Without the Jargon: What are Digital Identity Wallets?
“Without the jargon” is a content series by Accredify that aims to explain complex, difficult, and challenging concepts in Web3, DLT, Blockchain, Verifiable Data (the works…), in a way that is easy to understand, and quick to digest. If there is something you’re curious about, and would like us to cover in “Without the jargon”, please let us know in the comments or email us at email@example.com!
The rapid adoption of verifiable data, mobile payments and QR codes during the COVID-19 pandemic has enabled an accelerated push towards digital identity wallets to make our personal details and important documents easily accessible and verifiable on the go. But how exactly do digital identity wallets work, and what can you use them for?
What are digital identity wallets?
Imagine if you never had to keep a physical copy of your important information or documents ever again. That is the idea behind digital identity wallets, which act as a repository to gather important information related to your identity in one place, similar to a wallet. Digital identity wallets can typically be accessed through a mobile or desktop app, and enable you to easily access or share verifiable data related to your identity for third-party verification.
Verifiable data in this context means true-to-source information that has been signed and issued to your digital identity wallet user account by the creator of the document, e.g. identity details issued to you from your local government, credentials issued from an educational institution or an insurance policy issued from your chosen provider. Digital identity wallets are compatible with the storage and management of these verifiable documents, and can be shared by the wallet user with any third-party.
Once an issued document has been linked to your digital identity wallet user account, you can share what usually is a QR code, generated by the digital identity wallet, with a third party to verify specific data points or document validity. In order for the data to be verified by the third party, the ‘fingerprint’ issued to the verifier through the QR code must match the ‘fingerprint’ that was created when the document was issued to you. These ‘fingerprints’ will always match as long as the document has been issued to begin with and has not been tampered with, and will show as ‘verified’ upon third-party verification.
As there is no uniform framework on what digital identity wallets must look like or contain, the information you can store in them and the use cases they can be applied to vary considerably. Some countries provide multiple wallets to their residents depending on their needs, how siloed their data is, and whether they have a centralised, decentralised, or hybrid approach to storing an individual’s documents that make up their digital identity.
Let us say that you are going to travel to a country that requires certain vaccinations that must be verified before your departure. A digital identity wallet, such as Accredify Passport, can store your medical records, and vaccinations, where you can choose to share your vaccination status through e.g. a QR code for instant verification by airline staff before you board your flight. This way, you do not have to manually download and gather all the important documents you need to share with third parties on your travels but can rather keep everything stored in your digital identity wallet.
To ensure that your identity wallet only contains verified information, the wallets are usually created by –or in partnership with– local governments, so that they can function as a trusted source of information related to your identity, and build digital trust. This opens up a large number of use cases in the public and private sector, such as:
- Proving your identity, age or citizenship
- Providing healthcare professionals access to your medical records
- Authorise payments
- Sign paperwork
- Rent a car or hotel room
- Apply for bank accounts, loans and subsidies
- Verify your education credentials
How do digital identity wallets work?
While a physical wallet may contain physical cards and money, the contents of a digital identity wallet is not actually stored in the wallet itself, but is rather stored on a server or blockchain to protect its contents. Your digital identity wallet actually only contains a private key, which is created when you set up your account.
A private key is a secret number that is used in cryptography, and has a similar function to a password. This key is unique to you, and enables you to share and verify data that is linked to your wallet. Because this key gives you access to your documents and private information, it should only be shared with the key’s generator or other parties that are authorized to decrypt the data.
There are a few differences to how your digital identity wallet works, depending on whether it is centralised or decentralised:
Centralised wallets work much like other digital solutions that we are familiar with, where a third party manages and stores all your data, such as local governments or tech companies like Apple or Google. The benefit of centralised wallets is that the third party that holds your data has access to your private key, so that you can regain access to your user account if you were to forget it or lose your backup. However, centralised wallets are also more vulnerable to attacks and data misuse, as you only need to gain access to one account to access all data.
Decentralised wallets on the other hand are becoming increasingly more popular with the rise of blockchain technology due to the added security measures that comes with removing the third party. Decentralised wallets mean that the data is not stored on one physical server, but on a decentralised blockchain that is much more difficult to gain access to without a key, and is commonly referred to as decentralised identity (DID).
Decentralised identity (DID) is a form of digital identity that is not stored in a single, centralised location. Instead, DIDs are stored across multiple locations, making it much more difficult for a third party to access the data. The distributed structure ensures that the user’s data is more secure, as it is stored across multiple locations, making it less likely to be lost or corrupted, as well as providing users with more control over their data, as it is not stored in one centralised location. This provides an extra layer of security and reliability for users of decentralised identity wallets, as their data is stored in multiple locations and also gives them the convenience and flexibility to access and manage their data.
There are two types of DIDs involved for decentralised digital identity wallets; public DIDs and peer DIDs:
- The public DID is created by the data issuer (e.g. a hospital issuing medical test results) when the data is written onto the blockchain. This public DID is used again when the person owning the data (the patient) is verifying the data for third parties through their digital identity wallet.
