What are Verifiable Credentials and how they work

Qué son las Credenciales Verificables y cómo funcionan

How can this technology solve the vulnerability problems of identity?

To understand what Verifiable Credentials are, we must understand where this solution comes from, and what problems it is trying to solve.

Today, we are all used to living with the processes that digital identity subjects us to. We have accounts on social networks and online services, logins, passwords (which we constantly manage). But today, we know that there are alternatives that allow us to simplify the process and make it more secure through protocols and the SSO (Single Sign-On) approach.

The question then is: how does simply logging in to an account prove that we are really us?

Of course, you can upload photos and PDFs to a website to process the data and prove facts and credentials you possess. In fact KYC (Know Your Customer) points to this.

But what is the main problem with this? The institutions that issue certificates, cannot control the circuit of the certificates after handing them over to another party. The verification of fidelity is left to each preceding entity in the chain. 

So what if we could have a mechanism to translate identity data, credentials, documentation, and other information into an easily transferable and verifiable digital format? What if we could also give individuals back control of their data so that they can use it whenever they want, proving that they own their identity and certificates. This is where the concept of Decentralized Identifiers (DID) comes in.

What is a decentralized identifier (DID)?

Let’s try to explain it as simply as possible. DIDs are basically a standard created by the w3c, which contains digital information about an individual, object, or institution, expressed in a specific format, which can be issued (through some organization or an individual), and then managed and stored by its owner, who can use it to prove facts and qualifications to other parties. So, we could say that a DID is nothing more than a data format that carries a practical way of proving identity. 

But how do we link DIDs to VCs?

We could say then, that you can use DIDs to obtain so-called Verifiable Credentials or VCs, which increase the credibility of your DID and offer proof of various aspects of your identity.

But it is worth noting that we can create several DIDs to access. For example: We could have one related to our leisure (gym, sports club, etc.), another for employment related documentation, another for personal credentials such as ID, Passport, Driver’s License, etc. 

So, if I can create as many DIDs as I want, how can someone certify who I am? How can they prove it and rule out that I am someone else? Well here finally appears as we said, the role of VCs.

What are verifiable credentials (VC)?

Verifiable credentials are a method of authentication that verifies specific identity aspects of the holder. The specific nature we mentioned regarding VCs is an important thing to keep in mind, as unlike traditional personal credentials or accounts, VCs, as we mentioned, do not need to store all personal or account information.

This is all stored in your digital wallet or agent. VCs only prove your specific credentials with respect to the issuing service. This way, when it comes to proving our identity, we would not have to give access to all our documentation, just the fair and necessary to prove veracity.

Cases of VC in everyday life

Let’s suppose that we want to apply for a job as an Architect in a studio. We can suppose that at the time of the selection and admission of the chosen employee, certain certificates and titles are requested to verify your competence in the field, your studies and your identity. In addition to a professional and academic history in the case of having it.

Nowadays, the way to solve this is usually through piles and folders full of papers, photocopies and titles of scarce validity. Simply because these papers can be presented or adulterated by anyone. Rarely is it verified that the diploma is real, or that the individual is the official owner/holder of the diploma.

Generally this happens because we rely on the physical form of the document in question, without taking into consideration whether it is a mere copy or something truthful.

But, taking this case as an example, what if a university could issue a diploma in digital form as a verifiable credential (VC)? In the process of obtaining this credential, the individual in question would go through a process of proving identity (perhaps, and ideally) by means of a VC issued by the relevant government.

This is where we move on to the process of using a VC. We will try to simplify it.

We should know that such VC is stored in a kind of public ledger or Blockchain (where we will get to next), and such transaction is signed with the private key of the university. So in order to verify the obtaining and ownership of our university degree, the architecture studio (in this hypothetical case), does not have to integrate the data with any university system, since all the information needed for this is public and decentralized.

