Blockchain

Decentralized Identity: The Ultimate Guide 2022

Published
September 19, 2022
·

Since 2017, Dock 's expert team has been building cutting-edge Verifiable Credentials and decentralized identity technology. We created this complete guide on decentralized identity to explain what it is, how it works, and its many benefits to organizations, individuals, and developers.

TL;DR

  • Certificate fraud, fake credentials, slow verification processes, and data breaches are just some of the problems associated with our current centralized digital identity systems that decentralized identity technology can solve.
  • Decentralized identity is a type of identity management that has the following benefits for:

1) Organizations: Issuing organizations can provide fraud-proof credentials and verifying organizations can instantly check the authenticity of credentials.  

2) Individuals: Fully own and control their digital identity and credentials without relying on any third party to prove their claims.

3) Developers: Build user-centric apps that eliminate the need for passwords and inefficient authentication processes.

  • A decentralized identity system is made up of 3 pillars: blockchain, Verifiable Credentials (VCs), and decentralized identifiers (DIDs).
  • Decentralized identity technology can be applied to a growing number of use cases including supply chain traceability, issuing fraud-proof certifications, and managing employee IDs.

Introduction

Not-so-fun facts:

  • In 2021, almost 1 in 10 qualified nurses who were issued new licenses last year waited six months or longer before they could start working. More than a third of these 226,000 registered nurses and licensed practical nurses waited at least three months.
  • Supply chain fraud is an increasingly global business risk for organizations. The Association of Certified Fraud Examiners say that 83.5% of fraud cases it surveyed in 2016 featured asset misappropriation schemes including fraudulent billing and disbursements.
  • 71.1 million people fall victim to cyber crimes every year and individuals lose an average of US$4,476
  • 96% of baby boomers, 94% of Gen X, and 93% of Gen Z don’t trust social media platforms to protect their data

But don’t get too down because there’s hope! As decentralized identity technology gains more adoption, people and organizations will be able to share data securely.

What is a Decentralized Identity?

Decentralized identity has a holder, issuer, and verifier
In a decentralized identity system, there is an issuer, holder, and verifier.

Decentralized identity is a type of identity management that allows people to control their own digital identity without depending on a specific service provider.

A digital identity is the body of information about an individual, organization, or electronic device that exists online. Data that form a digital identity include:

  • User names and passwords
  • Search history
  • Social security number
  • Buying history

How decentralized identity benefits organizations

  • Allows organizations to verify information instantly without having to contact the issuing party, like a driver’s licensing organization or university for example, to ensure that IDs, certificates, or documents are valid. Traditional, manual verification processes take weeks to months which slows down recruitment and processing times while using a lot of financial and human resources. Imagine being able to instantly verify someone’s credentials in seconds by scanning a QR code or running it through a user-friendly credential verifier tool.
  • Enables issuing organizations to conveniently provide Verifiable Credentials to people and prevent fraud in a way that greatly reduces costs and increases efficiency.

How decentralized identity benefits individuals

  • Because the user has full control and ownership of their identity and credentials, they are able to prove their claims without depending on any party.
  • People can decide which information they want to reveal to specific parties, such as a government or employer.
  • No party can take away people’s ID once they are stored on their mobile digital identity wallets.
  • People can easily create and manage their decentralized identity with user-friendly platforms like Dock.

A verifiable proof of existence is often needed for us to exercise our right as citizens to access essential services like healthcare, banking, and education. Unfortunately, 1 billion people in the world don’t have an official proof of identity. With decentralized identity systems, all you need is an internet connection and a smart device which are becoming more accessible in emerging economies.

Issue Fraud-Proof Credentials Efficiently at Lower Costs

If an organization like a university or training program is issuing credentials, they can do so securely by making credentials fraud proof. Fake diplomas are a billion-dollar industry and it’s very easy for people to forge a certificate. This creates many risks for companies and impacts people’s safety as many people who get fake credentials work in health care or more risky field work operating heavy machinery. Even back in the 80s, there were approximately 5,000 fake doctors in the US and it is now believed that there will be many more.

By using decentralized identity technology, organizations help prevent fraud to ensure that you are hiring qualified people with authentic credentials. Let’s say a company is looking for a project manager and they have a practice of hiring efficiently to get the best candidates. Many organizations take a long time to recruit and verify the credentials of candidates resulting in them losing out on great prospects as high-quality applicants often get multiple offers.

