In the digital economy, businesses and individuals need digital trust – by ensuring portable and verifiable digital identities and credentials, while protecting privacy.
At the ATxAI Conference during Asia Tech x Singapore (ATxSG) held in July 2021, it was announced that Singapore’s Infocomm Media Development Authority (IMDA) and National Research Foundation (NRF) will invest S$50 million (US$37.3 million) over the next five years to develop the city-state’s digital trust capabilities.
This investment will allow Singapore to extend its strength as a trusted hub into the digital realm, as well as tap on new possibilities and demands arising from a global digital trust market that is expected to grow exponentially, including unlocking new opportunities enabled by privacy-preserving decentralized technologies.
Privacy-preserving decentralized technologies help address emerging areas in identity and verification for businesses and consumers to boost confidence in the digital economy, and is an emerging area that Temasek-founded company Affinidi is very familiar with. The Singapore-based company is leading the charge in the space, by enabling the creation and sharing of digital identities that are portable and verifiable. It leverages decentralizing technology and self-sovereign identity (SSI) to enable individuals to take ownership of their own digital identity, anticipating the use of verifiable credentials becoming more common in the future.
CybersecAsia finds out more from Kishore Bhatia, Chief Technology Officer and Founding Member, Affinidi.
How do decentralized technologies foster digital trust and unlock new opportunities for businesses?
Kishore: Developing digital trust capabilities is an area that is becoming more important as countries look to unlock opportunities in the digital economy. Moreover, as more businesses digitalize, they will want greater assurance and confidence in using digital technologies.
Decentralized technologies essentially allow individuals to gain control of their own digital identity, claim their credentials, and share data selectively in a privacy-preserving manner as they consume digital services from different providers.
Notably, a decentralized architecture fosters greater transparency, accountability, and trust between all parties in a digital economy with institutions, governments and individuals.
In addition, this makes the digital infrastructure and services resilient to cyber threats, while reducing the attack surface and minimizing the scale and impact of a compromise.
For businesses, decentralization increases efficiency as it eliminates the need for intermediaries in many transactions. More importantly, it streamlines processes and increases transparency in the flow, providing businesses the ability to automate via digital-native methods.
If you are a small business owner, you can potentially earn more returns from your business because you no longer have to spend extensive resources on data management and compliance. It also opens up more opportunities for businesses to develop tools, products and services on top of decentralized ecosystems. Hence, it drastically lowers the threshold to start, build and test an idea.
What are “verifiable credentials” and how can they serve as the building blocks for businesses and individuals to feel safe and confident about using digital technologies in the digital economy?
Kishore: A credential is a piece of information that identifies a particular entity or verifies that a person has a specific attribute, qualification, or claim.
For example, passports are proof of your identity while a university degree is an education qualification you possess. While such documents can be examined in the physical world, how do you do it in the digital world? That’s where verifiable credentials come in.
Verifiable credentials (VCs) are tamper-proof credentials that can be verified cryptographically. There are three essential components of VCs. They are:
- digitally verifiable
- secure and tamper-proof
- Issued by a competent authority
For instance, within the supply chain industry, manual verification that are being used now are slow as they require physical credentials, and are easily forgeable. Inefficiencies attributed to multiple authentications and delays can negatively impact operations. However, with VCs, a trustworthy trade connection can be established with another entity in the global marketplace to buy and sell goods across countries and to handle payments, shipping, and the logistics.
Trustana, a B2B trade platform built using Affinidi’s technology, has tapped on VCs to help SMEs digitalize, connect with verifiable trustworthy trade partners to buy and sell goods in the F&B space. We are confident that this will not only enable businesses and individuals to feel safe and confident using digital technologies, but also reduce obstacles to establish trust in new markets, thus opening up new cross-border supply chain opportunities for SMEs.
What are the key entities in the verifiable credentials ecosystem, and how do they come into play in ensuring data is managed securely? How will this ecosystem shape the way individuals and businesses use and interact with data?
