In the era of digital identities, everyone has official documents that need to be digitized and regularly consulted. However, they are far too rarely actually verified. In this context, in order to prevent fraud and guarantee the authenticity of these kinds of specific documents, also called “digital credentials”, an international standard of “verifiable credentials” has emerged. This system will make it possible to guarantee the reliability and inviolability information, and to be able to share it securely.
Are “verifiable credentials” still an arcane concept for you? BCdiploma will explain exactly how they work.
Verifiable credentials : what are they?
Verifiable credentials as a digital alternative to physical documents
The digitization of a large number of administrative and professional procedures and exchanges has created the need to guarantee the veracity of the transmitted information and supporting documents.
Verifiable credentials, or “VCs”, are a digital version of the actual physical documents. These standardized certificates come from an entity that certifies the veracity of data concerning an individual. The certificates then allow the secure, online sharing of such data. The information contained is fully verifiable and secure, because it is shared via a distributed, decentralized, trusted method : blockchain.
Thanks to this new blockchain based technology, an identity card, diploma or any other official document can now have its digital double, which is directly accessible, and is just as reliable as, in fact, even more so than the paper version.
In this context, the European Commission is working with European public administrations to develop a distributed European Blockchain Services Infrastructure (EBSI) model that will soon guarantee Europe-wide trust, security, privacy and interoperability across digital public and administrative services.
The EBSI is a set of standards and a specification regulating the type of file formats (e.g. json files), type of cryptographic key, identifiers and identity proofs, signatures, possible claims, credential presentation and verification methods, and distributed, decentralized networks that will provide all the necessary infrastructure to facilitate the verification of any specific official document. All the while respecting the total privacy of the individual citizen or data subject.
The EBSI is an example of a future-proof, privacy based blockchain model that will offer a key documentation verification process to both citizens and public institutions, in order to streamline their interactions across all countries of the European Union and beyond.
The EBSI specification will, indeed, make it possible to be born in one European Member State, study at an education institution or university in another state, and then easily allow a potential employer in a third state to verify all claims concerning the specific qualifications obtained.
What’s more, that citizen will easily be able to access the public health and education services of their new country of residence just by the mere presentation of their identity signature or cryptographic key.
What are verifiable credentials actually composed of?
Verifiable credentials are composed of three elements encoded in a simple json file :
- metadata, in a form that is encrypted using the cryptographic signatures associated with the issuer, that is the party or organization, such as a university or education institution, issuing the digital credential. This provides information about the credential, including the identifier of the entity issuing it, that of its holder, the dates of its creation and expiry, and so on. The validity of the signature is cryptographically verifiable;
- a declaration, relating to the data that the holder of the proof wishes to share, such as their identifier or identity, education diploma, qualification, or other type of formal document;
- proof, that is data relating to the identifier, or identity, of the holder of the credential that allows the verifier, such as an education or training institution, or potential employer, to verify the authenticity of the shared data.
For a certificate to be recognized as a verifiable credential, it must conform to the specific standards of the World Wide Web Consortium, or “W3C”, in its W3C Verifiable Credentials Data Model specification.
How verifiable credentials work
The different actors involved in making verifiable credentials work
The technology of verifiable credentials works in a decentralized way, involving the action of a system of trust between three different parties or users.
The issuer of the verifiable credential
First of all is the entity that issues the verifiable data concerning an individual. This entity, called the “issuer”, is authorized to produce verifiable credentials. This may be a government agency, such as the Department of the Interior (DOI), a school or university, a medical center, a banking institution or other.
The holder of the verifiable credential
The holder of the digital credential issued by the issuer is most often an individual, but it can also be an organization. The holder is the sole owner of the issued verifiable credential, and has full control over its handling, use and verification.
The individual subject of the verifiable credential is not necessarily the one who has holds it. For example, a proof concerning a document type such as the birth certificate of a child, the latter is the subject of the document, but the holder is one of the two parents, or both. Such holders are thus authorized to make claims concerning that document type and verify its authenticity on behalf of the data subject. At least until the time that child reaches the legal age to take possession of that specific document and its associated cryptographic signature.
The verifier of the verifiable credential
Any subject that requests a digital certificate from its holder is called a “verifier”. By automated means, for example, via an online verification service, this entity obtains proof that the verifiable credential has been issued by an institution with the authorization to do so, that the document or its data has not been modified, and that it has not expired.
What is the role of the blockchain in making verifiable credentials work?
The blockchain model makes it possible to securely store all the proofs of authenticity, identifiers and signatures relating to verifiable credentials. Such a decentralized database ensures their permanent, tamper-proof nature, ensuring that nothing incorporated into it can disappear or be modified over time. This technology facilitates and guarantees the exchange of the data of all its users, making it possible to establish relationships of trust between issuers, holders and verifiers of digital certificates.
Blockchain technologies are used in the context of such diverse fields as finance, supply chain logistics, and notarization, in addition to the academic sector, particularly at the cutting edge, in the use of verifiable credentials for digital diplomas.
Thanks to blockchain technology, various users can hold digital certificates that are always available to them. The supporting documents, proofs and diplomas can therefore be easily shared by the user, for example, via the web, or using a “virtual student wallet”, which is a decentralized application allowing each individual user to manage their own credentials.
What is the role of DIDs in making verifiable credentials work?
In the verifiable credentials system, as standardized by W3C, the issuer, holder and verifier are required to use Decentralized Identifiers, or “DIDs”.
A DID is a secure identifier created by or for the user that guarantees their identity when they request or share a verifiable credential. DIDs work using advanced cryptography, and are often registered in a trusted registry, for ease of use and security.
Therefore, when a user shares a verifiable credential with a verifier, they use their DID and cryptographic key to sign the presentation of their credential, known as a verifiable presentation.
The selective disclosure solution
With verifiable credential technology, users have full control over the information they share. Indeed, they can decide with whom to share, for how long, and to what extent. Selective disclosure, using the “zero knowledge proof” method, makes it possible to choose exactly which data is disclosed. For example, in the case of verifying an identity, this service allows the user to provide proof of their identification, without necessarily revealing their date or place of birth.
Want to know more ? Discover our use case of digital certificates and verifiable credentials on the blockchain with the University of Lilles.
One of the possible applications of blockchain technology is the creation of digital degrees. BCdiploma is working to provide universities and education and training institutions with the key to a new method for issuing tamper-proof and quickly accessible diplomas.
This new model of issuing a digital diploma brings significant time savings, by putting an end to the need for a university or similar institution to process and mail duplicates and other formal certificates.
The implementation of such a service, that respects the verifiable credentials specification and standards, offers the university or establishment new perspectives :
- the creation of a digital diploma in which everyone, the issuer, the holder, and the verifier, has total trust;
- the optimization of web based certificate applications;
- the storage of the various data in a protected digital space;
- the ability to present any proof requested by another institution in very little time;
- the guarantee against loss or theft of the documents.
Bring your establishment up to date by adopting this innovative, more efficient and more reliable system!