Here is how the company leverages decentralized identity technology to hire efficiently:

  1. Mary, the job applicant, manages her decentralized identity and Verifiable Credentials on her phone with a Dock Wallet and wants to apply for the company looking for a project manager.
  2. A school issues her a project management certificate as a Verifiable Credential that she stores on her digital wallet and this credential can’t be faked.
  3. The company makes a job offer and they just need to check that her certificate is authentic.
  4. The company requests her data and she is prompted on her phone to give authorization to the company to show her certificate
  5. The company receives a QR code and simply scans it to instantly confirm that her program management certificate is authentic.
  6. They offer Mary the job.

The traditional, manual verification process would normally take weeks to even months.

What Is Self-Sovereign Identity?

Self-Sovereign Identity as 3 pillars: blockchain, decentralized identifiers, and Verifiable Credentials

The term “decentralized identity” is used interchangeably with Self-Sovereign Identity (SSI), which is an approach to digital identity that gives individuals control of their digital identities. The three pillars of Self-Sovereign Identity are:

  • Blockchain: A decentralized database that is shared among computers in the blockchain network that records information in a way that makes it very difficult to change, hack, or cheat the system.
  • Verifiable Credentials (VCs): Digital cryptographically-secure versions of both paper and digital credentials that people can present to organizations that need them for verification.
  • Decentralized Identifiers (DIDs): Cryptographically verifiable identifiers created by the user, owned by the user, and independent of any organization. DIDs contain no personally identifiable information.

A growing number of organizations in government and in the private sector around the world are leveraging decentralized identity technology, including the EU. As the world moves more and more towards Web3, which is the next evolution of the internet, an increasing number of people will take back control of their data through decentralization and blockchain.

Problems and Risks With Centralized and Federated Digital Identity Systems

Centralized Identity Management: Administrative Control by a Single Authority or Hierarchy

Almost all of our digital identities are connected through services, devices, and apps.

Our personal information like our credit card, name, and address is being stored and shared on an increasing number of websites while our data is often used by websites to track people to display targeted content and advertise. As people access more websites and apps, the more accounts they have to create and manage, which creates a bad user experience.

Centralized siloed identity

Centralized systems often make digital identities vulnerable to cyber attacks and privacy breaches, including identity theft. Because so much user data is stored in one place, hackers could access a large amount of confidential information.

Federated Identity Management
Because of the problems that resulted from the centralized digital identity model, federated identity was developed. A federated identity allows authorized users to access multiple applications and domains with a single set of credentials like when people can use their Google or Facebook to sign into websites or apps. Signing in this way is also referred to as  “single sign-on” tools.

While this method of signing in is more convenient for people because they don’t have to create a whole new account, the main downside is that if your password gets stolen, all of the other sites you used with that single sign-on account could be exposed. You would have to trust both companies that offer single sign-on to protect your privacy and security as well as all of the third-party websites that offer these options to implement them correctly. In recent years, there have been several cases of Facebook and Google misusing information, including Facebook user data to manipulate people’s moods and Google employees leveraging their positions to steal, leak, or abuse data they may have access to.

More aspects of our lives require verification of our identities in order to apply for a mortgage, buy a car, or sign up for a new service. People have little to no choice but to surrender their privacy to use the things they want.

Thankfully, decentralized identity solutions can effectively solve many of these privacy and data breach problems. Decentralized identity gives people full ownership and control of their personal information and credentials.

Centralized Identity vs. Decentralized Identity Management

Centralized Identity Management Decentralized Identity Management
Increased risk of data breaches from storing data in a centralized system
Data is decentralized and stored by users in their wallets, which reduces the risk of large scale data breaches
Data may be collected, stored, and shared with other parties without your knowledge Data is only shared when you give authorization
Data is owned and controlled by organizations, apps, and services Data is fully owned and controlled by the user

Establishing Standards for Decentralized Identity

There are many organizations working to standardize and shape the field of decentralized identity. These are the key organizations:

  • Decentralized Identity Foundation (DIF): An engineering-driven organization focused on developing the foundational elements necessary to establish an open ecosystem for decentralized identity and ensure interoperability between all participants.
  • World Wide Web Consortium (W3C): The mission of the W3C Digital Identity Community Group is to identify and resolve real world identity issues, to explore and build a more secure trusted digital identity ecosystem on the internet for people, organizations, and things. Their work focuses on the ecosystem’s scalability, interoperability, mobility, security, and privacy.
  • Internet Engineering Task Force (IETF): An open international community of network designers, operators, vendors, and researchers working on the evolution of the Internet architecture and the smooth operation of the Internet.