Let’s review what examples of practical use we could commonly find:

  • Administration: connection to national online identification, accreditation and identity transfer systems.
  • Companies: verifying employment status to access apps or benefits.
  • Education: verifying university credentials and diplomas.
  • Healthcare: proving work credentials for e.g. accessing sensitive patient information online, ordering/retrieving orders from pharmacies, accessing medical documentation.
  • Insurance: accessing sensitive information/claims, identifying customers and policyholders, accessing and demonstrating the role of claims agents.

Verification of DIDs starts with a connection of the physical world and verification in it, and moves it into the digital realm, so that it is easy and practical to use, verify and confirm in an untrusted environment between third parties.

How exactly can these credentials be verified? Where is this information “deposited”, and how is it that we can all have access to it? Is it immutable? Well, to answer all these questions, finally the term “Blockchain” mentioned above comes into the picture.

So, what is blockchain?

You probably already know this term widely, as it is everywhere in the IT sphere right now. From cryptocurrencies to NFT, everyone has gone blockchain crazy. This technology has achieved solutions of all kinds, and increasingly complex ones for companies and individuals.

To simplify it, we could define blockchain as a technology that allows to store data in a sequential and composite way. But, to understand it, we must understand its main characteristics (which are directly related to VCs and the solution it provides).

  • Transaction accuracy and less centralization: Since a blockchain transaction must be verified by several decentralized nodes, this can reduce transaction error. 
  • No need for intermediaries: Through this technology, two parties interested in a transaction can confirm and complete something without the need for a third person or entity to mediate, saving time and money (intermediary’s commission). 
  • More efficient transfers: They can complete these transactions from anywhere and at any time, due to the uninterrupted and unbounded operation of blockchains.
  • Additional security: The dynamics and structure of decentralized networks make it virtually impossible for anyone to carry out fraudulent actions or hacks. While this is not totally impossible, many cryptocurrency blockchain systems use proof-of-participation or proof-of-work transaction verification methods that make it difficult to successfully conduct fraudulent transactions.
  • Because it is publicly visible, it is difficult to modify without being noticed and modifications can be easily detected.
  • Increased security and blockchain verification: to put it simplistically, every time a new component or information is added to the Blockchain, the “block” containing that new data also presents information about all the pre-existing blocks that preceded it in hashed (i.e. cryptographically protected) format, which makes it secure. Therefore, no part of the chain can be changed without changing all the blocks that come after it.

Let’s see then how DIDs work

A Decentralized Identifier is a collection of Verifiable Credentials or VCs, that certify certain information about an individual, etc. It can be any type of certificate (diplomas, documents, educational degrees, licenses, permits, etc.).

Verifiable Credentials are composed of 3 essential elements:

  • Assertions: What the Verifiable Credential is supposed to prove about the individual. 
  • Metadata: Basic information about the credentials (verification public key, issuance and expiration date, etc.).
  • Cryptographic Proofs or Evidences: We can compare them with the concept of “signatures”, which verify the authenticity and authorship of the credential.

As we explained before, the first Verifiable Credential must be originated in the physical universe, in order to confirm the identity of the individual in person and to obtain the endorsement of the regulatory body of such credential. Of course, there are possibilities to obtain it through a digital procedure as long as an identity verification platform or infrastructure is offered.

Following the process. Already having this Verifiable Credential linked to the corresponding DID and deposited in the personal wallet of the individual or of the official entity, it can be used to obtain new credentials that require the certified data in that original VC.

In summary:

Blockchain represents the decentralized and trusted ledger where the proof of VC issuance transactions can be stored.

But we must be careful, as in reality, the blockchain does not contain the credentials. Each credential is private and its owner controls it.

The transaction data can only contain information from your existing credentials (e.g., those issued in the physical world or with proper identity verification), information about the issuer, and some information connecting the transaction to the issued credential.

This is why when the receiving party requires it, it can verify that the VCs were officially issued, when and by whom (the issuer), based on the data stored in the blockchain.

If you want to know more about Self-Sovereign Identity, read this article about Self Sovereign Identity.

Tags: , , , , , , , , , ,

What to read next