovation: The revenue from increased transactions allows for reinvestment into community projects, driving innovation and development on Cardan

B. Measuring Impact

We will measure the impact of our project both quantitatively and qualitatively:

• Quantitative: By tracking the number of transactions, the growth in Cardano's network usage, and the increase in stake pool rewards.
• Qualitative: Through feedback from users and stakeholders on how our system improves security and efficiency in identity management.

C. Sharing Outcomes

We will share the results and benefits of our project with the community through:

• Regular Updates: Publishing progress reports and outcomes on our website and through Cardano community forums.
• Open Access: Providing open access to our blueprints and frameworks so other developers can build on our work.
• Community Engagement: Hosting webinars and participating in conferences to spread knowledge and discuss our findings.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

What is your capability to deliver your project with high levels of trust and accountability?

Klüh 

Klüh Service Management GmbH is an international multi-service provider comprising specialist companies in the Cleaning, Catering, Security, Personnel Service, Airport Service and Integrated Services divisions. They deliver innovative services, either on a stand-alone basis or as part of integrated service concepts. Klüh sees itself as a strategic partner that supports its clients with professional service concepts. Customer orientation is the company’s main priority, followed by a responsible approach to its employees, the environment and the market.

Klüh in Numbers:

1. 58k employees
2. 1 billion EUR revenues
3. 4,200 customers
4. 49 regional offices

IAMX [Digital Identity]

IAMX operates a cutting-edge platform for creating user-owned, controlled, and verifiable compliant digital identities for individuals, companies, and assets. This digital identity framework facilitates compliant mutual authentication, business process automation, and biometric authorization.

IAMX compliance service modules per partner:

1. AML (Anti-Money Laundering): Provided by Intrum AG, which employs 10,000 staff across 160 offices globally, helping to mitigate money laundering risk
2. Identity Verification: Handled by IDnow via Intrum, conducting over 30 million identity verifications annually across 195 countrie
3. KYT (Know Your Transaction) Wallet and Transaction Monitoring: Merkle Science enhances crypto compliance, anti-money laundering, and fraud prevention through innovative technology, tools, and services that ensure safety and regulatory compliance in the cryptocurrency spher

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

Milestone 1: Onboarding

Output:

• Develop a fully functional user interface for seamless onboarding for Klüh for employees, visitors and partners.

Acceptance Criteria:

• Users can successfully complete interactions with a tex

Evidence of Milestone Completion:

• Video Documentation: Displaying the user interaction with the chatbot, including steps of ID verification and reaching the confirmation page, confirming successful completion.
• Technical Report: Detailed documentation covering the introduction, overview, processes involved, results of verification, progress tracking, anonymized JSON data for both questions and answers, and partners involved per modul

Milestone 2: DID-methods

Output:

• Implementation of DID creation on Cardano using DID methods did:prism and did:iamx, and issuance of a Verifiable Credential.

Acceptance Criteria:

• Successful creation of a DID and a Verifiable Credential by users, following the successful onboarding in Milestone 1.

Evidence of Milestone Completion:

• Video Documentation: Showing the process of DID creation using did:prism and did:iamx, and the issuance of Verifiable Credentials, followed by their import into a digital wallet.
• Technical Report: Documentation detailing the creation of DIDs using specified methods, the issuance and import of Verifiable Credentials into a wallet.

Milestone 3: App Development

Output:

• Development of an application in Test Mode on Apple platforms with features including connection to DID, import of Verifiable Credentials, and Wallet Connect.

Acceptance Criteria:

• Users are able to download the app in Test Mode from the Apple Store, perform two-factor authentication (2FA), utilize their rkyc reference code, and receive a confirmation SMS.

Evidence of Milestone Completion:

• Video Documentation: Capturing the download of the app in Test Mode from the Apple Store and the execution of the 2FA process.
• Technical Report: Documentation referencing the download process and subsequent operations within the app.

Milestone 4: Import App

Output:

• Enable the import of Verifiable Credentials into the app, which operates in Test Mode on Apple devices.

Acceptance Criteria:

• Users are able to successfully import Verifiable Credentials into the app.

Evidence of Milestone Completion:

• Video Documentation: Showing the import process of Verifiable Credentials into the app.
• Technical Report: Detailed description of the import process of Verifiable Credentials.

Milestone 5: Connect to Endpoints

Output:

• Integration of the app with Klüh Endpoints.

Acceptance Criteria:

• Users can connect to Klüh Endpoints using their DID and Verifiable Credentials for authentication.

Evidence of Milestone Completion:

• Video Documentation: Showing the process of connecting the DID to the Klüh Endpoints and the exchange of Verifiable Credentials.
• Technical Report: Documentation on the process of connecting to the Klüh Endpoints using DIDs.

