Contact Us
search
close
Back to The Latest

Empowering Self-Sovereign Identity With Trusted Credentials: Exploring Velocity Network Checks – Part 1

A Glance
share:

By: Andres Olave
Part 1 in a three-part series on governance 

Self-sovereign identity centers on placing data control squarely in the hands of individuals. The goal is to rectify a mistake that has grown exponentially since the late 90s—the dominance of certain companies over personal information. 

The current model has data providers sending to data consumers directly, for the most part, with little to no consent from the data subjects themselves in the process. 

Shifting Paradigms: The Three-Party Model

Self-sovereign identity replaces these point-to-point connections with a three-party model. The new third party is the individual whose data is the subject of the exchange.

Championed by Velocity Network, the three-party model offers an alternative, empowering individuals with unparalleled control over their data. Velocity Network Foundation believes that reaching this new world requires a shift away from empowering data brokers and instead focusing on the individual’s ownership and use of their data. This data will be stored in individual career wallets, essentially digital CVs controlled directly by employees and students themselves, with data stored on their own devices or by their trusted wallet provider. 

The three-party model stands in stark contrast to the outdated two-party system, where data flowed from controllers to relying parties with little to no input from individuals. Often, this transfer occurred without explicit consent, buried deep within privacy policies that most people never bother to read, resulting in an illusion of choice. However, in the new model, data is directed to the individual, granting them full authority over its distribution to relying parties. This shift empowers individuals with unprecedented control over their personal data, marking a significant step towards reclaiming data ownership and privacy rights

To enact this significant change, collaboration between businesses, non-profits, and government actors requires agreement on governance rules to cover legal liability, organizational identities, data formats, business models, technical protocols, security, individual privacy, and trust.

The future of Employment and Education applications

These governance rules enable mass market adoption and competition while never compromising on security and privacy.

Velocity Network is a consortium of over 80 HR and education companies created by the not-for-profit Velocity Network Foundation. Its goal is to pioneer an open credential market, facilitating a variety of improvements that make the career landscape easier for individuals to navigate. This includes benefits such as streamlining the employment application process, assistance from AI copilots for employers in identifying the ideal candidates for a role, and AI assistance for individual career advancement. 

Addressing the Challenges of the Three-Party Model: Velocity Network Checks

Although the three-party data exchange model facilitates the individual’s ownership over their own data, it raises new challenges such as: How can these credentials, provided by an unknown individual, be trusted by the relying party? 

To ensure any data we provide can be trusted by relying parties, the participants in Velocity Network all agree to follow a standardized process for verifying credentials. This process ensures that the credentials meet the following criteria: 

  • Credentials must not have been tampered with
  • Credentials must still be valid, meaning they have not been revoked by the original issuer and have not expired
  • Credentials must be under the control of the credential owner
  • Credentials must come from a trusted issuer

Velocity Network Tamper Check

Velocity Network protocol is based on the W3C Decentralized Identifier (DID) and W3C Verifiable Credential (VC) V1.1 standards. Organizations on Velocity Network register public keys used during verification on DID documents (either DID:ION or DID:WEB methods are supported). Credentials are issued using the VC JWT format and are signed using ES256 or secp256k1 algorithms. Unlike most other methods, using and verifying a VC using JWT securely ensures that the credential has not been tampered with.

Velocity Network uses a pay-to-verify ledger. When the credential is issued, the issuer encrypts the public key required for tamper checking and securely stores it within the Velocity Network decentralized ledger. When a relying party wishes to verify a credential, they pay a small fee to retrieve and decrypt the public key from the ledger. Once in possession of the public key, the relying party may run the tamper check, and will also receive an attestation from the issuer of the key.

Velocity Network Validity Check

There are two kinds of Velocity Network checks used for validity: expiry and revocation. Expiry can be checked by simply checking the W3C VCDM expiration timestamp. The revocation check method is based on the W3C Status List 2021 standard, using the Network blockchain to store the data. Storing data on the blockchain ensures that revocation checks are privacy-preserving and are able to be conducted in perpetuity, unlike web-based methods.

Velocity Network Ownership Check

The credential owner is the individual to whom the issuer issued the credential. The ownership check is performed using key binding. Key binding is a cryptographic method with three stages:

  • The individual securely discloses ownership of the key(s) to the issuer by sharing a “proof of key possession.”
  • The issuer embeds information on the keys used in the proof directly into the issued credentials. 
  • The relying party that receives the credential from the individual similarly requests a “proof of key possession” for the keys embedded into the credential. Only the individual controlling the keys from step 1 can create the required proof. 

The cryptography used means the individual can prove key possession without actually revealing the secret private key required to create these proofs.

Velocity Network Issuer Checks

If the credential has not been tampered with, the issuer attestation can be checked. Issuer checks are made up of the following four parts:

  • Credential’s Public Key Addition:
    The first step involves confirming whether the credential’s public key was indeed added by the credential’s issuer.
  • Registration on Velocity Network:
    Next, verification extends to confirming whether the issuer is registered on Velocity Network.
  • Permitted Credential Categories:
    It is then critical to determine if the issuer is authorized to issue the specific category of credential being presented.
  • Primary Source Issuer Validation:
    Finally, in cases where the issuer serves as a primary source, validation entails ensuring that the credential’s primary organization aligns with the issuer’s identity.

The following articles will go into further detail about Velocity Network’s issuer checks, which really are the unique elements of Velocity Network and part of what makes Velocity Network credentials the most trusted for employers and educational institutions.

Back to The Latest
share: