Dock is a pioneer in the decentralized identity space. Since 2017, our expert team has been building cutting-edge Verifiable Credentials and technology. We created this comprehensive guide on Verifiable Credentials to explain what they are, how they work, and why it's important for organizations and individuals.
TL;DR
1) Organizations: Issuing organizations can conveniently provide fraud-proof credentials and verifying organizations can instantly check the authenticity of credentials.
2) Individuals: Enables full ownership and control of their data while preserving privacy as well as providing improved security.
Organizations use physical credentials like employee badges, certifications, and passports to identify people and verify claims about them like being old enough to go to a nightclub or graduating with a degree. But of course, physical credentials have their drawbacks.
Did you know that:
With the increasing digitization of information, people are required to interact with thousands of businesses online. How would organizations know if a digital document is real? If organizations can’t tell if digital assets are real or fake, they are exposed to liabilities such as hiring someone who is not really qualified to do a job. Many people simply use Photoshop or change a PDF themselves to make fake certificates or licenses.
Verifiable Credentials can help individuals and organizations create and share their identities and claims reliably. A growing number of organizations are using Verifiable Credentials for a variety of use cases. According to a report by MarketsandMarkets, the global market for digital identity solutions, which includes Verifiable Credentials, is expected to grow from $13.7 billion in 2020 to $30.5 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 17.3% during the forecast period.
Verifiable Credentials are a digital and cryptographically secured version of both paper and digital credentials that prove something about yourself, like your identity or a qualification you have earned, in a secure and trustworthy way. People can present the credentials to organizations that need them for verification. Imagine digital and instantly verifiable versions of identity documents, academic achievements, licenses, and more.
Organizations can issue their degrees, IDs, licenses, and more as verifiable digital credentials that can be stored in a digital identity wallet, which is a digital version of a physical wallet that people can carry around as a mobile application on their phone, computer, or even a cloud-based server.
When digital credentials conform to the Verifiable Credentials Data Model 1.0, which is a standard established by World Wide Web Consortium (W3C), they can be referred to as Verifiable Credentials. The Verifiable Credentials Data Model 1.0 is a “specification [that] provides a standard way to express credentials on the Web in a way that is cryptographically secure, privacy-respecting, and machine-verifiable.”
W3C is an international community where member organizations, full-time staff, and enthe public work to set international standards for the World Wide Web. They created standards for URL, decentralized identifiers, and others. Verifiable Credentials are one of the three pillars of Self-Sovereign Identity (SSI), which is an approach to digital identity that gives individuals control of their digital identities. The other two pillars are blockchain and decentralized identifiers.
The main parties involved in the use of Verifiable Credentials are the:
These are just a few of many ways Verifiable Credentials are being used across a variety of industries:
Education and training: Verify qualifications, certifications, and achievements in education and training. For example, universities can issue digital diplomas that can be instantly verified by potential employers or other institutions.
Supply chain management: Track the origin, authenticity, and quality of products in the supply chain. For example, a farmer could use the Verifiable Credential to prove that their produce was grown using organic methods.
Finance: Securely verify identities for financial transactions such as opening an account or applying for a loan. For example, banks could use Verifiable Credentials to confirm the identity of customers without requiring them to physically visit a branch.
Healthcare: Securely store and share medical records between healthcare providers and patients. For example, patients could have access to their own medical records through Verifiable Credentials that they control.
Human Resources: Verify employment history and qualifications during the hiring process. For example, job applicants could provide verified information about their previous employment or educational achievement using Verifiable Credentials.
Organizations
Individuals
Developers
Verifiable Credentials can have advanced privacy features to allow users to:
Benefits of Selective Disclosure
Selective Disclosure allows individuals to share only the information that is necessary for a particular use case, without revealing their entire credential. Selective Disclosure enables people to:
In another example, if an on-demand food delivery company is looking for drivers with a commercial driving license, the applicant can simply share only the relevant details on the credential such as the license number and expiry date without revealing all of the other details on this license such as date of birth, license number, height, and so on.
Benefits of Anonymous Credentials Enabled by Zero-Knowledge Proof Technology
Anonymous credentials are a way to prove that you have a certain characteristic or attribute, such as being over 18 years old or having a specific job title, without revealing the details. This is achieved through the use of Zero-Knowledge Proof (ZKP) technology.
For instance, for user authentication in online banking and health care where privacy and security are extremely important, anonymous credentials can be used to enable people to prove their identity without revealing any personal information. Or in an online voting process where voter anonymity is needed, people can prove that their vote was counted without showing the identity.
The main reason why Verifiable Credentials are becoming increasingly popular among people and businesses around the world is that it checks a lot of boxes when it comes to user privacy requirements and addresses several major issues associated with the current identity management system.
Verifiable Credentials enable people to verify their identity, only provide information that is relevant to the context, and prove their documents weren’t modified.
With a digital credential that could be in a PDF or XML document, for example, verifying the origin and authenticity of documents is complex. You’d have to confirm that:
In many cases, this involves manually contacting the issuing organization, which is a long, tedious, and often expensive process.
Here are just a few of many examples of how fraudulent IDs and credentials pose a risk to organizations:
Construction
New construction employees need to present credentials to an employer, especially if they will operate heavy machinery. If an employee presents fake credentials to a company, this is dangerous because this could result in a serious accident and the company could be liable for hiring someone without the right qualifications to operate the machinery and do the work safely.
Healthcare
The verification processes for providers in the healthcare industry have many inefficiencies with manual verification and gatekeepers. Traditional verification can take weeks to months which causes major delays in filling in much-needed healthcare roles and delays for people to begin working.
Supply chain
There can be severe safety issues and monetary damages that could happen from an improperly managed supply chain such as a manufacturer failing to ensure the safety of working conditions at their facilities, potentially resulting in severe injuries suffered by workers. Forged documents are also used to show the origin of goods, which can be dangerous for consumers if the products don’t meet safety standards.
The issuer (e.g. nursing program) creates the verifiable credential and digitally signs it with a cryptographic key that only the issuer can use. When the verifier (e.g. hospital) receives a credential, they will verify its authenticity instantly through a blockchain, an immutable and decentralized database.
One important thing to note is that the blockchain doesn’t actually store people’s Verifiable Credentials. It only stores information that the verifier would need to validate the authenticity of the credential like the issuer's public cryptographic key that matches the one that signed the credential.
Using this information, the verifier will determine:
This system is trustless. The verifier no longer has to contact the issuer to confirm the validity of the credential. And the best part is that everything happens in a matter of seconds!
Verifiable Credentials, blockchain, and decentralized identifiers work together to create Verifiable Credential system. First we'll explain each of these terms.
A blockchain is a distributed digital ledger that records transactions in a tamper-proof way. It uses cryptography to ensure that each transaction is secure and cannot be altered. Blockchains provide an innovative solution for creating trust in digital transactions while maintaining privacy and security.
Key Benefits of a Blockchain
1. Decentralized distributed database to create trust: A distributed ledger is a digital database that runs on a distributed network in diverse locations rather than having one record of data in a centralized location that a person or body can control or manipulate. Each node (computer) gets a full copy of the blockchain and the information can be used to verify that everything is in order and make sure it hasn’t been tampered with. If everything looks good, each node adds this to its own blockchain. Everyone in the network creates consensus where they agree which blocks are valid and which aren’t.
2. Tamper-resistant: Each block on a chain contains transaction data and the blocks can’t be tampered with or backdated. Tampered blocks will be rejected by nodes in the network. Unlike traditional forms of record-keeping that are easy to change and manipulate information without anyone knowing.
What Goes on the Dock Blockchain
It’s important to understand that to maximize data privacy and security, it’s good practice that Verifiable Credentials are never stored on the blockchain. Verifiable Credentials stored on the blockchain can be risky when it comes to privacy and security.
