Imagine you are a university student eligible for a local shop's student discount offer. When you go to make a purchase, the store clerk requests your university identification (ID). You hand over your student card, which the clerk inspects to confirm its validity.
Except, the card contains more than just a date—it includes your picture, name, student ID, and (sometimes) even your date of birth and email address. Does the clerk actually need all this information? No. They simply need to verify your status as a valid university student.
So, how do we provide the store clerk with only your student status without disclosing more information than necessary, and ensure the trustworthiness of the data? This is the kind of scenario that digital trust solutions aim to address.
What is digital trust?
Digital trust is the confidence users and organizations have in digital interactions. Digital trust solutions offer a secure and privacy-preserving method for individuals and organizations to share information. By using digital trust solutions, as in the student example, only necessary information is shared, protecting personal details while verifying student status. One approach to enhancing digital trust between multiple parties is through the use of verifiable credentials.
What are verifiable credentials?
Verifiable credentials (VCs) are cryptographically secure versions of both paper and digital credentials, like student cards or driver’s licenses, that prove your identity or qualifications. They are tamper-proof and can be verified without a central authority, enhancing trust and security. VCs allow individuals and organizations to share only necessary information, protecting privacy while ensuring credibility in digital interactions.
How does it work?
To understand how VCs work, let's revisit our initial example of a university student getting a discount at a local store. Who are the parties involved in this scenario?
Issuer
- An issuer is an organization with the authority to issue VCs.
- Issuers can be governments, universities, or companies.
- In our scenario, the issuer is the University, which provides you with a digital credential confirming your student status.
Holder
- A holder is someone who owns the verifiable credential and stores it in their digital wallet (an application on their mobile device).
- In our scenario, you, the student, are the holder of the credential. You keep this credential securely on your mobile device.
Verifier
- A verifier is the person or organization validating the verifiable credential.
- In our scenario, the verifier is the retailer.
By involving these three parties, verifiable credentials enable a seamless and secure way to share and verify essential information. The University (issuer) grants you (holder) a digital credential, which you store in your digital wallet. When you present this credential to the retailer (verifier), they can quickly and securely validate it, ensuring you are indeed a student eligible for the discount without compromising your privacy.
The verifiable credentials process has two parts: issuance and verification. Issuance occurs when the Issuer provides you with a verifiable credential, and verification occurs when a Verifier needs to confirm the validity of your credentials. The issuance of a verifiable credential is a one-time event, whereas verification is an ongoing process that happens whenever you need to present your credentials to prove your status or qualifications.
Steps in issuance
- Install Digital Wallet: First, you install a digital wallet application on your mobile device if you don’t already have one.
- Credential Signing: The verifiable credential is created and signed by the University using a private cryptographic key.
- Issuance of Digital Student Card: The University issues you a digital student card as a verifiable credential. This may be sent electronically or via a student portal.
- Public Key Storage: The University stores the corresponding public key on a public blockchain so that others can validate the authenticity of the credential using this public key.
- Credential Storage: Once you receive your verifiable credentials, they are stored in your digital wallet. Typically, this involves scanning a QR code provided by the Issuer, which initiates communication with the Issuer’s backend systems to retrieve the credential.
This process ensures that your credentials are securely issued and stored, ready for verification when needed without further involvement from the Issuer.
Steps in verification
- Visit the Store: You go to the store, which supports verifiable credentials.
- Request for Proof: The store clerk asks for proof of your student status by providing you with a QR code to scan.
- Scan the QR Code: You scan this QR code with your digital wallet.
- Credential Retrieval: Your digital wallet reads the request from the QR code, finds the corresponding digital credential stored in the wallet, and prompts you to confirm if you want to share the credentials with the retailer.
- Selective Disclosure: The wallet allows you to choose which information within the credential you want to share (e.g., you may choose to share only your current University student status and nothing else).
- Information Transmission: The wallet sends the selected credential information back to the retailer’s systems.
- Credential Validation: The retailer’s system checks the blockchain to find the University’s cryptographic proof and validates that the credentials provided by your wallet were indeed issued by the University.
- Discount granted: Once verified, the retailer grants you the student discount.
This may seem like a lot of steps, but most of it is done automatically by the verifiable credentials framework and requires very little manual input while still maintaining the security and authenticity of your credentials.
How verifiable credentials are reshaping trust in major sectors
While the technology backing verifiable credentials has been around for a while, we’re starting to see more organizations utilize it for digital trust. These technologies are being rolled out across various industries, including education, healthcare, finance, and government services.
Education
Universities and colleges are issuing digital diplomas and student IDs as verifiable credentials, making it easier for graduates to prove their qualifications to potential employers.
Massachusetts Institute of Technology issues digital diplomas to their graduates that are based on the Blockcerts standard for blockchain-based credentials.
Healthcare
Digital health credentials allow patients to securely share their medical history with healthcare providers or show their vaccination status.
The Government of Aruba carried out a trial to issue COVID test and vaccination statuses using verifiable credentials using the Cardea framework.
Finance
Banks and financial institutions are using verifiable credentials to streamline customer onboarding, enhance security in transactions and to facilitate skills-based hiring.
A consortium of Korean banks rolled out a digital identity that allows clients to login into their banking accounts and to share information with other banks.
Government
Governments and public sector services are also leveraging this technology to issue digital IDs, driving licenses, and other official documents, reducing fraud and simplifying the process for citizens to access various services.
We helped integrate verifiable credentials into the BC Courts Online Booking System site through the BC Wallet application.
Adopting verifiable credentials provides a strategic advantage
As verifiable credentials continue to gain traction across various industries, they are setting new standards for digital trust, privacy, and security. By allowing only the necessary information to be shared, these technologies not only protect individual privacy but also streamline processes and enhance trust in digital interactions. Organizations and governments that embrace verifiable credentials are taking a crucial step toward a more secure and efficient digital future.