Verifiable Credential Exchanges with Blerify & LACChain

The world is transitioning to a new digital age where digital credentials will enable a user-centric interaction. Our platform implements an end-to-end flow (issuer portal-wallet-verifier)

Comment

Inspiration

The world is immersed in a transition into a new digital age, where decentralized technologies and user-centric interfaces will enable a new generation of digital interactions. We believe that this new digital age will be defined by the verifiability of information and the transferability of assets in real time. When information is related to individuals and companies, there are two W3C standards that establish an ideal user-centric framework for the issuance, presentation, and verifiability of verifiable credentials: decentralized identifiers (DIDs) and verifiable credentials (VCs).

After working with these standards for several years in multiple projects in Latin America and the Caribbean, we realized that there was a missing piece to achieve mass adoption and make the digital interactions more user-centric, privacy preserving, and reliable. That missing piece are tools and interfaces that allow enterprises to incorporate the standards into their digital infrastructure and start using them to issue verifiable credentials.

What it does

We have developed a platform that allows enterprises and individuals to interact through digital credentials. Our platform has an enterprise portal where enterprises can create, customize, and issue any kind of verifiable credential to a user. Users can use our digital wallet to receive, store, and present credentials to third parties (a.k.a. verifiers). Verifiers can request specific credentials following the OpenID4VP standard to end-users, and the presentation of credentials can be done under selective disclosure and ZKP conditions. The platform is being developed by Blerify, a spinoff from LACChain, an open source blockchain project. Both Blerify and LACChain teams are committed to contributing to open-source tools for the community.

How we built it

In order for issuers to send credentials to individuals, we have created an interface using DIDComm. The solution consists in what we call the “LACChain Mailbox,” which is an open-source solution for DID owners to authenticate to a service where they can leave an encrypted message to another DID. The recipient DID can later authenticate to the same service to retrieve the payload, decrypt it, and get the message that contains the verifiable credential or presentation.

Challenges we ran into

From a technical perspective, integrating DIDComm as a credential exchange mechanism was a significant challenge due to the implementation of specific encryption algorithms in different components such as the issuance portal, the backend, and the wallet where the public keys are exposed in the DID Documents of the issuer, mediator (mailbox), and recipient for proper transportation. The LACChain Mailbox implements a DID-based authentication method, which means that both: the issuer and recipient must have at least one public key registered in their DID for authentication purposes and another for encryption. Finally, the credential must be packaged in digital envelopes or wrappers for routing, first encrypting the credential for the recipient and then encrypting that same result for the Mailbox, in such a way that the Mailbox can decrypt the message for itself and see the next route but without being able to see the original message to the recipient.

From a business perspective, despite the verifiable element of a verifiable credential is typically a JSON, real world applications demand user-friendly PDFs that can be customized by the issuers, as well as downloaded, printed, and exposed by individuals. We developed a PDF editor that allows to create custom fields in a PDF and match them with the fields and values in the JSON. Another challenge is how to present and verify credentials when the verifier does not have a proper interface capable of making ID4VP-compliant requests. To address this, the PDFs come with a QR code that allows the resolution of the verifiable credential data to verify its authenticity and status even from a device that does not have the wallet. That is why the QR code is a URL that, when scanned, redirects to the Blerify website to display the credential data, whether it has been revoked, the expiration date, and even the PDF itself. Finally, if the user has the mobile application of the Wallet, the result of the verification is displayed in a more user-friendly interface.

What we want

We want to build a user-centric world where individuals can own their digital self through non-custodial digital wallets. For that, we want to enable the tools and middleware for enterprises to connect to non-custodial interfaces and be able to issue and verify verifiable credentials. We believe that this is an enabler for the new age of tokenized assets, because better means for digital authentication will be necessary to meet the 2030 projections of a multi trillion-dollar tokenized industry. And the best way, in our opinion, to do that is by empowering individuals with their own control of their identity and data through verifiable credentials.

Accomplishments we are proud of

We are working with an association of academic centers in Latin America and the Caribbean that have already piloted and loved the solution. We are also initiating working roadmaps with two governments and several large private sector corporations.

What we learned

We learned that DIDComm is a powerful tool for sending any type of messages, not necessarily credentials, that maintains the privacy of the transported data and can even route them between different networks and communication protocols for greater interoperability. The Mailbox is a versatile tool that can be deployed in any infrastructure with the possibility of connecting to different blockchain networks and supporting multiple DID methods.

Share this project:

Updates