A Guide to Decentralized Identity and Digital Wallets
Verifiable credentials and secure biometric technology are bringing mobile driver’s licenses and digital national IDs into the fold of everyday use for millions of customers worldwide.
If having an ID provider in your pocket sounds like something out of the future, you’re in for a happy surprise. States across the U.S., countries in Europe, and places like Singapore, Australia, Estonia, Israel, and Canada are already empowering their citizens to take (portable) ownership of their identities with the increasingly widespread use of digital IDs and wallets – forms of decentralized digital identity that rely on verifiable credentials (VCs).
Decentralized identity (DCI) involves assigning a global, unique, cross-channel, cryptographic key (a mathematical token, like a string of numbers) to a user during a transaction that represents their identity, taking the place of any need for physical documents or for the user to return to their IDP (identity provider) for their information to be verified. Importantly, DCI is an alternative to the most popular form of digital identity thus far: federated identity.
Federated identity – a type of decentralized identity management wherein the owner of the identity relies upon a third party (IDP) to be able to access their data or account and to interact with the relying party (known as RP, and could include everything from a bank to an e-commerce site to a health insurer) – has been utilized by businesses for the better part of the last 25 years or so.
The advent of widescale DCI brings with it important innovations when it comes to security, convenience, and UX, namely by placing the power of digital identity management back into the hands of the true owners of the identities: the users.
What Are Verifiable Credentials (VCs)?
To preserve the privacy of the user and to grant them the most control over their data, verifiable credentials use cryptography and advanced security to place integrity at the center of every digital transaction. VCs allow the individual to store and manage their own data by providing clear consent when data is shared and selective disclosure options to minimize the amount of, how often, and with whom data is shared.
VCs involve an issuer, a holder, and a verifier. The issuer of a verifiable credential refers to the party (typically a business, government entity, or employer) that grants the holder (the individual user) their ID credentials. The verifier refers to the party (usually a digital identity assurance provider, like Daon) that authenticates the holder’s information on behalf of or in conjunction with the issuer before the holder is granted their ID.
A common example would be a U.S. citizen (the holder) being mailed their passport from the government (the issuer) after successfully applying for it by having their information processed, verified, and authenticated as genuine either by or in conjunction with a third party – the verifier.
Identity proofing and verification (IDV), which involves capturing both an identity document and a facial biometric, ensuring both are live, real, and unaltered, and then making sure that they match, is a critical security process. Often, other data the user enters during the onboarding process is also cross-checked against the data extracted from the ID.
Once the user’s identity is verified by the IDV process, a cryptographic token (credential) is created. Identity verification sets the user up for future authentications, wherein that token (which represents their identity) will need to be presented in order for the user to access services. The token (the verifiable digital credential) can be conveniently used in a digital wallet that the customer can carry around to authenticate themselves anytime.
In other words, the successful completion of an IDV process by a user (the holder) can be “saved” within their verifiable credential.
The reuse of the holder’s verified ID attributes and claims (the information authenticated by the identity verification process) via their VC is what makes the process so powerful for users. By being able to proffer identity data that has already been vetted by a verifier during not only the initial interaction prompting the creation of a VC, but during numerous future transactions, the holder is able to wield control during any sensitive transaction.
Verifiable credentials are a decentralized digital identity solution to portable and federated identity; instead of worrying about losing, forgetting, or, worse, having your physical ID stolen or being forced to rely on an identity provider to “vouch” for your status as a genuine entity, users can simply carry a digital ID with them on their smartphone or on a similar device. The ability to reuse an identity without having to go back to an IDP is the critical difference between decentralized identity and federated identity.
Not only do VCs offer the future of convenience and UX, but they also offer nearly fraud-proof decentralized identity solutions to the constant and ever-evolving cybercrime landscape, especially as generative AI and deepfakes occupy the worries of both organizations and customers everywhere.
Benefits of Decentralized Identity
DCI is a user-centric development in the identity management world. The EU already rolled out digital national IDs in wallet form, available for all citizens and residents, in April 2023. Across the pond, states like Arizona, Colorado, Delaware, Georgia, Florida, Iowa, Louisiana, Maryland, Mississippi, Missouri, and Utah have implemented digital ID use, and the TSA also accepts them at select airports across the country. Decentralized digital identity has benefits for every party involved, from the user to the RP.
Holder Benefits
With decentralized identity, your identity provider is no longer a vague and distant third party: your IDP is literally in your pocket (or, specifically, on your device).
While this may sound somehow less secure, the opposite is true; thanks to features like selective disclosure, where the user can give their consent about data storage, location, and what exactly is saved, digital IDs offer a better defense against bad actors and human error than federated identity and traditional identity verification methods, like carrying a physical ID or answering notoriously unreliable knowledge-based questions to prove your identity.