Key Benefits of Decentralized Identity Solutions

Decentralized identity Web3 ID sign-in
You can sign in securely without a password for platforms that use Web3 ID technology.

These are the key advantages of decentralized identity for:

Organizations: Issue and verify fraud-proof credentials and documents instantly and reduce the risk of data breaches by storing less user information

Individuals: Own and control your digital identity with more privacy

Developers: Secure authentication sign-in for app users that eliminates the need for passwords and privacy-preserving user verification is used

Benefits for Organizations

Decentralized identity solutions come with many advantages for organizations including:

  • Speed up the verification process at a much lower cost
  • Prevents credential fraud
  • Improved data security with public-key cryptography to encrypt and decrypt information safely
  • Reducing the risk of being targeted for cyber attacks by storing less user data

Being able to verify credentials instantly is beneficial for a variety of use cases including speeding up the hiring process and reducing the risk of hiring someone without the appropriate credentials.

Many organizations around the world must follow regulations on how they collect, store, and use user data. If they don’t follow the regulations, they can face penalties and sanctions for breaking the rules or data breaches.

The impact of data breaches on organizations:

Benefits for Individuals

Decentralized identities enable people to:

  • Fully own and control their data
  • Prevent device and data tracking as they browse websites
  • Choose who they want to share their relevant information to
  • Prevent the spread of their data without their knowledge

A decentralized digital wallet can be used on a phone to securely store your digital identity and credentials with encryption. This approach conceals data which greatly reduces the risk of credential tracking, hacks, and gaining unauthorized access to steal or monetize people’s data. With a decentralized identity, someone has to give authorization to share information when it is requested.

Verizon’s email hacking statistics show that phishing attempts are responsible for 80% of malware infections and almost 95% of all espionage attacks. Also, Facebook has had many data breaches since it was launched. In one instance, 540 million records were exposed in a Facebook data leak, which included Facebook IDs, passwords, Facebook friends, photos, and check-ins. This data is a gold mine for hackers planning phishing scams and social engineering attacks.

With a decentralized identity, passwords don’t exist. Rather cryptographic keys are used to authenticate users when they sign in. You could sign into a website with your Decentralized Identifier data instead of a user name. Basically, you only need to share the information that’s relevant and necessary to access each service.

Benefits for Developers

Decentralized identity solutions help developers by:

  • Creating opportunities to build user-centric apps that eliminate the need for passwords and an inefficient authentication process that will enhance the user experience
  • Being able to safely request data directly from users while maintaining their privacy

Imagine shopping on sites that don’t need to build up and store personal details including credit card information. Instead, your verified payment and shipping information is securely transmitted from your decentralized identity wallet.

Or if someone wants to apply for a loan application, instead of finding all the paperwork, they can give permission to the bank to instantly receive all of the relevant information to show that they are eligible for a loan, including their salary, address, and name.

How Decentralized Identity Works

How decentralized identity works

A decentralized identity system has these main elements:

  1. Blockchain: A decentralized database that is shared among computers in the blockchain network that records information in a way that makes it very difficult to change, hack, or cheat the system.
  2. Decentralized Identity Wallet: An app that allows users to create their decentralized identifiers and manage their Verifiable Credentials.
  3. Decentralized Identifier (DID): A unique identifier on the blockchain made up of a string of letters and numbers that contains details like the public key and verification information.
  4. Verifiable Credential (VC): A digital, cryptographically secured version of both paper and digital credentials that people can present to organizations that need them for verification. These are the main parties in the VC system:
  • Holder: A user who creates their decentralized identifier with a digital wallet app and receives the Verifiable Credential.
  • Issuer: The organization that signs a Verifiable Credential with their private key and issues it to the holder.
  • Verifier: A party that checks the credentials and can read the issuer’s public DID on the blockchain to verify if the Verifiable Credential the holder shared was signed by the issuer’s DID.
How issuers, holders, and verifiers interact together
The main parties in the Verifiable Credentials system are the holders, issuers, and verifiers.

