AAU Student Projects is unavailable between June 15th 1.30pm and 17th 1.30pm due to planned system maintenance. The projects cannot be downloaded during this period.
AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Verifiable Credentials as a Complementary Trust Architecture for Cross-Organisational Healthcare Verification in Norway

Author

Term

4. term

Education

Innovative Communication Technologies and Entrepreneurship, Master

Publication year

2026

Abstract

This thesis examines how a Verifiable Credential (VC)–based trust architecture can complement existing Norwegian healthcare identity and signature infrastructures to enable cross-organisational verification. While PKI supports strong authentication and signature validation, it can introduce coordination complexity when verification crosses institutional and technical boundaries. The study argues that cryptographic validity is necessary but not sufficient for institutional acceptance; verification also depends on issuer trust, professional roles, credential status, document permissions, and local policies. Using a Design Science Research approach, the work derives requirements, proposes a conceptual target architecture, and implements a local proof-of-concept prototype comprising a simulated HPR-like source, a healthcare authorisation issuer, a clinician wallet, verifier contexts, a trust registry, a status registry, a proof catalogue, a verifier policy evaluator, and an audit log. The prototype demonstrates how these dependencies can be explicitly modeled and provides architectural support for the approach’s plausibility. The contribution positions VC-based verification as a complementary layer intended to coexist with established services such as HelseID, the Health Personnel Register (HPR), and PKI-based trust services, rather than replace them.

Dette speciale undersøger, hvordan en tillidsarkitektur baseret på Verifiable Credentials (VC) kan supplere eksisterende norske identitets- og signaturinfrastrukturer i sundhedsvæsenet for at muliggøre verificering på tværs af organisationer. Selvom PKI understøtter stærk autentifikation og signaturvalidering, kan den skabe koordineringskompleksitet, når verifikation går på tværs af institutionelle og tekniske grænser. Specialet argumenterer for, at kryptografisk gyldighed er nødvendig, men ikke tilstrækkelig til institutionel accept; verifikationsbeslutninger afhænger også af udsteder-tillid, faglige roller, credential-status, dokumenttilladelser og lokale politikker. Med en Design Science Research-tilgang afledes krav, foreslås en konceptuel målaritektur og implementeres en lokal proof-of-concept prototype bestående af et simuleret HPR-lignende register, en udsteder af sundhedsautorisationer, en kliniker-wallet, verifikationskontekster, et trustregister, et statusregister, et proof-katalog, en verifikationspolitikevaluator og en auditlog. Prototypen viser, hvordan disse afhængigheder kan modelleres eksplicit og giver arkitektonisk støtte for tilgangen som plausibel. Bidraget positionerer VC-baseret verifikation som et supplerende lag, der sameksisterer med etablerede tjenester som HelseID, HPR og PKI-baserede tillidstjenester frem for at erstatte dem.

[This apstract has been generated with the help of AI directly from the project full text]

Documents

Download PDF
View record in AAU Student Projects