In addition, just as your driver’s license can be used for a variety of use cases and with a never-ending list of relying parties (from the doctor’s office to the wine shop), a decentralized digital identity token (VC) accomplishes the same; in fact, an additional level of privacy can be added, wherein the IDP has no knowledge of the RP, protecting the user’s personal life and habits.
If, for example, a user wanted to buy age-restricted products on a particular e-commerce site and was worried about this transaction being “stored,” so to speak, DCI alleviates this worry, as the IDP, at least, would have no indication as to which business the user was purchasing from.
Users can even remove or revoke access to their DCI for certain parties or devices whenever they’d like. DCI is inherently cross-channel, meaning the user can present their credentials on their phone to a clerk in person, go home and purchase something online from their laptop, and even call into a contact center and use their voice as an ID. The same identity can be shared across devices, too.
The control and the level of privacy DCI gives to the user are unparalleled today and warrant close examination by providers, stakeholders, and innovators who are architecting the future of reusable identity.
Relying Party/Verifier Benefits
Both the verifier (identity provider) and the relying party of a transaction can benefit from the use of DCI. Digital wallets significantly reduce the risk of fraud via account takeover (ATO) and synthetic identity fraud, an insidious, often AI-powered form of identity theft that has risen in popularity since the pandemic.
The verifiable credentials that are inherently present during digital wallet use can also fulfill KYC compliance requirements for identity verification, placing RPs a step ahead in cost savings and reputation protection. Relying parties can also enjoy significant cost savings when it comes to the reduction of 3rd party data checks that would need to occur with the use of DCI.
By removing the need for manual intervention for users who may fail an IDV process, turning to a decentralized identity means RPs would never need to expend their budget on failed transactions or errors – the users would come to them already vetted as genuine.
Lastly, there is a greatly reduced level of risk to an organization’s identity ecosystem when DCI comes into play. Eliminating the need to capture sensitive documents, such as a scan of a user’s driver’s license, means there is no more storing, managing, or worrying about fraudsters hacking users’ PII (personally identifiable information).
Is This the Future?
Decentralized identity and digital wallet solutions are already revolutionizing the identity landscape. With government adoption, especially, it has become clear that the use cases for VCs are only going to expand and become more robust.
Use Cases for DCI
Though decentralized digital identity is definitely a use case-dependent technology, its practical reach is far, and its applicability is wide. Industries like Healthcare, Financial Services, Public Sector, Gaming, Retail, Travel, and HR can all benefit from DCI and the level of security, convenience, and reliability it provides.
Using the human resources space as an example, imagine an employer being able to bypass the usual “first day at the office” paperwork when, instead, their new hire can simply show up to work with a digital wallet containing their hiring credentials.
Decentralized identity can be used from the first point of interaction a new employee has with an employer: their identity documents, like a driver’s license or passport, can be easily scanned or uploaded by the employee to their digital wallet, where it’s then vetted for authenticity (including backend cross-checks against watchlists of known fraudsters).
Once approved, the wallet technology would create a token (VC) that states, “Jane Smith is eligible for employment.” That verifiable credential can then be presented by Jane Smith to her new employer, allowing the onboarding process to be seamless, simple, and secure.
DCI doesn’t just stop at identity documents, though – the technology can be used to verify the genuineness of nearly any document one could imagine: immunization records, education transcripts, clinic/drug reports, insurance eligibility information, and more. The token created for each use case can be easily consumed by the relying party and even reused for other applicable use cases with a simple re-authentication by the user.
As the future of digital identity expands, digital wallets that rely on DCI will become more and more common, prompting businesses everywhere to look for solutions that allow them to accept these credentials and enjoy the cost savings, UX improvements, and efficiency wins that decentralized identity brings to the table.
How Daon Can Help
The identity world is full of options…so how can you be sure where to begin when it comes to DCI, especially given its status as an emerging tech? We suggest turning to vendors who can be a true identity partner, not just a provider – ensuring your unique use case and business concerns can be addressed with the right kind of expertise.
Daon’s over 20 years of experience in the biometrics and identity assurance industry allows us to offer not only the technology needed to secure digital wallets but also the ability to simultaneously create ID tokens (VCs) for identity authentication by a user.
Our identity-proofing solutions and authentication capabilities make us an ideal security partner for companies who already have digital wallets. The advanced, proprietary, AI-powered algorithms we offer also allow us to be a credential issuer to digital wallets.
A third way Daon can be your trusted DCI partner is through our newest platform, TrustX ™, where VCs like mobile licenses can be used to onboard (consumed by us) your users. The built-in biometrics and liveness capabilities of the TrustX platform can also be used to ensure that the person presenting the VC is the genuine holder of the credential, as opposed to a fraudster who has simply managed to get access to the holder’s wallet.
Learn more about some of the best decentralized identity solutions from Daon.