Because the blockchain is an unencrypted public ledger, so anyone can see the information stored on it. This means that personal and sensitive information, such as your name, address, and date of birth, could be exposed to the public. Therefore, it's important to consider the potential risks and take appropriate measures to protect your personal information when using blockchain technology.
With Dock, it is recommended that only DIDs are written to the blockchain in order to maximize privacy while enabling parties to issue, share, and verify credentials, which are by default stored on user devices.
By default, nothing gets stored on the blockchain except for an issuer's and holder's public keys associated with their DID. The Verifiable Credentials that contain personal details are securely stored on a decentralized digital wallet app rather than the blockchain. They don’t need to be stored on the blockchain in order to be verified as long as the keys are available.
For example, imagine you want to prove your age to buy alcohol at a store. You could use a government-issued identity document represented as a Verifiable Credential associated with your DID. When the cashier scans a QR code to verify the ID, the back end technology verifies the signature on your credential against the public key associated with your DID. If the signature matches, then they know that the credential is authentic and that you are of legal age to purchase alcohol.
A Decentralized Identifier (DID) is a unique digital address that represents an individual's identity on the internet. It allows people to control their own personal information without relying on centralized authorities or third-party providers, providing a more secure and private way of managing digital identities.
Here is an example of a Dock DID:
Key features of DIDs
We often use physical cards to provide proof of our identity and claims about us to show to other people or organizations. But in the digital world, there were no universally accepted standards for expressing, exchanging, and verifying digital credentials.
We currently use centralized identifiers emails and phone numbers as identifiers to access websites, services, and apps. But our access to these identifiers can be removed anytime by service providers, the data is controlled by providers, and user data is vulnerable to hacks. Decentralized identifiers change all of this.
Verifiable Credentials and decentralized identifiers (DIDs) work together to give you more control over your personal data when proving your identity. They provide a secure way to manage digital identities without relying on centralized authorities, making it easier for individuals to prove their identity and claims while also protecting their privacy.
Create as many DIDs as you want for your digital identity
A party can be an individual or organization and they can make as many DIDs as they want for different relationships and purposes such as:
Example of how DIDs are used to verify credentials
In the above example, Shelly has full ownership and control of how her data is shared and used. And her information can’t be tracked or stored.
Each DID comes with a private and public key. Keys come in private/public pairs and a DID can have multiple pairs.
Private key
Public key
To explain how public and private keys work, let’s use the example of comparing a private key to a master key of a car. The car’s owner (holder) has the master key that gives her full access to all parts of the car, including the trunk and glove compartment. She can provide restricted access to other people she chooses. The owner should never give her master key to anyone else.
Now the owner wants to make another key that gives restricted access to a valet or auto body shop to start the car. This key is like the public key. The valet and car shop worker wouldn’t be able to access the glove compartment and the trunk.
To use another example, an employer would use their private key to sign and issue a verifiable credential to confirm an employee's job title. The employer’s public key would be shared on the blockchain so that the verifier, such as a government department that needs to authenticate someone’s work status, can confirm the authenticity of the data with that public key. Basically, the government body can check the DID on the blockchain to see who issued the credential without having to contact the issuing party.
With Dock, issuers have the option of proving the existence of Verifiable Credentials or files to a verifier by connecting the data to a blockchain with the use of anchoring. Again, this does not mean storing Verifiable Credentials on the blockchain, just showing a proof of existence that includes a timestamp of when the document was created.
What is anchoring in blockchain?
An anchor is a digital fingerprint of external data that is included in a blockchain transaction to prove that the external data is authentic. The anchor makes up the credential’s proof of existence in their original form.
Anchoring works by converting data to cryptographic hashes (a long string of numbers and letters that is not readable by any human) that are written to the blockchain.
Hashes:
Let’s say there is an online course that wants to issue credentials to students who have completed the program. The issuer can use Dock’s anchoring feature to hash the credentials that they have issued. Anchors are created when the hashes are posted to Dock’s blockchain and the record can’t be changed.
Anchoring can be applied to any documents and verifiable credential data for a variety of situations.
