Verifiable credentials-the core of digital identity

According to the "2020 China Mobile App Privacy Permission Evaluation Report" released by iiMedia Consulting, 97% of apps call the camera permission by default, and 35% of apps call the read contact permission by default. The amount of data leakage in the world is only the first quarter of 2020. There are already 8.4 billion items. According to the 2020 "Data Breach Cost Report" released by IBM, the average cost of data breaches is now $3.86 million, and the impact of private data leaks on individuals and businesses is increasing. The establishment of digital rights, safe and efficient digital experience has never been so important. Their lack makes data owners lack the sense of security, sense of acquisition and motivation to produce data for society, economy and enterprises, which is not conducive to the development of the digital age. The realization of all this relies on digital identity, and the core of digital identity is to prove that I am me, who is who, and what is based on credentials ?

The digital vouchers we currently use can indeed verify our personal identity information, but most of them are realized through simple data records in the information system, which are easy to modify and forge, and often expose unnecessary information. Verifiable Credential (VC: Verifiable Credential) is one of the most anticipated directions of digital credentials because of its authenticity, reliability, controllability, and privacy protection, and it is also the core of this article.

1. Potential problems with current credentials

In the data age, credentials must face the challenges of high-frequency requests, massive amounts of data, privacy and security, and emerging new digital scenarios. Physical vouchers cannot be effectively dealt with, and its electronic products are still based on their identity foundation and ecology and cannot fundamentally solve the problem . For example, electronic bus cards, electronic invoices, electronic medical insurance cards, electronic membership cards, etc., although they are convenient in terms of convenience However, it still faces the problems of data isolation, easy loss, insecurity, and privacy leakage.

Specifically, the existing certificates mainly face the following problems.

1. The identity basis is not uniform

At present, mainstream digital identities are centralized or allianceized, but they have not yet achieved user self-controllability, and the credentials based on this cannot achieve the identity layer sharing and unity, trust under multi-party governance, which leads to repeated credential authentication in multiple scenarios .

2. Electronic cost is high, efficiency improvement is not obvious

The simple electronicization of physical vouchers can neither fundamentally solve the limitations of physical vouchers, but also face the high cost of electronicization and data inconsistencies, omissions, and errors in the input process. The certificate issuer needs to bear the electronic software and hardware costs, labor costs, and correspondingly increased comprehensive management costs. For the credential verifier, specific software and hardware integration and manpower investment are required. For the holder, it is necessary to specialize in electronic processing, and it is necessary to manage both physical and electronic vouchers. For all parties, apart from increasing additional costs, it has not effectively improved management efficiency.

3. Privacy and security cannot be guaranteed

With the improvement of data privacy security laws around the world, the importance of personal privacy security has reached an unprecedented level, and the risks and responsibilities of digital custodians have become more and more severe. Centralized electronic vouchers face problems such as easy data loss, tamperability, and misuse of user data.

2. Verifiable certificates in the evolution direction of digital certificates

Verifiable Certificate (VC)

The development of digital certificates relies on and serves the development of digital identities. As digital identities experience centralization, alliances, and the development of self-sovereign identities, the latest evolution of digital certificates is verifiable certificates (VC): through encryption algorithms and digital signatures Such technical implementations transfer the validity and portability of physical certificates to digital devices, and their declared content, signatures, and metadata can be digitally verified within a few seconds or even milliseconds.

Through the four pieces of content shown in the figure, this verification process can answer whether the voucher proves its validity and the authenticity of the subject in a standard data request format, a valid signature, and a form that has not been tampered with.

 

The following figure shows the credential-based interaction between VC participants and parties.

 

Characteristics of VC

The realization mode of VC enables it to have the following characteristics, which can not only solve the various problems of the above-mentioned certificates, but also enable it to have a wide application space in various social and economic fields:

• Security: Through distributed ledger, encryption algorithm and digital signature, the security of data can not be tampered with
• Privacy: credential-based data sharing must be authorized by the holder, and can have flexible sharing strategies based on data attributes, with full responsibility for minimum information disclosure
• Autonomy: User-centered, like physical certificates, ownership is completely managed by the user
• Authenticity: The data template, content and issuer contained in the voucher are all publicly verifiable, ensuring the authenticity of the data
• Consistency: In the case of duplicate data of the same kind, the holder shall prevail after screening and confirming, avoiding duplication of data
• Interactivity: Verifiable credentials define a standard format for cross-domain and cross-system interaction of data
• Scalability: It can be expanded according to the fine-grained combination of attributes, and can be completely separated from the physical certificate, suitable for different scenarios

 

Different from physical and electronic certificates

VC is different from the direct electronicization of physical certificates, and has essential differences in the identity layer, application layer and trust layer. It not only makes up for the limitations of physical certificates, but is also an important evolution of digital certificates.

 

Application value of VC

VC is not just a technology-driven solution, but the core value and driving force of its application to enterprises and individuals is reflected in the following three aspects:

1. Market value: The improvement of business efficiency and customer experience is  mainly reflected in greatly improving the security of enterprise data, optimizing the work process to achieve cost reduction and efficiency increase, and providing a better user experience to increase competitiveness.
2. Security value: protection of privacy and security.  Under the general trend similar to the improvement of the GDRP digital rights law, VC is a response to personal privacy appeals and a challenge to the existing Internet business model. It is also the main challenge for major Internet platforms to face the digital rights movement. Strategic choice to circumvent the challenge of data safety belts.
3. User value: Autonomous digital rights are  based on the improvement of digital rights laws and the awakening of users' awareness of digital rights. In the era of data economy, more and more people need to regain control and ownership of their lives and data.

