Key Takeaways:

• Verifiable credentials (VCs) are digital credentials that empower individuals and entities to achieve instant and secure identity verification while offering the flexibility to selectively disclose specific information.
• VCs use digital signatures and cryptography for secure verification, streamlining and speeding up the process.
• They offer privacy protection, enabling selective disclosure of information.
• Digital ID Wallets play key roles in storing and managing digital identities and credentials.
• The VC ecosystem involves issuers, holders, and verifiers, facilitating secure and efficient identity verification.

 

In the era of Web 2.0, most internet users maintain a distinct relationship with each service they use or subscribe to. Websites like Amazon, Netflix, Facebook, Upwork, Airbnb, and many others necessitate fresh user registrations on their platforms. This unique connection, established through email addresses and passwords, grants users the flexibility to present varying identities and credentials as the need arises.

Many service providers, especially those offering financially related services where KYC is needed, have fully integrated the internet into their services. These providers often use e-KYC, the electronic version of KYC, to reduce unnecessary bureaucracy. As a result, users upload digital copies of their credentials, such as social security cards, driver’s licenses, international passports, etc.

In this evolving digital landscape, verifiable credentials emerge as a solution to enhance trust and security in digital identity management. This guide will explore the concept of verifiable credentials, how they work, and their potential benefits.

The Need for Verifiable Credentials

In today’s digital landscape, many organizations lack the resources to verify the legitimacy of the digital credentials they encounter. This poses significant concerns as fake credentials can easily go unnoticed, potentially leading to security breaches and fraudulent activities. In fact, a 2019 survey by Greenhouse Treatment Center revealed that thousands of Americans have used or own fake identification.

This issue extends beyond specific industries, affecting healthcare, social media, job platforms, and freelancing websites. To address this problem and expedite the process of identity verification, many have turned to the digitalization of credentials. By converting physical credentials into digital formats, organizations and users can save time and resources.

However, this approach also increases the risk of fake identities. This raises the question of whether there is a more reliable method to confirm the authenticity of credentials without a shadow of doubt. Can verifiable credentials be the solution to the challenges faced in the digitalization of credentials? Read on to find out!

Benefits and Challenges of Digitalizing Credentials

Digitalizing credentials saves companies time and resources. It removes the need for many employees to attend to hundreds of customers physically or via email just to confirm their identities and credentials. However, this technological solution also has its downsides, such as the increase in fake identities. This raises the question of whether there is a way to curb this problem and confirm a user’s credentials without any doubt that they are who they claim to be.

When verifying users’ credentials, questions arise such as whether a user truly graduated from Harvard Business School or whether they have received the COVID-19 vaccine as claimed. It can be time-consuming to confirm credentials through phone calls or emails. Therefore, is it possible to confirm credentials directly from the issuer within seconds? Can Verifiable Credentials be the solution to the issues faced during the digitalization of credentials? While it’s unclear if Verifiable Credentials are the ultimate solution, this article provides insights on how they differ from traditional credential verification methods.

What Are Credentials?

 

 

Credentials serve as evidence of a person’s achievements, qualifications, experience, or other relevant aspects of their life. A typical physical credential includes details such as:

1. A description of the owner or subject of the credential, such as a name, photograph, identification number, etc.
2. Details, trademarks, or symbols of the issuing authority, such as the U.S. great seal, state government symbols, government agencies’ logos, health centers’ logos’ and educational institutions’ trademarks.
3. Specific information the credential carries, such as a health insurance card, an international passport, a receipt or proof of house ownership, or a driver’s license.
4. The way in which a credential, such as a university graduation certificate, was obtained provides information on whether the student has completed the required number of years for the course.
5. Evidence of grade or rating, such as students that graduated with first class, second class upper or lower according to the U.K. grading system, a student awarded with the tag of “best graduating student,” best performing actor, doctor, governor, mayor, etc.
6. Credentials’ limitations or constraints, such as expiration dates, conditions for validity, or terms of use.