Organizations can use Dock Certs and the Dock Wallet to verify users’ digital credentials instantly with the phone or computer. This feature is powered by blockchain technology and because credential verification is quick and fraud-proof, verifiers can be assured that the information being presented is accurate. Users can verify documents on the web and from wallet-to-wallet (online or in person).
Click here for the complete guide on how to verify credentials with Dock Certs and Dock Wallet.
Here is an example of how an issuer, holder, and verifier use DIDs and Verifiable Credentials.
1. Anita creates a DID using her Dock Wallet called "Successo Institute Credentials" and the DID will be on the Dock blockchain.
2. Successo Institute issues her student status as a Verifiable Credential and sends her a PDF and JSON file of the credential. She imports it in her Dock wallet by scanning the QR code on the PDF.
3. Anita imports this credential on her Dock wallet phone app, allowing her to bring her Verifiable Credentials anywhere.
4. Partnering businesses on and off-campus give 20% discounts on products and services to university students and they trust Successo Institute as an issuer. To confirm student statuses, Bubble Pearl creates a verification template in Dock Certs and imports verification template into the Dock Wallet by simply scanning a QR code.
5. Anita goes to Bubble Pearl restaurant and they need to confirm that she is a student of Successo Institute in order to apply for the discount. The cashier initiates the verification process by asking Anita to scan the QR code.
6. Anita selects Accept to give permission to Bubble Pearl to view her credential.
7. Anita selects her student status Verifiable Credential.
8. Anita only wants to share her student number but not her name and email to Bubble Pearl restaurant and selects Continue.
9. She chooses the identity to present, which is the Successo University Credentials DID.
10. Bubble Pearl Restaurant's cashier sees that the credential is valid in his Dock Wallet.
11. Anita sees that the verification is successful in her wallet.
12. The cashier applies the 20% discount to her purchase.
In another example, if someone wants to buy alcohol, a cashier can scan the QR code on a customer’s verified credential to confirm that they are of legal age. In this process, the customer can use a Zero-Knowledge Proof to prove they are above a certain age, without sharing any other information like their entire birth date or name.
Dock’s Verifiable Credentials follow the Verifiable Credentials Data Model 1.0 standards established by the World Wide Web Consortium (W3C), an international organization that sets standards for the World Wide Web. It was created by the inventor of the Web, Tim Berners-Lee, to ensure that the Web remains an open and interoperable system that can be used by anyone, regardless of the technology they use or the language they speak.
W3C develops and maintains technical standards for web technologies. Some of the common web standards the organization created include HTML (the standard markup language used to create web pages) and CSS (a language used to describe the presentation of web pages).
By establishing these standards, the W3C helps to ensure that different web browsers and devices can display web pages in the same way. They also ensure that web developers can create websites that work well across different platforms and build them faster and cheaper.
Without these standards, different web browsers and devices might display web pages differently, making it difficult for people to use the Web. For example, if one browser interpreted colors and font-sizes differently from another, websites would look different on each browser. Some of them may be unreadable which would make the web frustrating and difficult to use.
Also, web developers would have to write different code for each browser, which would be a tedious and time-consuming task. They would also need to test their website on a variety of browsers and devices, which can be very costly in terms of time and money.
Interoperability means that different systems, applications, and programs can work together without any difficulties.
Here are examples of interoperable systems:
People are able to phone each other regardless of the brand of phone they have. Cell phones from different manufacturers such as Apple and Samsung can call each other because they are built to work with the same cellular network standards.
Most electronic devices such as smartphones, laptops, or cameras have a USB port and can be connected to another device that also has a USB port to share data and power. Even though the devices may have different operating systems or features, they are still able to communicate with each other through the standardized USB connector.
Interoperability is important for Verifiable Credentials because it allows different systems and organizations to easily share and verify digital credentials in a secure, efficient, and standardized way.
Interoperability can be compared to a passport where all countries agree on the passport standard. So when someone gets to a country, verifiers know what information to expect and how to read it. Similarly, if different systems and organizations use different formats for digital credentials, it can be difficult to share and verify them. But if they all use the same format for digital credentials, it is much easier and more efficient to share and verify them.