Kishore: There are three entities in a verifiable credentials ecosystem: issuer; holder; and verifier.
An issuer is an entity authorized to issue a credential and by way of governance, issuers are typically authorized and trusted by a peer community of issuers and holders/verifiers. Some examples include government organizations, healthcare institutions, banks and schools.
A holder (typically individuals or organizations) is the owner of the credential and has complete control over how it is managed, and with whom they can share the credentials with.
Finally, a verifier is an entity that, as part of providing a service to the individual or entity, verifies a credential and ensures that it comes from a competent and trusted issuer and is tamper-proof, not expired or revoked.
This system ensures your data is managed securely as trust is the central aspect of VC, and handling this aspect well is important for the success of any VC-based system. It allows individuals and organizations to have control over their information and determine who they want to share it with.
In a VC workflow, the issuer digitally signs a document and sends it to the holder. Next, the holder creates a verifiable presentation which can come in various formats, like a QR code that encodes selectively shared information, and sends it to the verifier for verifications. The verifier then checks the presentation against the specifications to verify the three aspects — validity of the credential, tamper-proof characteristic of the credential and signature of a competent and trusted authority (issuer).
This process ensures data is shared in a secure and privacy-preserving way while empowering the holder.
Through a verifiable presentation, individuals can collate different credentials that they want to share with a verifier. For instance, during a job application, a potential employer may request for specific information for a background check such as your date of birth, education qualifications, past employment records etc.
Each of these credentials is issued by a different entity and the owner of these credentials can collate these elements to create a verifiable presentation for the verifier. This offers assurance to individuals as it tells the verifier only what it requires. It also enables portability and re-use of these credentials as they can combine verifiable data in privacy-preserving ways for sharing with different verifiers. Since the verifiable presentation is a compilation of VCs, it is verifiable, tamper-proof, and authentic.
In Asia Pacific, where do you see VCs playing an important role in areas such as human resource management, e-commerce and more?
Kishore: I believe verifiable credentials are the next frontier in the world of digital identity, privacy and security. They address many concerns we face today with regards to our documents, identities and verification, effectively solving authenticity, reputation and trust while transferring ownership and control of identity and data sharing to the individual (or enterprise) owner.
As Affinidi continues to foster digital trust globally through VCs, we remain committed to work with partners, pioneering developers, entrepreneurs and technology integrators in the ecosystem to generate new ideas and catalyze innovation. We can already read and verify credential implementations from a growing list of more than 23 issuance technology partners and national health standards.
Over 15,000 healthcare providers and clinics in nine markets have also been onboarded with our travel verification solution or one of our partners. Moreover, pilots are currently being run with more than 10 airlines across Asia Pacific and the Middle East, with pilots in North America and Europe kicking off soon.
There are several use cases where a VC ecosystem can play an important role in verifying important information safely and securely.
For example, many employers today require candidates to present a variety of information. VCs can be used to verify current and past employment and is a safe and self-empowered way for candidates to share them with prospective employers and entities who need this information.
Moreover, VCs also help ensure medical records are in an easily shareable format, and streamline the verification process, which can come in handy during emergencies. In this workflow, a healthcare or start-up company aggregates all the medical records of an individual across different medical institutions and issues a VC containing all the necessary information to the holder. He or she can then subscribe to an insurance service or a healthcare provider’s services by sharing their private healthcare data as a VC.
Amid the pandemic, COVID-19 tests have become necessary for travelers and VCs can be utilized to safely and quickly examine these test results. At Affinidi, we are helping to enable safe travel through COVID-19 tests and vaccination VCs. Healthcare providers and other relevant bodies can issue digitally verifiable COVID-19 test and vaccine credentials to travelers in a secure and privacy-preserving way. Airlines and immigration officers can then use Affinidi’s travel verification solution to efficiently and accurately verify the credentials’ authenticity and match these against destination entry requirements.
Moving forward, we see great potential in the use of VCs and believe it will dramatically transform the way data is shared and managed.