To comprehend the concept of verifiable credentials, we must establish a foundation of what credentials are. The examples provided above illustrate the diverse information that can be found within a credential. Verified credentials, as we will explore, go beyond the traditional format to facilitate secure and efficient transfer and verification processes.

What Is a Verifiable Credential?

 

 

Verifiable Credentials (VCs) represent the digital evolution of traditional credentials. They are enhanced with digital signatures and cryptographic security measures, ensuring their authenticity and integrity. These digital credentials empower individuals and entities to achieve instant and secure identity verification while offering the flexibility to selectively disclose specific information. In essence, VCs bring a revolutionary approach to managing digital identities, greatly enhancing efficiency, speed, and security in both the issuance and verification processes.

How Do Verifiable Credentials Work?

Verifiable credentials enable the instant generation and issuance of new credentials, which can then be presented for verification to various organizations or individuals. One of the key benefits of VCs over traditional credential formats is their enhanced privacy features. Users have the option to selectively disclose only the necessary information or claims, thus maintaining control over their personal details.

For instance, in scenarios where proof of educational qualifications is required, instead of submitting a physical or scanned copy of a graduation certificate, users with VCs can provide a simple, verified response – a “Yes” or “No” – to the inquiry. The verifying party, such as an employer or educational institution, can then immediately authenticate this response directly with the issuing entity, like Harvard University, using public key cryptography. This process not only streamlines verification but also upholds the privacy of the individual’s personal information.

What Is a Verifiable Presentation?

A Verifiable Presentation is an key component of verifiable credentials. It is mostly how users interact with the organization or entity. This type of presentation allows users to combine data from one or various credentials while still making the source or authorship of the credentials verifiable. By utilizing various credentials, users can gather distinct pieces of data to fulfill the requirements of a requesting company or party. These data are combined and presented in an organized manner without losing their authorship or authenticity as issued by the issuers.

Advantages of Using Verifiable Presentations

Let’s consider a scenario where a company requires specific data from a potential customer, such as their name, nationality, proof of education, proof of employment, and proof of insurance. In the traditional approach, the customer would need to provide separate physical copies of each credential. This process could potentially expose additional unnecessary information. For example, the proof of employment might reveal the company name and address, or an international passport used as proof of nationality might contain the policy number and date of registration for insurance.

This is where verifiable presentations come into play. Users can select and submit only the necessary data from their existing credentials, eliminating the need to disclose irrelevant information. The selected pieces of data are combined and presented as a single verified presentation, signed with the sender’s digital signature. Additionally, verified presentations employ digital signatures to ensure authenticity and protect privacy. This allows users to choose what information they share while maintaining the integrity of the presentation.

Understanding Digital Signatures

Digital signatures serve as electronic equivalents of handwritten signatures or stamped seals. They enhance transparency, integrity, and the tamper-evident nature of credentials, making them an integral component of verifiable credentials (VCs). Digital signatures are essential to the trust model of the verifiable credential ecosystem. They provide assurance to the verifier that the shared credential or verifiable presentation indeed belongs to the claimed sender.

For instance, when a user combines data from their credentials in a digital wallet to create a verifiable presentation and submits it to an employer, they use two keys: the private key and the public key. The private key, known only to the issuer, is used to encrypt the credential. Meanwhile, the public key enables the verifier or the public to decrypt and verify the issuance of the credentials.

Digital Wallet vs. Digital ID Wallet

 

 

A digital wallet serves as a secure electronic tool that allows users to store payment methods like credit cards, bank account details, and even digital currency. It simplifies online purchases and transactions by quickly providing payment information without the need for manual entry.

On the other hand, a Digital ID Wallet is designed primarily to securely store and manage a user’s digital identity credentials. This can include digital versions of driver’s licenses, insurance cards, membership cards, and other personal identification documents. Enhanced by blockchain technology, digital ID wallets offer a secure means for users to present digital identification during interactions that require identity verification. Issuers can also utilize digital ID wallets to present verifiable credentials. They leverage cryptography and their public keys to ensure authenticity and security.