Dock is working with organizations to provide technological solutions to issue Verifiable Credentials and create decentralized identifiers.
BurstIQ, USA: Health Data Platform
BurstIQ uses Dock to make health data verifiable, secure, and portable. The company’s LifeGraph platform simplifies the experience of managing extensive, confidential human health data. It gives businesses the ability to comply with people’s data rights.
“We’ve looked at a lot of the systems that allow you to issue DIDs and VCs and generally what we’ve found is that Dock is far easier to use than many of the existing tools out there. It can deploy very quickly and it will be very easy for our developers to use the tool.”-Amber Hartley, Chief Strategy Officer, BurstIQ
Verifiable Credentials enable companies and people within and outside of BurstIQ’s ecosystem to exchange information such as health information, identity, and professional accomplishments. By integrating Dock’s Verifiable Credential technology, LifeGraph customers can efficiently turn any health data into a Verifiable Credential that is secure, verifiable, and transportable.
SEVENmile, Australia: Education
SEVENmile is an experiential learning program in Australia that uses Dock’s Verifiable Credentials web app, Dock Certs, to issue hundreds of digital graduation certificates, enabling students to prove their skills throughout their lives and ensure immediate trust with employers.
SEVENmile’s entrepreneurial training program connects high school students with business owners to help them gain a deeper understanding of real-life business issues.
“We believe that the move to ownership of our personal data is a vital platform that will help transform how the internet functions and how our data will be protected. We’re applying this philosophy by working with Dock Labs to secure the credentials of students we train,” said Greg Twemlow, SEVENmile’s CEO.
Gravity Training, South Africa: Health and Safety Training
Gravity Training connected with us so they could issue Verifiable Credentials in a convenient and cost-effective way to people who complete their training program in field positions. Authentic credentials are essential to keep workers and employers safe. Their courses include rigging, fall arrest, and radio frequency awareness training.
Fake credentials are a growing problem in South Africa. Many people are photoshopping credentials and showing them to employers. Gravity issues thousands of certificates a year for trainees and is manually uploading certifications on their database, which takes a lot of time and resources. They want to use Verifiable Credentials to be compliant, to manage verifications across various locations, and to enhance their record-keeping for auditability.
With Dock’s technology, Gravity is able to:
A Verifiable Credentials wallet, such as the Dock Wallet, is a digital wallet that stores Verifiable Credentials. These digital wallets are designed to be very private and highly secure using advanced cryptography to protect the data stored within them. Verifiable Credentials are stored on the user’s devices rather than centralized storage locations.
Key Features of Dock’s Verifiable Credential Wallet:
Organizations that want to integrate Verifiable Credentials in their systems can refer to these links for more details:
Anchoring
Blockchain
Decentralized Digital ID Wallet
Decentralized Identifier (DID)
Cryptographic hash
Private key
Public key
Verifiable Credential
In an increasingly digital world, the problem with physical IDs and credentials is that they can be easily forged and take a lot of time to verify for authenticity.
Verifiable Credentials are:
In the Verifiable Credentials ecosystem, there is an issuer, holder, and verifier. The issuer and holder are required to use decentralized identifiers, or DIDs, which are globally unique identifiers that allow the owner to prove cryptographic control over them. DIDs allow for private and secure connections between two parties.
There are a growing number of use cases for Verifiable Credentials in diverse industries around the world. This has many benefits including speeding up the hiring process, reducing fraud, providing privacy, and improving safety in the supply chain.
Dock is a Verifiable Credentials company that provides Dock Certs, a user-friendly, no-code platform, and developer solutions that enable organizations to issue, manage and verify fraud-proof credentials efficiently and securely. Dock enables organizations and individuals to create and share verified data.
Dock’s Verifiable Credentials Platform makes your data fraud‑proof and allows your stakeholders to verify its authenticity in seconds - making expensive, time‑consuming, and manual verification processes disappear.