Table of Contents
- 1 The Need for Verifiable Credentials
- 2 Benefits and Challenges of Digitalizing Credentials
- 3 What are Credentials?
- 4 What are Verifiable Credentials (VCs)?
- 5 What is a Verifiable Presentation?
- 6 Understanding Digital Signatures
- 7 What is a Digital Wallet?
- 8 The Verifiable Credentials Ecosystem
- 9 How Verifiable Credentials Work
- 10 The Verifiable Credentials Trust Model (The Trustless System)
- 11 Key Components of Verifiable Credentials
- 12 The Benefits of Verifiable Credentials
- 13 The Role of Decentralized Identifiers (DIDs) in Verifiable Credentials
- 14 Conclusion
- 15 Identity.com
In the era of Web 2.0, most internet users have a singular relationship with each service they use or subscribe to. Websites like Amazon, Netflix, Facebook, Upwork, Airbnb, and more require users to register with their platforms afresh. This singular relationship between email and passwords allows users to present varying identities and credentials at different times.
Many service providers, especially those offering financially related services where KYC is needed, have fully integrated the internet into their services. These providers often use e-KYC, the electronic version of KYC, to reduce unnecessary bureaucracy. As a result, users upload digital copies of their credentials, such as social security cards, driver’s licenses, international passports, etc.
In this context, verifiable credentials emerge as a solution to enhance trust and security in digital identity management. This guide will explore the concept of verifiable credentials, how they work, and their potential benefits.
The Need for Verifiable Credentials
In today’s digital landscape, many organizations lack the resources to verify the legitimacy of the digital credentials they encounter. This poses significant concerns as fake credentials can easily go unnoticed, potentially leading to security breaches and fraudulent activities. In fact, a 2019 survey by Greenhouse Treatment Center revealed that thousands of Americans have used or own fake identification.
This issue extends beyond specific industries, affecting healthcare, social media, job platforms, and freelancing websites. To address this problem and expedite the process of identity verification, many have turned to the digitalization of credentials. By converting physical credentials into digital formats, organizations and users can save time and resources.
However, this approach also increases the risk of fake identities, raising the question of whether there is a more reliable method to confirm the authenticity of credentials without a shadow of doubt. Can verifiable credentials be the solution to the challenges faced in the digitalization of credentials? Read on to find out!
Benefits and Challenges of Digitalizing Credentials
Digitalizing credentials saves companies time and resources. It removes the need for many employees to attend to hundreds of customers physically or via email just to confirm their identities and credentials. However, this technological solution also has its downsides, such as the increase in fake identities. This raises the question of whether there is a way to curb this problem and confirm a user’s credentials without any doubt that they are who they claim to be.
When verifying users’ credentials, questions arise such as whether a user truly graduated from Harvard Business School or whether they have received the COVID-19 vaccine as claimed. It can be time-consuming to confirm credentials through phone calls or emails. Therefore, is it possible to confirm credentials directly from the issuer within seconds? Can Verifiable Credentials be the solution to the issues faced during the digitalization of credentials? While it’s unclear if Verifiable Credentials are the ultimate solution, this article provides insights on how they differ from traditional credential verification methods.
What are Credentials?
Credentials serve as evidence of a person’s achievements, qualifications, experience, or other relevant aspects of their life. A typical physical credential includes details such as:
- A description of the owner or subject of the credential, such as a name, photograph, identification number, etc.
- Details, trademarks, or symbols of the issuing authority, such as the U.S. great seal, state government symbols, government agencies’ logos, health centers’ logos’ and educational institutions’ trademarks.
- Specific information the credential carries, such as a health insurance card, an international passport, a receipt or proof of house ownership, or a driver’s license.
- The way in which a credential, such as a university graduation certificate, was obtained provides information on whether the student has completed the required number of years for the course.
- Evidence of grade or rating, such as students that graduated with first class, second class upper or lower according to the U.K. grading system, a student awarded with the tag of “best graduating student,” best performing actor, doctor, governor, mayor, etc.
To comprehend the concept of verifiable credentials, we must establish a foundation of what credentials are. The examples provided above illustrate the diverse information that can be found within a credential. Verified credentials, as we will explore, go beyond the traditional format to facilitate secure and efficient transfer and verification processes.
What are Verifiable Credentials (VCs)?
Verifiable Credentials (VCs) are digital credentials that are digitally signed and cryptographically secured to ensure tamper-evident properties. They go far beyond just digital versions of physical credentials by offering vastly improved efficiency, speed, and security in issuance and verification.
With verifiable credentials, new credentials can be generated and issued immediately and then presented by holders to organizations or individuals for verification. A major advantage verifiable credentials have over traditional credentials is the increased privacy protections they provide. Users can selectively disclose only necessary information or claims without revealing additional personal details.
For example, rather than having to submit a physical or scanned copy of a graduation certificate to prove attendance at Harvard University, users can simply provide a verified “Yes” or “No” response to the verifier. The verifier can then instantly check this credential directly with Harvard using their digital signature based on public key cryptography.
What is a Verifiable Presentation?