The Verifiable Credentials Ecosystem

1. Issuer

The issuer, which can be a school, healthcare center, bank, company, government agency, or an individual, is responsible for issuing credentials to users. For example, a university issuing graduation certificates to students serves as the issuer. Issuers employ various methods to demonstrate their competence and authority to issue credentials.

2. Holder

The holder is the recipient of the credentials issued by the issuer. In the example mentioned earlier, each student receiving a certificate from the university would be a holder. Holders have full control over with whom they share their credentials and can revoke access from previously shared parties. They can store their issued credentials in a digital wallet on their mobile device or back them up online or on the cloud.

3. Verifier

The verifier completes the communication circle within the VC ecosystem. When a holder presents their credentials to a verifier who requests verification, the verifier confirms the authenticity of the credentials through cryptographic communication with the issuer. Public-key cryptography enables the verifier to detect alterations, verify validity, or check expiration dates within seconds.

How Are Verifiable Credentials Verified? 

The verification of verifiable credentials involves a three-step process: issuance, possession, and verification.

To illustrate this process, consider the following example: a university (issuer) digitally signs a certificate and awards it to a graduating student (holder), who later presents it to a potential employer (verifier).

During verification, the employer checks a decentralized blockchain database to confirm the certificate’s authenticity. It’s important to clarify that the blockchain doesn’t store the verifiable credentials themselves. Instead, it contains the necessary information and keys for verification. The employer verifies the certificate by matching the public key on the certificate with the public key of the issuer (university). This process allows the employer to:

1. Confirm the issuer’s authority to grant the certificate.
2. Ensure the integrity of the credential (preventing tampering).
3. Verify that the credential aligns with the employer’s criteria, such as preferring graduates from specific institutions like Harvard University.

The Verifiable Credentials Trust Model (The Trustless System)

The trust model established by verifiable credentials does not require extensive communication or permission to establish trust. Instead, it creates a system where the issuer trusts the holder as a reliable candidate for the issued credential. Simultaneously, the verifier trusts the issuer as a competent entity to have awarded the credential. This trust model, similar to a trustless system, allows different parties to agree on a single truth and the authenticity of credentials.

Notably, any entity, whether an organization or an IoT device, can assume any of the three roles within the verifiable credentials ecosystem and trust model. Moreover, IoT devices integrate into the development of web 3.0, which also supports the verifiable credentials data model. This flexibility allows verifiers to specify in their verification requirements whether they trust a particular issuer’s competence.

For instance, a law firm that exclusively hires graduates from Harvard University can establish a verification specification that excludes credentials from other law programs or universities. This is just one example of the specifications a verifier can provide.

Verifier’s Criteria

Here are some additional specifications that a verifier can request to assess the issuer’s competence, authority, or define the required dataset from the holder:

1. The type of credential
2. The format type of the credential
3. The use of specific cryptography
4. The holder’s names (excluding sensitive information like date of birth or address)
5. The holder’s proof of education (excluding specific grades)
6. The holder’s age without additional personal details
7. Credentials issued by a specific U.S. state
8. Credentials issued by a specific country, etc.

Key Components of Verifiable Credentials

A verifiable credential ecosystem comprises three key components:

1. Credential Metadata: This includes the credential identifier and any conditional information like terms of use and expiration dates. The issuer encrypts and cryptographically signs this metadata.
2. Claim(s): This tamper-proof component of verifiable credentials contains details about the individual who received the credential. It may include claims, awards, achievements, job titles, employee numbers, courses of study, graduation grades, date of birth, nationality, and other relevant information related to the purpose of the credential.
3. Proof(s): This section encodes information about the issuer of the VC, including proof of authenticity. It shows if the conveyed claims have been tampered with.

The Benefits of Verifiable Credentials

The traditional procedure for issuing and presenting credentials has its flaws, one of which is the purchase and use of fake credentials, as covered by BBC News. Thousands of UK professionals were found in 2018 to have patronized globally unrecognized fake institutions for certificates. For these reasons and many more, verifiable credentials have developed and continue to grow.

