Verifiable Credentials
Last updated
Last updated
© 2023 Spruce Systems, Inc.
The data format standardization alone is insufficient to digitize our driver’s licenses–security is a critical factor. In this case, we need to consider how a verifier can trust that a driver’s license is authentic, meaning it was issued by a DMV, and that it belongs to the person presenting it. The holder also needs to be confident that as they present their personal information digitally, verifiers are not using that information to track their details or share personal information they are not authorized to share.
To start, let’s cover what verifiers and issuers need to know about provable authenticity. Credentials have evolved from wax seals and wet signatures to fully digital formats, powered by e-signatures and PDF documents.
The next phase of credentials will be powered by technology that makes them provably authentic and tamper-evident, making digital interactions more trustworthy.
Verifiable credentials are cryptographically signed ID documents, such as a driver’s license, that can be stored securely on a mobile device. They are cryptographically signed by the issuing authority and this signature can be verified by other parties. This ensures that the credentials are authentic and cannot be altered or tampered with in any way and allows individuals to prove their identity for digital interactions in a secure and verifiable way.
Verifiable credentials operate in a three-party model, including an Issuer, a Holder, and a Verifier.
Holders of verifiable credentials can generate verifiable presentations to demonstrate to Verifiers that they hold verifiable credentials with certain traits or characteristics. Meaning, a mobile driver's license holder from the State of New York would be able to generate a verifiable presentation they are a New York resident.
The data model for verifiable credentials is outlined in the W3C Recommendation, "Verifiable Credentials Data Model v1.1," which was published in 2019, with updates in 2022. W3C Verifiable Credentials are gaining support across industry players, such as Microsoft, IBM, Ping Identity, Okta, Workday, and the DHS SVIP program. They are used for employee credentialing, educational records, citizenship cards, and more.
In short, a verifiable credential for a mobile driver's license may include data elements found on the physical ID card, with the addition of a digital signature from the DMV, making it more tamper-evident and trustworthy than its physical counterpart. The ability to prove one's identity in a seamless digital interaction will make online proofs of identity much less cumbersome and more trustworthy.
This relies heavily on advancements in digital signatures, powered by cryptography, which we will explore further next.