For enterprises, VC has unique advantages in reshaping trust and data governance scenarios. Using VC instead of traditional electronic vouchers to ensure authenticity and credibility, not only protects data privacy, but also realizes digital format and interaction. The standardization has greatly reduced the coefficient of friction between trust and data governance. In addition, VC is also an effective means for enterprises to avoid data security risks.

For individuals, VCs can be obtained without any sense of repetition, and many repeated verifications can be omitted, and they can be combined flexibly, while effectively protecting personal privacy.

3. Challenges facing VC scale

VC is one of the implementation schemes of credential digitization. Whether its identity foundation is autonomous identity (SSI) or other trusted identity schemes, the key challenge of landing application comes from how to achieve the trust of all parties, and the trust of all parties depends on the governance framework .

Taking SSI as an identity-based VC scheme as an example, practice has proved that the application of VC needs to give priority to solving the problem of governance framework, because it is the bridge between the realization of SSI and VC technology and the business, law and society in real scenarios (as shown in the figure below). The governance framework is not only a technical change for the governing party (such as the management institution in the medical system, the academic certification institution in the academic system), but also a change in the governance concept.

 

Picture from ToIP protocol stack

Whether a matching governance framework can be built or integrated is the key to the success of VC, but the advantage of VC is that it does not need to change the underlying governance framework in the existing credential ecology. It can be structurally consistent with the existing framework. The above provides a more credible, privacy-protected, and more scalable way to achieve trust.

Fourth, the practical development of VC

The current VC practice is still in the early stage of exploration, and foreign practices mainly focus on partners in the Soverign ecosystem, based on SSI, such as Evernym, Truu, etc. Since the trend of domestic digital identities is based on national credible identities, the main practice is also based on credible identities, such as medical insurance electronic certificates.

From the perspective of application types, VC is mainly used in various certification and data governance scenarios in the fields of healthcare, finance and IOT. Our company is co-creating and co-creating cooperation with many overseas companies on the application of VC in the medical field.

Case 1: Automotive aftermarket

Pain points:

The volume and types of services in the automotive aftermarket have surged, requiring a large number of people, services, and equipment to complete transactions. The traditional way of information transmission is not smooth and untrue, the identification is repeated and complicated, and the identification of the equipment is even blank.

solution:

Based on autonomous identity, realize service authentication and data governance services in the automobile service market through verifiable credentials

1. Obtain personal identities, create device identities, and bind them into distributed identities on the chain;
2. In the service scenario, both the vehicle and the service provider request identification from the chain;
3. After confirming the identity, discover, request and confirm the service through the certificate;
4. After the service is over, new available data, such as maintenance records, will be formed through the VC.

Core value points:

1. Give things a credible identity
2. Automated service flow
3. Unify the data governance of people, things, and institutions

 

The application of VC in the above cases is mainly human, but the application of VC based on things or services is also a very important field in the future, such as in the field of IOT and supply chain.

Case 2, trusted traceability certificate

Pain points:

In the traditional commodity supply chain, there is bound to be a large amount of interaction and collaboration between entities in different links. Due to the opaque and non-fluid information, it is difficult for each participant in the chain to accurately understand the status of related matters and existing problems, which affects the supply chain. s efficiency.

solution:

In the product traceability solution based on blockchain, the product is uniquely identified through verifiable vouchers, and the information of the product in the production, circulation, marketing and other processes of raw materials is endorsed by verifiable vouchers and attached with a timestamp. Enter the blockchain. Consumers or regulatory authorities can check and verify the whole process information of the commodity circulation from the blockchain, so as to realize the whole process of authenticity traceability from the fine to the only credible certificate.

In addition to consumer behavior, as the data on the chain is credibly shared between different departments, problems such as multi-party participation and repeated audits are resolved. Many farmers will face a new round of planting immediately after harvest, and the verifiable vouchers can also be used as the basis for credit to obtain financial support to ensure the progress of planting and production again.

 

Five, summary

In the era of digital rights, the improvement of supervision and the enhancement of users' sense of autonomy will make the transfer of digital rights an inevitable trend. VC is not only a benign carrier of private data, but also an effective certificate of data rights due to its characteristics of authenticity, trustworthiness, controllability, and privacy protection . That is, it can solve all kinds of credential requirements in the digital age, and at the same time greatly reduce the friction coefficient and transformation cost of credential data governance.

In my opinion, verifiable credentials are a technology designed to benefit mankind, not just another way to create identity. Commercial use is only one aspect of its large-scale adoption, making the public more aware of it, and more dependent on its application in the real world. The two important issues of safety and security go beyond the limitations of different countries' political systems and people's preference system for core infrastructure. Whether it is government, enterprise, organization, or individual, they are extremely important.

With the continuous iteration, continuous combination, and continuous optimization of various technologies, we probably all agree that it is necessary to update the old system when building infrastructure or the Internet of Value.

reference

• "White Paper on Blockchain Application Services Based on Trusted Digital Identity" (Version 1.0)
• Verifiable Credentials，https://w3c.github.io
• Self-Sovereign Identity Decentralized Digital Identity and Verifiable Credentials Version 8，by Manning Publications
• Known Traveller Digital Identity，http://www3.weforum.org
• https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0289-toip-stack

---

Original link:
https://insights.thoughtworks.cn/verifiable-credential-the-core-of-digital-identity/

Text/ThoughtWorks Wang Zhihui and Liu Jiwei