Verifiable credentials have emerged as a solution to address the limitations of traditional credential systems. They offer a range of benefits that enhance the efficiency, security, and privacy of credential transfer and verification processes. Let’s explore these advantages:

1. Instant Verification 

Verifiable credentials enable the instant verification of authenticity. Unlike traditional processes that can take hours, days, or even weeks, verifiable credentials allow for quick verification within seconds. This eliminates the delays and uncertainties associated with manual verification methods. The verification process is facilitated through existing digital signature protocols, utilizing public key cryptography.

2. Secure and Tamper-proof

Verifiable credentials employ digital signatures and cryptographic techniques to ensure the security and integrity of the data. The use of public key cryptography makes credentials tamper-evident, protecting them from unauthorized modifications. This provides a high level of assurance that the credentials being presented are genuine and have not been altered.

3. Limited Access and Privacy Protection

Verifiable credentials offer individuals greater control over their personal information. With digital signatures, users can selectively disclose specific facts or claims without revealing additional personal details. This limits access to sensitive information, providing privacy protection. Ultimately, users have the autonomy to decide which information they share. This ensures their privacy while still meeting the requirements of verifiers.

4. Full Ownership and Control 

Verifiable credentials empower individuals with full ownership and control over their credentials. They can securely store their credentials in a digital wallet and choose when and with whom to share them. Additionally, users can also revoke access to their credentials if needed, granting them complete control over their personal information.

6. Ease of Use

Because verifiable credentials are open standards, they are easy to implement by developers and easy to use by end users. The standardized approach allows for seamless integration into various systems and platforms. Users can combine data from multiple credentials to create a verifiable presentation tailored to the specific requirements of verifiers.

7. Interoperability and Compatibility

As previously mentioned, one can easily merge data from VCs for presentation and use in different contexts. When confirming age for a service, an individual can utilize a VC to provide proof of age. Furthermore, combining information from multiple VCs can verify age, nationality, and employment status concurrently. Combining a single VC with another credential can establish an individual’s eligibility for medical services and other purposes. The digital wallet allows you to share only the necessary data. This helps protect sensitive information and restricts access to authorized parties.

To read more about how interoperability is important in digital identity, click here.

The Role of Decentralized Identifiers (DIDs) in Verifiable Credentials 

 

 

Decentralized Identifiers (DIDs) play a crucial role in verifiable credentials. DIDs leverage digital signatures and other web 3.0 components to publicly identify and verify users or entities in a decentralized manner. Decentralized identifiers are unique global identifiers built on decentralized blockchain technology, in contrast to the centralized registries commonly used today.

DIDs serve as a means to establish and prove the identity of entities involved in verifiable credentials. Entities utilize private keys to cryptographically bind their identity to each credential they issue or hold. DIDs provide a unique technology that verifies the identity claims of any entity, whether it’s the issuer, holder, or verifier. Moreover, the verifier can utilize the public key during verification to attest to the authenticity of the verifiable credentials submitted by the holder.

Please click here to learn more about the importance of decentralized identifiers (DIDs) within the World Wide Web Consortium (W3C).

Conclusion

Verifiable credentials offer a range of benefits that enhance the trust, security, and efficiency of credential transfer and verification processes. By leveraging digital signatures, cryptography, and decentralized technologies, they address the limitations of traditional credential systems. Verifiable credentials empower individuals with greater control over their personal information while facilitating seamless and secure verification for organizations. As adoption of verifiable credentials accelerates, they are poised to fundamentally transform identity management and many other sectors.

Identity.com

In the 21st century, verifying a user’s identity and the authenticity of their credentials has become increasingly urgent and crucial. Building on the decentralized ecosystem framework, VCs and DIDs are revolutionizing existing structures and offering new solutions. It’s exciting to see Identity.com playing a role in shaping this desired future as a member of the World Wide Web Consortium (W3C), the standards body for the World Wide Web.

The work of Identity.com as a future-oriented company is helping many businesses by giving their customers a hassle-free identity verification process. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please refer to our FAQs page for more info about Identity.com and how we can help you with identity verification and general KYC processes.