City Research Online

Abstract

A significant limitation of Financial-Grade API (FAPI) 2.0 is its inability to verify the true origin of the authenticator used during the authentication process, because it focuses solely on validating the parameters of the request rather than verifying the identity of the sender. To enhance FAPI 2.0 security, we propose SovChain, an approach that embeds machine learning into the pre-authentication phase of self-sovereign identity (SSI) systems, enabling proactive risk assessment before any credential is accepted or validated. By addressing a clear gap in the literature, the absence of a mechanism for early threat detection within SSI, the findings of this study contribute to the development of a more trustworthy open banking ecosystem. SovChain was designed with Hyperledger smart contracts, tested on the TON Internet of Things dataset, and validated using AVISPA for formal security. Simulation experiments evaluated registration and authentication flows, support vector machine classification, communication overhead, and throughput under varying participant loads. SovChain achieved 98.2% accuracy with a 97.7% F1 score. By embedding proactive risk assessment into SSI, SovChain demonstrates the feasibility of combining lightweight machine learning with blockchain-based authentication, offering a scalable and regulation-ready solution for open banking and beyond.

Publication Type:	Article
Additional Information:	This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
Publisher Keywords:	Dynamic risk assessment, Open banking, Self-sovereign identity, Support vector machine
Subjects:	H Social Sciences > HG Finance Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology School of Science & Technology > Department of Computer Science
SWORD Depositor:	Symplectic Administrator

Export

Downloads