A Verifiable Presentation is an key component of verifiable credentials. It is mostly how users interact with the organization or entity. This type of presentation allows users to combine data from one or various credentials while still making the source or authorship of the credentials verifiable. Using different credentials, a user can assemble different pieces of data to meet the needs of an asking company or party. These data are combined and presented in an organized manner without losing their authorship or authenticity as issued by the issuers.
Advantages of Using Verifiable Presentations
Let’s consider a scenario where a company requires specific data from a potential customer, such as their name, nationality, proof of education, proof of employment, and proof of insurance. In the traditional approach, the customer would need to provide separate physical copies of each credential. This process could potentially expose additional unnecessary information. For example, the proof of employment might reveal the company name and address, or an international passport used as proof of nationality might contain the policy number and date of registration for insurance.
This is where verifiable presentations come into play. Users can select and submit only the necessary data from their existing credentials, eliminating the need to disclose irrelevant information. The selected pieces of data are combined and presented as a single verified presentation, signed with the sender’s digital signature. Additionally, verified presentations employ digital signatures to ensure authenticity and protect privacy. This allows users to choose what information they share while maintaining the integrity of the presentation.
Understanding Digital Signatures
Digital signatures serve as electronic equivalents of handwritten signatures or stamped seals. They enhance transparency, integrity, and the tamper-evident nature of credentials, making them an integral component of verifiable credentials (VCs). Digital signatures are essential to the trust model of the verifiable credential ecosystem. They provide assurance to the verifier that the shared credential or verifiable presentation indeed belongs to the claimed sender.
For instance, when a user combines data from their credentials in a digital wallet to create a verifiable presentation and submits it to an employer, they use two keys: the private key and the public key. The private key, known only to the issuer, is used to encrypt the credential. Meanwhile, the public key enables the verifier or the public to decrypt and verify the issuance of the credentials.
What is a Digital Wallet?
A digital wallet serves as a secure repository for users to store their verifiable credentials and share them with authorized parties. It acts as the electronic counterpart of a physical wallet, housing credit cards, driver’s licenses, insurance cards, and other important documents.
However, digital wallets offer enhanced security through the use of blockchain technology. Users can present physical identification from their wallets when necessary, such as during interactions with law enforcement. Similarly, issuers can utilize digital wallets to present verifiable credentials, leveraging cryptography and their public keys to enhance security.
The Verifiable Credentials Ecosystem
Both traditional credential issuance and VC ecosystems involve three parties: the issuer, the holder, and the verifier. Communication between these entities is essential to verify a user’s credentials during presentation. Let’s take a closer look at the roles of these three entities:
The issuer, which can be a school, healthcare center, bank, company, government agency, or an individual, is responsible for issuing credentials to users. For example, a university issuing graduation certificates to students serves as the issuer. Issuers employ various methods to demonstrate their competence and authority to issue credentials.
The holder is the recipient of the credentials issued by the issuer. In the example mentioned earlier, each student receiving a certificate from the university would be a holder. Holders have full control over with whom they share their credentials and can revoke access from previously shared parties. They can store their issued credentials in a digital wallet on their mobile device or back them up online or on the cloud.
The verifier completes the communication circle within the VC ecosystem. When a holder presents their credentials to a verifier who requests verification, the verifier confirms the authenticity of the credentials through cryptographic communication with the issuer. Public-key cryptography enables the verifier to detect alterations, verify validity, or check expiration dates within seconds.
How Verifiable Credentials Work
The process of verifying credentials involves three steps: issuance, possession, and verification.
Let’s consider an example to illustrate this process: a university (issuer) awards a digitally signed certificate to a graduating student (holder), who then presents it to a potential employer (verifier).
During verification, the employer checks the decentralized blockchain database to confirm the certificate’s authenticity. It’s important to note that the blockchain does not store the verifiable credentials themselves. Instead, it stores the necessary information and keys to verify their authenticity. The employer can verify the certificate by comparing the public key attached to the certificate with the public key of the issuer (university). This process enables the employer to determine:
- Whether the issuer has the authority to issue the certificate.
- If the credential has been tampered with.
- If the credential has been tampered with.
- If the issuer meets the employer’s expectations. For example, the employer may prefer to hire a graduate from Harvard University rather than from another institution.
The Verifiable Credentials Trust Model (The Trustless System)
The trust model established by verifiable credentials does not require extensive communication or permission to establish trust. Instead, it creates a system where the issuer trusts the holder as a reliable candidate for the issued credential. Simultaneously, the verifier trusts the issuer as a competent entity to have awarded the credential. This trust model, similar to a trustless system, allows different parties to agree on a single truth and the authenticity of credentials.
Notably, any entity, whether an organization or an IoT device, can assume any of the three roles within the verifiable credentials ecosystem and trust model. Moreover, IoT devices integrate into the development of web 3.0, which also supports the verifiable credentials data model. This flexibility allows verifiers to specify in their verification requirements whether they trust a particular issuer’s competence.
For instance, a law firm that exclusively hires graduates from Harvard University can establish a verification specification that excludes credentials from other law programs or universities. This is just one example of the specifications a verifier can provide.
