Verifiable credentials are a way to package and share tamper-proof digital information so that you can always authenticate where it originally came from. What makes this technology powerful is that anyone can cryptographically verify the issuer of the credential, and that no changes to the data have occurred since the credential’s creation, enabling the information inside to be trusted and immediately acted on.
By Tim Spring
To put it simply, verifiable credentials are packages of data created in a decentralized network by issuing organizations or parties and stored locally by the data owner in a digital wallet.
Once created, the party issuing these packages can be verified by anyone with the appropriate software. As a credential is created, the issuing party digitally signs the information inside, and once it is signed, any attempt to alter the data will be visible on the network and “break” the credential, so to speak.
What can a verifiable credential represent?
The use cases are almost endless, any information tied to identification or an identity can be turned into a verifiable credential: you can represent a person, a car, a building, an organization, or a connected device, and any information that can be associated with these entities.
For example, colleges and universities can issue documents such as diplomas or transcripts to students as verifiable credentials. These can be easily shared with anyone who needs to verify that information. Verification is instant and doesn’t require going back to the university for manual proof, providing a much more efficient experience for everyone.
To learn more about this read our recent article on Open Badges 3.0.
The end of paper documents and manual processes
In today’s system, credentials are everywhere: you likely have a driver’s license, passport, maybe a badge to access your place of employment.
But paper documents have several drawbacks:
They can be stolen, copied, forged or misplaced.
Someone needs to be in the same physical location to acquire them
They need to be stored securely.
Using them can share more data than needed, or require you to copy down the information they contain manually.
Verifiable credentials enable you to hold all the same information, digitally, in a way that you have more control over and can share how you like.
From an organization standpoint they provide a way to quickly share information across different systems without a need for complex direct integrations.
Let’s walk through a quick example.
Today, the DMV can issue you a driver’s license, which contains personal information such as your date of birth, eye color, height, weight, full name, license number, and address. When attempting to purchase an age-restricted item, the vendor will often check your license to confirm your age and that you can legally purchase the item. When you hand over your ID, you hand over all of the information, not just your date of birth — and that information can easily be misused.
In the same scenario, a verifiable credential is still issued by the DMV, and it still contains all that personal data, but, crucially, the data can be separated and shared in a much more selective way. And we can even go a step further and simply share eligibility: the shop doesn’t need to know your actual birthdate, they just need to know if you’re over a certain age, which can be shared in the form of simple yes or no.
To learn more about making purchases with verifiable credentials read our article on how they will change finance and payments.
Why does decentralization matter?
This is a huge topic that deserves its own blog but a quick few points are:
As other digital identification methods start to catch on, such as mobile driver’s licenses, it’s important to remember that simply digitizing a document does not make it secure. What is critical is how that document is stored and shared.
By storing verifiable credentials locally on the end user’s mobile device you can be sure they control that data and can share it only with whomever they choose to.
If the mobile driver’s license is not decentralized, it means that the system needs to be contacted to verify a person’s identity. This provides a slower verification process, can run into issues if the database is unreachable, and represents a huge target for bad actors.
####
If you have any questions about verifiable credentials or how to implement them in your organization you can get in touch with our team.
To learn more about the technical inner workings of verifiable credentials you can check out the courses in the Indicio Academy.