Let’s go into more detail about how each of these elements works individually and then how they all work together.

Decentralized Identity on Blockchain

Blockchain is a digitally distributed database that is shared among nodes, which are computers in the blockchain network, that makes it difficult or impossible to change, hack, or cheat the system. Blockchain’s design allows everyone in the network to know that the information contained is true and valid. Each block has unique data and the blocks combine to complete a chain. The nodes execute functions like sending and receiving information. Blockchain technology is also referred to as Distributed Ledger Technology (DLT).

Key Features of a Blockchain

  • Decentralized: Public permissionless blockchains use a peer-to-peer network that anyone can join. No one can change or manipulate the way a blockchain should act.
  • A blockchain acts as a distributed ledger: The digital database runs on a distributed network of computers around the world which makes it hard for someone or an organization to change or manipulate information. In contrast, centralized systems make it easier for someone to change or manipulate information without anyone else knowing because they are the only ones who have access to the records.

But with blockchain technology, every node in the network gets a full copy of the blockchain and the information can be used to verify that it hasn’t been tampered with. When the data is verified, every node adds this information to its own blockchain. Everyone in the network creates consensus where they agree which blocks are valid and which aren’t. Tampered blocks will be rejected by nodes in the network.

  • Immutable: Each block on a chain contains information from the previous block and the blocks can’t be tampered with or backdated. There is a hash on each block that acts like a digital fingerprint. If the hash changes, the network will know it has been tampered with.
  • Robust security: The blockchain enables digital signatures and cryptographic hash functions to protect people’s identities from breaches and thefts.

It’s important to note that anyone can join public permissionless blockchains. Permissioned blockchains don't allow anyone to join without authorization because some use cases require that only specific people should access the network. With a permissioned blockchain, a user would need permission from the network owner to become part of the network to access, read, and/or write information on the blockchain.

Here is how each party uses the blockchain in a decentralized identity system:

  • Holder: Owner of the Verifiable Credential (e.g. driver’s license) has their public DID on the blockchain.
  • Issuer: The issuer’s public DID and associated public key is on the blockchain. When an issuer, like a licensing organization, provides a credential to a holder like a driver’s license, the issuer signs the credential with their private key.
  • Verifier: A verifier like an on-demand driving company can check the blockchain to ensure that the licensing department that they trust did in fact issue the license and who it was issued to.

The blockchain allows everyone in the network to have the same source of truth about which credentials are valid and who authenticated the validity of the data inside the credentials. The blockchain establishes a basis of trust by maintaining a verifiable registry (or records) of:

  • All DIDs
  • Proof of credentials issued (if the credential is anchored to demonstrate proof of existence and authenticity)
  • Public cryptographic keys
  • Revocation registries

The identity information is not stored on the blockchain but rather on the holder’s digital wallet. The credentials issued using the Dock blockchain are stored off-chain, usually in someone’s decentralized digital wallet app.

What Are Decentralized Identifiers (DIDs)?

Dock's Solutions Architect Mike Parkhill explains how decentralized identifiers (DIDs) work and their importance.

A Decentralized Identifier (DID):

  • Is a globally unique identifier made up of a string of letters and numbers that is stored on the blockchain and independent of any organization
  • Allows the owner to prove cryptographic control over them
  • Comes with one or many private key and public key pairs
  • Does not contain personal data or wallet information
  • Enables private and secure connections between two parties and can be verified anywhere at any time

Here is a decentralized identifier example that can be managed in a Dock wallet:

Example of a Dock decentralized identifier

A DID can be used to find connected DID documents that contain relevant information to enable use cases like sign-in, data encryption, and communication.

Right now, most of us use information like emails, passwords, and user names as identifiers to access websites, apps, and services. But these identifiers have often resulted in:

  • Our personal information being hacked
  • Identity theft
  • Our data being shared with other parties without our knowledge
  • Making it harder for someone to manage all of the logins
  • Being at the mercy of service providers who can revoke these identifiers at any time

But DIDs solve many of these problems. They enable a universally accepted standard for exchanging and verifying digital credentials. A party, either an individual or organization, can make as many DIDs as they want for different relationships. DIDs are like different personas that people can create.