Here are some additional specifications that a verifier can request to assess the issuer’s competence, authority, or define the required dataset from the holder:
- The type of credential
- The format type of the credential
- The use of specific cryptography
- The holder’s names (excluding sensitive information like date of birth or address)
- The holder’s proof of education (excluding specific grades)
- The holder’s age without additional personal details
- Credentials issued by a specific U.S. state
- Credentials issued by a specific country, etc.
Key Components of Verifiable Credentials
A verifiable credential ecosystem comprises three key components:
- Claim(s): This tamper-proof component of verifiable credentials contains details about the individual who received the credential. It may include claims, awards, achievements, job titles, employee numbers, courses of study, graduation grades, date of birth, nationality, and other relevant information related to the purpose of the credential.
- Proof(s): This section encodes information about the issuer of the VC, including proof of authenticity. It shows if the conveyed claims have been tampered with.
The Benefits of Verifiable Credentials
The traditional procedure for issuing and presenting credentials has its flaws, one of which is the purchase and use of fake credentials, as covered by BBC News. Thousands of UK professionals were found in 2018 to have patronized globally unrecognized fake institutions for certificates. For these reasons and many more, verifiable credentials have developed and continue to grow. Verifiable credentials have emerged as a solution to address the limitations of traditional credential systems. They offer a range of benefits that enhance the efficiency, security, and privacy of credential transfer and verification processes. Let’s explore these advantages:
1. Instant Verification
Verifiable credentials enable the instant verification of authenticity. Unlike traditional processes that can take hours, days, or even weeks, verifiable credentials allow for quick verification within seconds. This eliminates the delays and uncertainties associated with manual verification methods. The verification process is facilitated through existing digital signature protocols, utilizing public key cryptography.
2. Secure and Tamper-proof
Verifiable credentials employ digital signatures and cryptographic techniques to ensure the security and integrity of the data. The use of public key cryptography makes credentials tamper-evident, protecting them from unauthorized modifications. This provides a high level of assurance that the credentials being presented are genuine and have not been altered.
3. Limited Access and Privacy Protection
Verifiable credentials offer individuals greater control over their personal information. With digital signatures, users can selectively disclose specific facts or claims without revealing additional personal details. This limits access to sensitive information, providing privacy protection. Ultimately, users have the autonomy to decide which information they share, ensuring their privacy while still meeting the requirements of verifiers.
4. Full Ownership and Control
Verifiable credentials empower individuals with full ownership and control over their credentials. They can securely store their credentials in a digital wallet and choose when and with whom to share them. Additionally, users can also revoke access to their credentials if needed, granting them complete control over their personal information.
6. Ease of Use
Because verifiable credentials are open standards, they are easy to implement by developers and easy to use by end users. The standardized approach allows for seamless integration into various systems and platforms. Users can combine data from multiple credentials to create a verifiable presentation tailored to the specific requirements of verifiers.
7. Interoperability and Compatibility
As previously mentioned, one can easily merge data from VCs for presentation and use in different contexts. When confirming age for a service, an individual can utilize a VC to provide proof of age. Furthermore, combining information from multiple VCs can verify age, nationality, and employment status concurrently. Combining a single VC with another credential can establish an individual’s eligibility for medical services and other purposes. The digital wallet allows you to share only the necessary data. This helps protect sensitive information and restricts access to authorized parties.
The Role of Decentralized Identifiers (DIDs) in Verifiable Credentials
Decentralized Identifiers (DIDs) play a crucial role in verifiable credentials. DIDs leverage digital signatures and other web 3.0 components to publicly identify and verify users or entities in a decentralized manner. Decentralized identifiers are unique global identifiers built on decentralized blockchain technology, in contrast to the centralized registries commonly used today.
DIDs serve as a means to establish and prove the identity of entities involved in verifiable credentials. Entities utilize private keys to cryptographically bind their identity to each credential they issue or hold. DIDs provide a unique technology that verifies the identity claims of any entity, whether it’s the issuer, holder, or verifier. Moreover, the verifier can utilize the public key during verification to attest to the authenticity of the verifiable credentials submitted by the holder.
Please click here to learn more about the importance of decentralized identifiers (DIDs) within the World Wide Web Consortium (W3C).
Verifiable credentials offer a range of benefits that enhance the trust, security, and efficiency of credential transfer and verification processes. By leveraging digital signatures, cryptography, and decentralized technologies, they address the limitations of traditional credential systems. Verifiable credentials empower individuals with greater control over their personal information while facilitating seamless and secure verification for organizations.As adoption of verifiable credentials accelerates, they are poised to fundamentally transform identity management and many other sectors.
In the 21st century, verifying a user’s identity and the authenticity of their credentials has become increasingly urgent and crucial. Building on the decentralized ecosystem framework, VCs and DIDs are revolutionizing existing structures and offering new solutions. It’s exciting to see Identity.com playing a role in shaping this desired future as a member of the World Wide Web Consortium (W3C), the standards body for the World Wide Web.
The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please refer to our FAQs page for more info about Identity.com and how we can help you with identity verification and general KYC processes.