- The peer DID is used between the digital identity wallet user and other parties for interactions between the two that does not affect others on the public DID. This peer DID allows the parties to move the bulk of interactions off-chain, while offering the option to reconnect to the chain as needed.
The downside to decentralised wallets is that there is no third party with a backup of your private key, making you fully responsible for safekeeping the private key for your digital identity wallet. This means, that if you were to e.g. forget your key without having it written down, or a technical error destroys your backup, you will not be able to regain access to your decentralised user account. However, there are ways that this can be solved in the future.
Enabling secure data sharing– on your own terms
One of the great benefits of digital identity wallets is that you are in charge of your own data and get full power over how and when your information is shared, who it is shared with and how much information you disclose. This philosophy for digital identity is called Self-Sovereign Identity (SSI), which essentially means that you –the data owner– are entitled to complete control over your own identity.
To enable detailed data control, digital identity wallets often use a method called Zero-Knowledge Proofs (ZKP). Zero-Knowledge Proof enables you to share your data in a way where you only prove whether a statement is true or false. One example of this can be to prove to the bouncer at a bar whether you are over 18 years old and eligible to buy alcohol, without disclosing any of your personal information (e.g. your age or date of birth). Some wallets, such as Accredify Passport, also provide the option to revoke data that has been shared or to set a specific timeframe for how long the third party will have access to your data.
These methods build digital trust for both businesses providing or verifying data, as well as the digital identity wallet user, as it ensures that the information that is being shared is true-to-source, while avoiding disclosing information from your documents that is not necessary for the specific verification that is needed for the third party. That way third parties that have to verify e.g. your university degree certificate to ensure that you are qualified for a job you are interviewing for, will not gain access to the details of your certificate or your personal information without you choosing to share this information with them. This helps prevent data being misused, and help in the fight against the rise of credential scams and identity theft.
Global applications of digital identity wallets
Digital identity wallets are being adopted by governments around the world to offer secure and instant access of personal information to their residents. With some local projects already showing results, more countries are recognising the benefits of digital identity wallets and their potential to revolutionise the way people manage and store their data.
There is no doubt that digital identity wallets are here to stay, with recent news unveiling that also China is planning to fully adopt digital identity wallets and use WeChat as their official ID system for their population of more than 1.45 billion people.
Alongside the success of local projects like Singapore’s Singpass and with the EU’s European Digital Identity Wallet expected to be used by 80% of citizens (358 million people) between EU borders, digital identity wallets are set to have a great impact on how we manage and share our personal information in the near future.
This is how some governments are implementing digital identity wallets to build digital trust:
- Singapore is using a centralised approach with digital identity wallet Singpass, led by the government. Singpass offers access to government and private sector services, and can be used to e.g. apply for public housing, manage insurance policies or online banking.
- Australia has implemented a hybrid approach led by the national government’s myGovID identity wallet, with participation by private sector identity and credential providers. State governments are also progressing parallel, compatible systems with expectation to federate. MyGovID can e.g. be used for taxes, business and immigration services.
- New Zealand is using a hybrid approach, led by the government with a digital ID wallet for their Managed Isolation and Quarantine (MIQ) program during COVID-19, as well as additional private sector identity providers. MIQ was an essential part of New Zealand’s border measures during the COVID-19 pandemic.
- The European Union (EU) is set to rollout in 2024 as a collective European Digital Identity Wallet led by the European Commission. The wallet can be used for e.g. requesting access to public records, signing contracts and claiming medical prescriptions.
- United Kingdom has adopted a hybrid approach led by the central government, with new platform One Login, also known as One Login for Government, set to replace GOV.UK Verify with support from the private sector. One Login is designed to digitise public services with just one login for each user, and is expected to rollout in full by 2025.
- Canada is currently using a hybrid approach, with specific wallets for different provinces, such as British Columbia’s BC Services Card app and Alberta’s MyAlberta Digital ID. Canada’s approach includes federal, provincial and territorial governments and private sector as identity and credential providers. MyAlberta Digital ID can be used to e.g. access parts of your health records, or apply to subsidies or student loans.
- Finland is using a hybrid approach led by the government, currently working to develop Suomi.fi Wallet, which will comply with the European Digital Identity Wallet. Finland’s aim for the new identity wallet is to make everyday life easier for their citizens, with a solution that adapts to their society’s changing needs.
Looking ahead, digital identity wallets are expected to become one of our most important assets and the ‘new normal’ for verifying our identities to use private and public services, but businesses must keep up with the fast change to avoid missing out. Now is the time for businesses to fully digitise and adopt verifiable data to prepare for the big change ahead, with changing needs and expectations from their customers.
Want to learn more about Accredify Passport and how your business can get ahead of the curve with verifiable data adoption for digital identity wallets?