Right now, many people use LinkedIn to show their professional experience and information. But because they don’t want employers to see their personal photos and interests, they make a separate Facebook profile. A DID is similar in that you can make different profiles for different purposes.

For example, you can have a DID for:

  • Your personal interests like signing in to shopping websites or showing you are of legal age to buy alcohol
  • Professional purposes where you can use this DID to show educational or professional credentials to an employer
  • Accessing different cryptocurrency-related apps and services that need to verify your identity for your trading and investment activities
You can have as many DIDs as you need.
You can create as many decentralized identifiers (DIDs) as you want and manage them in your digital identity wallet.

How Do You Create Decentralized Identifiers?

With a Dock Wallet and Dock Certs, you can create a DID by following these steps:

  1. Create an account on Dock Certs and login. If you’re just getting familiar with the platform, you can use Test mode.
Dock Certs platform mode

2. Click Create Verifiable Credential on the top right.

Select "Create Verifiable Credential"

3. Create the issuer profile (a university for example) and you can leave the Key Type to the default setting. Then select Create a DID.

Create an issuer profile

4. Choose among the basic template options, select the DID, click Continue on the top right.

Select a template and issuer DID

5. You can add credential recipients manually one by one or in bulk with the Import CSV option.

You can add recipients manually or in bulk
  1. If you add someone manually, you will enter details like this example below where we are identifying someone by their employee number. Once you fill in all of the details, click Add Recipient.
Enter recipient details

7. The information will appear like this:

How recipient information will appear

8. If you want to do bulk issuance, you can also import a CSV file. Download the sample template, fill it in, and upload it.

Issue multiple credentials at the same time

9. The next option is to Persist the credential which means that Dock will securely store the credential on our database (but NOT on the blockchain).

Persist the credential to store it on Dock's database

If you persist the credential, there will be a QR code that shows up on the PDF where the recipient can simply scan the QR code with their Dock Wallet app to import the credential in their wallet.

QR code on the Verifiable Credential
Sign in with Web3 ID

10. There is an option to add a registry (record) on the blockchain allowing this credential to be revoked.

You can enable credentials to be revoked

11. You can anchor the credential which will add a hash of the credential (like a digital fingerprint) you issue on the Dock blockchain. This allows someone to verify when and who created it.

12.  Next click Issue Credentials on the top right and you will be able to download the credentials in JSON and PDF formats. A JSON file is a file that stores simple data structures and objects in JavaScript Object Notation (JSON) format, which is a standard data interchange format.

Issue decentralized identity credentials

The Basic PDF credential will look like this:

Decentralized identity PDF credential

It’s important to know that if you don’t persist or download the credential, you can’t get it back.

13. The issuer can email the PDF and JSON files to the recipient. Soon we will be releasing the Relay Service to automatically send the credential to the recipient's wallet.

14. If there is no QR code on the PDF file (because the credential wasn’t persisted), then the recipient has to download and import the JSON file. To do this select Credentials, click on the + sign on the top right corner, and select the JSON file.

Add decentralized identity credential to the wallet

15. The credential will immediately appear in the Dock Wallet.

Decentralized identity credential will immediately appear in the wallet.

Difference Between Public Key and Private Key Cryptography With an Example

Employer's decentralized identifier
Every newly created DID comes with one or many private key and public keys.

Each DID comes with one or many private and public keys:

  • Private key: Made up of a long string of letters and numbers that allows people to prove ownership, give consent to share selected data, and sign documents. It is used to both encrypt and decrypt the data. As an analogy, a private key is like a master key that can access all of your information and the owner should never share their private key with anyone.
  • Public key: Made up of a long string of letters and numbers that can safely be shared with anyone you choose to give specific information to.

You can have multiple private-public key pairs, and it’s good practice to generate new public keys when sharing information with a different party. This can be compared to using the same password for 10 different websites. It’s not safe to do this for security reasons. It’s better to have different and long complex passwords for all sites. Similarly, it’s better to generate a new public key for each party you share information with.