FINAL: Identity and access management piloting Cardano

Output:

• Identity and access within in Klüh for employees, visitors and partners.

Acceptance Criteria:

• Onboarding, update, access within in Klüh for employees, visitors and partners. App on Google and Apple.

Evidence of Milestone Completion:

• Video Documentation: Demonstrating the process for employees, visitors and partners
• Technical Report: Detailed report outlining the process.

[RESOURCES] Who is in the project team and what are their roles?

Felix Fiedler, CIO, Klüh Multiservices

https://www.linkedin.com/in/felix-fiedler/

Dennis Mittmann

CTO IAMX https://iamx.id

https://www.linkedin.com/in/dennis-mittmann/

Tim Brückmann

CMO IAMX IAMX https://iamx.id

https://www.linkedin.com/in/tim-b-7864a284/

Tim Heidfeld

CEO IAMX https://iamx.id

https://www.linkedin.com/in/tim-heidfeld/

Roles

Klüh Project Leadership and Departmental Coordination

Felix, representing Klüh, serves as the project lead and the primary liaison for all related business departments. His responsibilities ensure cohesive integration and coordination across various sectors of the project.

Product Development, IT, and Integration

Colleagues from Klüh and Dennis from IAMX are jointly responsible for overseeing product development, IT, and integration aspects of the project. Dennis also specifically manages the deployment of Decentralized Identifier (DID) methods and the anchoring of digital identities on the Cardano blockchain.

Marketing and Legal Oversight

Tim Brückmann from IAMX leads our marketing efforts, crafting strategies that effectively communicate the project's value and innovation. Legal matters and data protection are overseen by Tim Heidfeld from IAMX, ensuring compliance and safeguarding stakeholder interests throughout the project lifecycle.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

IT Development

The IT development segment of our project involves critical components such as Onboarding, App Development, integration with Klüh Endpoints, biometric features, and enabling secure door access technology. To achieve these objectives, we will engage five senior developers, project management, product owner, over a period of 5.5 months. The budget allocation for this essential phase is as follows:

Total Cost: 930,000 ADA

Design and Layout

This portion of the budget covers the design, layout, and output formats essential for the application's user interface and user experience components. Effective design is crucial for ensuring that the application is accessible, intuitive, and user-friendly.

Total Cost: 40,000 ADA

Legal Analysis and Agreements

Legal integrity is paramount in projects that handle identity verification and access control to ensure compliance with data protection regulations and to secure intellectual property rights. This budget allocation will cover all necessary legal analysis and the drafting of agreements.

Total Cost: 90,000 ADA

Publicity, Community Engagement, and Project Management

To ensure the project reaches a wide audience and engages effectively with the community, funds are allocated for publicity and community engagement activities. Additionally, this allocation covers the overall project management, documentation, and reporting to keep stakeholders informed and involved throughout the project lifecycle.

Total Cost: 50,000 ADA

Total Project Budget: 1,110,000 ADA

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The cost of the project for integrating Identity and Access Management (IAM) using decentralized identifiers on the Cardano blockchain, particularly for Klüh and its clients, represents significant value for money for the Cardano ecosystem in several ways:

Demonstration of Advanced Blockchain Use Cases: The project involves critical IT development work, such as onboarding, app development, integration with Klüh endpoints, biometric features, and secure door access technology. By allocating 930,000 ADA to these activities, we're showcasing the versatility and robustness of Cardano's blockchain technology in handling complex, real-world applications beyond simple transactions. This can serve as a proof of concept to attract other large-scale industrial and commercial participants to the ecosystem.

Improvement of User Interface and Experience: With 40,000 ADA dedicated to design and layout, the project ensures that the blockchain integration is not only functional but also user-friendly and accessible. This enhances user adoption and interaction, which is crucial for the widespread acceptance of blockchain solutions in everyday business operations.

Compliance and Legal Assurance: The allocation of 90,000 ADA to legal analysis and agreements addresses compliance with data protection regulations and secures intellectual property rights. This ensures that the blockchain solutions are sustainable and legally sound, which is essential for their long-term success and acceptance.

Community Engagement and Visibility: Investing 50,000 ADA in publicity, community engagement, and project management ensures that the project gains the necessary visibility and engagement from the community. This helps in fostering a supportive environment around Cardano’s capabilities, encouraging more developers and companies to consider Cardano for their blockchain needs.

Overall, the total project budget of 1,110,000 ADA is justified by the strategic and comprehensive approach to deploying a blockchain solution that not only meets the technical and operational needs of Klüh and its clients but also significantly contributes to the growth and development of the Cardano ecosystem. This investment not only enhances the technological infrastructure but also builds confidence and trust in Cardano’s potential across diverse industries.