With Verifiable Credentials you can take an existing business relationship or process to the next level with fast-tracked trust.
By Tim Spring
A Verifiable Credential is a building block of decentralized identity. Think of it as a digital container that seals the information it contains. Attempt to tamper with the information, the seal breaks. Each container is bound to its point of origin, so you always know who issued the information inside. If you trust the issuer, you can trust the information.
These qualities make Verifiable Credentials very powerful for sharing information, particularly digital identity information. Simple tech, big benefits
Think about it: a digital identity in a Verifiable Credential is immutable and traceable back to its issuer. This means:
Fraud reduction: The credentials can’t be faked or shared. I can’t borrow your identity or access it by stealing your phone. A Verifiable Credential can be bound to a combination of biometrics and code through device access, digital wallet access and liveness checks. There is also another layer of cryptographic binding between credentials.
There are no passwords to be guessed or hacked and no security questions to guess, no need for multifactor authentication. Even if a credential were to be “phished” or shared with a bad actor, they would not be able to present it as if it were issued to them.
Faster data sharing while reducing integration costs: Any data (within certain size limitations) can be stored this way and shared with anyone with the verifying software. Verifying software is simple to use on a mobile device. There are no database integrations necessary, removing the time, costs, and maintenance typically associated with data sharing.
Your organization can benefit today
The most important thing to get started is simply to decide who needs to know what. This translates into who is allowed to issue credentials, who will hold the credentials, and who will need to verify the credentials.
A few examples:
Employee access
A company can issue its employees verifiable employment credentials, which the employees can hold and use to provide secure identity information for fast access to buildings and documents they need to work. This provides organization wide Single Sign-On (SSO) and identity management on both an individual and per role basis.
Trade associations
Trade associations can issue Verifiable Credentials to their members for proof of membership, certifications, and other benefit qualifications. Members can provide this information by scanning a QR code, avoiding the need to manage paper documents or searching a database.
Biometric authentication
If you are using biometric authentication, you already have a database full of people’s biometrics.
With Verifiable Credentials, you no longer have the security risk of storing this information in order to verify it. By issuing a biometric in a Verifiable Credential, a person can bring a proof of their own biometrics for authentication and access. All the software has to do is compare the tamper-proof biometric in the credential against the liveness scan. If they match, the person gains access. In addition to radically simplifying security, this solves the problem of deepfakes and other biometric identity fraud for remote access.
None of these examples need anybody’s permission to start using Verifiable Credentials and gaining immediate benefits. Verifiable Credentials are built to be privacy-by-design and enable compliance with current data protection regulations.
You don’t need to wait for government or digital identity projects to use this technology.
For example:
You don’t need to wait for the European Union or any other digital identity project to finish deliberations to use this technology. These projects are great — the EU has signalled that decentralized identity is the future and has provided specifications for its single market to start adopting it. But the multi-stakeholder nature of these ventures mean they are lagging behind market implementation.
So, what do these large government efforts and global identity programs provide? A trusted foundation for new relationships.
Frameworks and standards provided by these large efforts simplify the process of identifying new ecosystem partners and participants, which can be a major source of fraud.
At Indicio, we’re building multi-credential, multi-protocol, and interoperable solutions that allow you to build at the cutting edge of technology while being able to seamlessly work with less advanced, or slower-to-deploy decentralized identity implementations.
Continuous backward compatibility is the perfect way to maximize competitive advantage.
If you’d like to learn more about how to get started with Verifiable Credentials and decentralized identity our team at Indicio would be happy to help. You can reach out to our team of experts to set up a call here, or you can read more about what you need to get started here.