Example of how private and public keys would be used

Let’s say there’s a health and safety training organization that provides certification for construction safety and this course is a requirement for workers to get a job with a construction company. Here is how decentralized identity helps prevent fraud and enables organizations to save a lot of time and resources issuing and verifying credentials:

  1. Carl finishes the program and the training organization requests to connect with his digital identity wallet
  2. When Carl authorizes the training organization to connect, the wallet shares his public DID in order for them to issue the credential.
  3. The training organization signs the digital certificate of completion with their private key and issues the credential. Their public key is stored on the blockchain. The organization can easily and efficiently issue many credentials at the same time with a decentralized identity platform like Dock.
  4. Carl would hold his credential on a digital wallet on his phone that he can bring everywhere.
  5. Carl gives the construction company authorization to see his credentials without showing any unnecessary information about himself like his address and date of birth.
  6. The company instantly verifies the authenticity of his credentials by scanning a QR code and not having to contact the issuer at all because the training organization’s public key is on the blockchain.

Traditional certification verification processes would normally take a few weeks before he can start working because the construction company would have to manually contact the issuer. The previous verification process would be time-consuming and expensive.

Layers in the Decentralized Identity Ecosystem

Layers in the decentralized identity ecosystem

Verifiable Credentials

Verifiable Credentials are a digital, cryptographically secured version of both paper and digital credentials that people can present to organizations that need them for verification. A few of many examples of information that can be issued as Verifiable Credentials:

  • Driver’s licenses
  • Passports
  • Professional certifications
  • Employee status

When digital credentials conform to the Verifiable Credentials Data Model 1.0, which is a standard established by World Wide Web Consortium (W3C), they can be referred to as Verifiable Credentials.

Verifiable Credentials in Dock's wallet.
An example of a university degree issued as a Verifiable Credential that is stored on a Dock wallet.

Examples of Decentralized Identity Verification

Maintaining privacy is a major benefit of Verifiable Credentials. Let’s say there’s an on-demand food delivery company that requires applicants to have a valid driver’s license. The company can instantly check the Verifiable Credential to confirm that an applicant has a valid driver’s license. A verifiable presentation would allow an applicant, the holder, to show their license number without sharing unnecessary information like their full name or address.

In another example, a club’s staff member can scan the QR code of the holder’s Verifiable Credential to ensure they are at least 18 years old. The public DID of the government’s licensing department is on the blockchain which allows the club to verify the authenticity of the Verifiable Credential because the club trusts the department that issued the credential. The Verifiable Credentials create trust between the parties and guarantee the authenticity of the data and claims without actually storing data on the blockchain.  

In another situation, Sofia just moved to Canada without a physical copy of her university degree and she needs to prove her field of study to receive a job offer. Her university then issues her a Verifiable Credential, which is the degree, that is associated with her DID and she can store this in her digital wallet. Sofia then presents the credential to the employer who can instantly verify its authenticity.

4. Decentralized Digital Identity Web3 Wallet

Decentralized identity Web3 wallet

A decentralized digital identity wallet enables people to securely store, manage, and share DIDs and Verifiable Credentials. It’s comparable to a physical wallet that holds various IDs and claims about yourself like service cards, bank cards, and licenses. The Web3 wallet will store verified credential details like citizenship, employment, name, and address to prove eligibility, identity, or complete a transaction.

A mobile identity wallet stores information on the phone rather than a browser’s storage or cloud. The digital wallet allows people to access apps and services without revealing personal information. DIDs also prevent your devices from being tracked and correlated (data may be traced back to someone's identity or online behavior). Verifiers can connect to the user’s Web3 wallet and request data while the user always chooses when to give permission to share data.

Let’s say Anna wants to sign up for a cryptocurrency trading platform that requires a legal ID to access the site.

  1. The trading platform uses Dock’s Web3 ID which allows users to sign into the platform in a way that preserves their privacy
Sign-in with Web3 ID

2. Anna uses her decentralized identity wallet, Dock’s wallet, to sign in and the platform requests a credential

Exchange requests a Verifiable Credential

3. Anna scans a QR code and authorizes the website to instantly verify her credential

4. Once she is verified, Anna can simply sign in with Web3 ID rather than having to create a new account and save another user name and password

Sign in with Web3 ID

A decentralized identity wallet allows you to have full control over who can access your data without providing any more details than necessary.

Decentralized Identity Use Cases

Here are just a few of many examples of how decentralized identity technology can solve many problems that result from traditional verification processes and centralized identity management systems in a variety of industries.

Industry Traditional Process Problems/Risks Verifiable Credentials Solution
Supply chain
Relies on physical IDs and documents to demonstrate compliance, which creates inefficiencies. Documents can be easily forged and difficult to authenticate.

