Verifiable Claims for Digital identity

Door Willeke de Rooij In Blockchain

Having an international digital identity, become the owner of your own personal data and become less reliant on third parties. These are some of the promises that Blockchain wants to deliver, but how? Verifiable Claims might be the concept that empowers Blockchain technology to do all that and more!

Digital Identity
One of the biggest tasks for the next decade is to develop an international digital identity for people, but also for machines. Having a digital identity that is verified by acknowledged trusted parties will make many processes that require you to reveal a part of your identity a lot easier and faster. It currently can take weeks before a company knows that they can trust you with their services. This Know Your Customer (KYC) process is done in order to make sure that you are a legal person with the correct requirements. This may require a lot of information. For example, they might not only need your identity and scholarly achievements but also your criminal record and credit score. Every company restarts this whole tedious process and virtually nothing is shared between companies. Due to the new Blockchain technology, we can now optimize this process through a digital identity, while also given you full control over your own personal data. Blockchain has often claimed to give you such control of your data, yet not much seems to be publicly known about how such systems work. In this blog, I will explain the concept of Verifiable Claims. These are claims a person makes about themselves, which are backed, by a trusted party. The trusted party provides a proof on the Blockchain, which is publicly available for everyone to check. Creating a set of these claims about yourself will establish your own digital and verifiable identity, which you use to instantly identify yourself to any company or device.

Creating Verifiable Claims

figuur 1@4x

Figure 1: The Actors Involved in Verifiable Claims.

Once you have created a digital identity about yourself, you use this to instantly complete a verification process. First, you need to create your digital identity by collecting Verifiable Claims about yourself. This is a one-time process that needs to be performed with every Issuer that you want to use. For example, you want to have claims of your identity, diplomas and work experience. You would have to contact the relevant parties that could verify this information for you. The government becomes your Issuer for your identity, your university becomes the Issuer for your diploma and your previous employers become the Issuers for your work experience.

figuur 2@4x

Figure 2: Create a Verifiable Claim.

To create the Verifiable Claims, the Holder needs to request the claim at the Issuer (Figure 2). The Issuer will ask you which data you want to have in your digital identity. Then they will verify the data they have about you and will send you a copy of this data. In addition, they will perform a process of data encryption using a hashing function. A hashing function encrypts the data in an irreversible way, while the resulting hash is just a random set of characters. However, if the exact same data is hashed at some other time, the resulting hash is identical to the previously generated hash. This important property of consistency allows other parties to verify that the hash is indeed generated from the given data.

figuur 3@4x

Figure 3: The Merkle Tree of a Verifiable Claim.

The cogwheels represent a hash. The bottom layer of hashes are generated from the data points. These hashes are further combined up the tree until a single root hash is left. The data about the Holder consists of several loose pieces of information. For example, your driver’s license contains your name, birthday, date of license acquisition and a picture (Figure 3). These separate pieces of information are individually hashed to create an identical number of hashes. In order to improve privacy and ease of use, every 2 hashes will be combined into a single hash. This process is repeated until only a single hash is left. The last remaining hash is the root hash and will encapsulate the claim. The Issuer now uploads the root hash to the Blockchain, including a reference to your personal Blockchain account (Figure 2). In the end, the Holder will have a copy of all his personal data that is part of the Verifiable Claim. If that data goes through the same hashing process, it will result in the same root hash.

Using Verifiable Claims

figuur 4@4x

Figure 4: Use a Verifiable Claim.

Now that you have your personal information stored on your phone with a link to the location on the Blockchain which proves your claims, you can use these to identify yourself. The added benefit from all the hashing that has been performed is the possibility to only reveal a part of the Verifiable Claim. For example, I might want to reveal my name and birthday from my driver’s license, but not my date of acquisition. I give the plaintext information of every data point I want to reveal to the Inspector (Figure 4). However, I only provide the hash of the data points I like to keep private. With these plaintext and hashed data points, the Inspector is still able to reconstruct the same root hash. He goes through the exact same process as the Issuer has done to create the root hash, by combining every two hashes to become a single hash, until a single hash is left. The root hash is now compared to the hash on the Blockchain and if equal, it is a proof that the Holder spoke the truth about his claim. This is what makes a Verifiable Claim: you claim to have specific properties, which the Inspector can verify. Keep in mind that the Issuer is kept completely out of the loop, increasing the privacy of the Holder, as the Issuer doesn’t need to know who you are identifying yourself to.

The ownership of a Verifiable Claim is inherited out of the fact that only the Holder has all the data, therefore only the Holder can identify himself using the Verifiable Claim. Unfortunately, the Holder must share his data to use the Verifiable Claim, creating a weakness in the concept as the Inspector could now pretend to be the Holder of the Verifiable Claim. This can be resolved by using the cryptographic functionalities baked into any Blockchain platform. The Verifiable Claim references which Blockchain address it is linked to. A Blockchain address is a sort of account, which has is connected to a private key, which is a sort of password. The Inspector asks for a proof that the Holder owns the private key and is therefore the owner of the Verifiable Claim. This can be done in the form of a valid signature or Blockchain transaction.

Human & Machine
Having control over your own data and allowing you to selectively reveal specific data points creates a lot of opportunities. As mentioned before, performing the KYC process will go a lot faster. Right now KYC is a slow and tedious process that needs to be completed once or at a set interval. Due to the ease of Verifiable Claims, this whole process can be done on-demand and the involved Inspector doesn’t have to store your personal data. This reduces the responsibilities for data management and makes the applications GDPR compliant. However, let us start thinking even more futuristic. What if devices have a similar identity system with Verifiable Claims? Ownership of such devices could possibly be put into the claims, allowing only you and those you have granted permission to use the device. This doesn’t have to just be IoT devices like lights, but could also be more important devices like an electronic door or a car. The ledger of the Blockchain automatically could provide you with an immutable audit trail of uses of the devices. This could, for example, give proof who was driving the car when it got into an accident or it received a ticket. Giving devices an Identity themselves would increase the security and also increase the scope of use cases in the industrial Internet of Things as it tackles the Identity of Things problem. In short, Verifiable Claims is a relatively easy but powerful use of Blockchain technology. The immutable nature of Blockchain allows us to record proof that specific data points, or claims, about ourselves are supported by trusted parties, and verify these in an instant and cheap manner. This allows us to automate and secure important processes like Know Your Customer, Digital Ownership in the (industrial) Internet of Things and Digital Identity. Verifiable Claims alone could change how customers interact with businesses or how humans or machines interact with (other) machines.

figuur 5@4x

If you want to learn more about developing with Blockchain or IOTA:

  • Read our Blockchain blogs.
  • Contact me for consultancy or development for your projects via the information below.

Meer informatie


Er zijn nog geen reacties op dit bericht.

Plaats een reactie

Dit veld is verplicht.

Vul een geldig e-mailadres in.

Dit veld is verplicht.