Verifiable credentials - The next big wave in customer onboarding

Don't just accept, verify !

Ever thought about what it takes to onboard customers onto an online service? In the simplest case the service needs users to sign-up and verify their email address or phone number. In other cases where the service needs to verify the true identity of a user, this process gets elaborate where you need supporting documentation such as passport or driver’s license. Typically photos of these documents are uploaded, which in the backend need to be manually verified for authenticity. Apart from being friction-laden and time-consuming, this process is largely susceptible to fraud.

Now imagine a slightly complex scenario where a business is onboarding users that meet a certain eligibility criteria. For example, the government running a scheme for all citizens residing in a certain state or a new drug trial recruiting individuals with specific health conditions. In such scenarios, there is no automatic method for verifying the eligibility of individuals that want to sign up. Could this process be automated in such a way that the individuals are onboarded if and only if they can prove that they meet the eligibility criteria ? This cannot be done today without manual intervention. But with verifiable credentials, this can be done in a jiffy, fully automated and tamper-proof !

Never heard of verifiable credentials, decentralized identity or self-sovereign identity before? No worries ! My previous post provides a gentle introduction.

We handle credentials in our everyday lives. Credentials refer to qualifications of an individual, which for example can be personal, educational, or occupational. These are often issued by organizations that are considered qualified to verify a person’s background, education or skill and issue a credential to that effect. For example, the Department of Motor Vehicles (DMV) can issue a license that qualifies an individual as capable of driving a light motor vehicle, a University can issue graduate degrees or the Registrar of Births and Deaths can issue birth and death certificates. Other forms of credentials might indicate a relationship such as membership of an organization, ownership of a pet or information about an owned device.

What are verifiable credentials ? Verifiable credentials are issued digitally in a standardized format and are cryptographically signed by the issuer. In the above example, The Department of Motor Vehicles can issue a new driver’s license in the form of a physical card as well as a digital copy of the license as a verifiable credential, which can be stored in the individual’s identity wallet. The verifiable credential is digitally signed by the DMV and this signature can be verified by anybody the credential is presented to. For example, if it is presented as identity proof to open a bank account, the bank can digitally verify instantly that the license was indeed issued by the DMV and that it is still valid (not expired or revoked). This makes credentials verifiable for their authenticity in a way that is practically non-forgeable. The same is not true with paper credentials.

With verifiable credentials, onboarding customers is instant, tamper-proof and completely hassle-free. Here are several other advantages of using decentralized identity and verifiable credentials.

Instant verification - A presented credential or any attribute within can be digitally checked for authenticity by verifying the cryptographic signature of the issuer on it. Verification can be built such that only relevant attributes within the credential can be presented to the verifier without exposing other attributes if they are not required as part of the interaction.

Credential revocations - Credential revocations are an essential part where issuers routinely need to void previously issued credentials. This could be revoking a driver’s license because of driving offences for example. Issuers can revoke credentials which can come into effect immediately. The identity wallet of the individual is able to provide a proof that the credential presented is not revoked by the issuer.

Zero knowledge proofs - Verifiable credentials can be presented in a unique way without revealing any additional information than what is sought, thereby protecting user privacy. Zero-knowledge proofs are the cryptographic primitives that make this possible. A good example of zero-knowledge proofs is the ability to prove you are above 18 years of age without actually sharing your date of birth with the verifier.

Data ownership - Users get a digital copy of their own data certified by the issuer as part of the interaction. This is valuable as users are in control of their data and they can further use it in digital interactions with other entities as desired. Each new credential that is acquired strengthens the users identity.

Privacy preserving interactions - Using the same email address across online services today as usernames can allow services to correlate user information compromising user privacy. With decentralized identity and verifiable credentials, a private identifier is generated for each interaction avoiding such correlation. Only interactions that need to be made public can be made so while others can be kept completely confidential.

Monetizing data - The ability to digitally store credentials, provide proofs and present credentials to verify certain attributes is invaluable to users. Other verifiers can onboard users based on eligibility criteria that can be immediately and automatically verified by the system. The example we discussed earlier where applicants to a government scheme can instantly provide proof that they reside within that zip code by presenting the their home address from the drivers license credential for example. This capability opens up revenue opportunities for businesses to quickly and dynamically recruit users for various studies, surveys, schemes and trials. This can become the foundation for building novel interaction models where businesses can acquire authentic certified data directly from users offering them monetary incentives in return.

Verifiable credentials will work in an ecosystem that can begin with existing trust relationships. As adoption increases, the network effect will kick in where the true benefits of verifiable credentials will begin to shine.

Future posts will focus on how everything we discussed so far comes together to form a workable decentralized identity framework. Subscribe to get notified !