Manual verification process is slow and prone to errors.

An importer can bring unapproved, non-compliant medical supplies into a market putting public health at risk.
Verifiable Credentials can’t be forged and they can be verified within seconds without contacting the issuing party, saving a tremendous amount of time and money.
Finance To access financial services, someone has to go through compliance screening by submitting personal details in physical form that is stored in a large database and shared with one or more third parties that conduct know your customer (KYC) and credit checks. Individuals have no control over how their data is secured, shared, and accessed by third parties. The data provided in the credentials is cryptographically secured, tamper-proof, and can be verified.
Healthcare Employers use manual processes to verify paper-based licenses and certificates for healthcare providers. Traditional verification takes weeks if not months, which creates delays in filling much-needed health care roles. Organizations that provide and regulate medical licenses for the healthcare workforce can issue licenses in the form of digital credentials. The recipients of these licenses can then easily share them for instant verification by any hospital, clinic, or medical department where they would like to work.

Summary of Key Terms

Blockchain: A decentralized database that is shared among computers in the blockchain network that records information in a way that makes it very difficult to change, hack, or cheat the system.

Centralized identity management: Administrative control by a single authority or Hierarchy.

Decentralized digital identity wallet: Enables people to securely store, manage, and share DIDs and Verifiable Credentials.

Decentralized Identifiers (DIDs): Cryptographically verifiable identifiers created by the user, owned by the user, and independent of any organization. DIDs contain no personally identifiable information.

Decentralized identity: A type of identity management that allows people to control their own digital identity without depending on a specific service provider.

Digital identity: The body of information about an individual, organization, or electronic device that exists online, including search history and user names.

Federated identity management: ​​Allows authorized users to access multiple applications and domains with a single set of credentials like when people can use their Google or Facebook to sign into websites or apps.

Holder: A user who creates their decentralized identifier with a digital wallet app and receives the Verifiable Credential.

Issuer: The organization that signs a Verifiable Credential with their private key and issues it to the holder.

Private key: Made up of a long string of letters and numbers that allows people to prove ownership, give consent to share selected data, and sign documents. It is used to both encrypt and decrypt the data. As an analogy, a private key is like a master key that can access all of your information and the owner should never share their private key with anyone.

Public key: Made up of a long string of letters and numbers that can safely be shared with anyone you choose to give specific information to.

Self-Sovereign Identity (SSI): A model that gives individuals full ownership and control of their digital identities without relying on a third party. This term is often used interchangeably with the term “decentralized identity.”

Verifiable Credentials (VCs): Digital cryptographically-secure versions of both paper and digital credentials that people can present to organizations that need them for verification.

Verifier: A party that checks the credentials and can read the issuer’s public DID on the blockchain to verify if the Verifiable Credential the holder shared was signed by the issuer’s DID.

Conclusion

Decentralized identity is a type of identity management that allows people to own, and control their own digital identity without depending on a specific service provider. Decentralized identity technology is solving many of the problems resulting from centralized and federated identity management systems, including widespread certificate fraud, slow and expensive verification processes, and risks of data breaches.

Decentralized Technology Benefits

Industry Traditional Process Problems/Risks Verifiable Credentials Solution
Supply chain
Relies on physical IDs and documents to demonstrate compliance, which creates inefficiencies. Documents can be easily forged and difficult to authenticate.

Manual verification process is slow and prone to errors.

An importer can bring unapproved, non-compliant medical supplies into a market putting public health at risk.
Verifiable Credentials can’t be forged and they can be verified within seconds without contacting the issuing party, saving a tremendous amount of time and money.
Finance To access financial services, someone has to go through compliance screening by submitting personal details in physical form that is stored in a large database and shared with one or more third parties that conduct know your customer (KYC) and credit checks. Individuals have no control over how their data is secured, shared, and accessed by third parties. The data provided in the credentials is cryptographically secured, tamper-proof, and can be verified.
Healthcare Employers use manual processes to verify paper-based licenses and certificates for healthcare providers. Traditional verification takes weeks if not months, which creates delays in filling much-needed health care roles. Organizations that provide and regulate medical licenses for the healthcare workforce can issue licenses in the form of digital credentials. The recipients of these licenses can then easily share them for instant verification by any hospital, clinic, or medical department where they would like to work.