Utilizing Verifiable Credentials for Vendors and Contractor Access

Hi everybody. My name's Rob McDonald. I'm a fill in today. We had Mike Engel originally to do this from his home office, actually in New Jersey, but unfortunately he had a death in the family. So I'm here. So I got to jump in and fill in for him today. So what we're gonna talk about today is utilizing verifiable credentials for, well, we have third party access, but we're actually gonna talk about it from a perspective for anybody within the organization to be able to use verifi verified, verifiable credentials and what that means for organizations going forward.

As we, as we move into this realm. So we're gonna talk a bit about why verifiable credentials. We're gonna do a quick demo on it and kind of talk about what's next. So let's jump in. So when we look at credentials themselves, we build credentials today, we do it in a much different way in terms of what's going to happen and what's coming down the road. So as we know, when we go into an organi, when we first started, any organization, the organization you're currently working for, they asked, asked you for documents. I need your driver's license, I need your national id, I need your passport.

I need to prove who you are. And that's done right now in a very manual process. And what we're looking at doing is moving this to a more online first environment. Why?

Well, as we know with Covid, everybody started working from home. People don't wanna go back to the office. I've worked from home for years. I believe Eve, I know Eve. Eve works from home as well. So that remote first environment means that it's gonna become much more difficult to prove who users are if they're never gonna be in the office. Especially when you consider third-party contractors. In some cases you may never, ever lay lay eyes on them, right? So how do you go about verifying those identities if you've never ever seen them?

Just simply scanning and emailing and documents is not the way to go about doing that. We need to have a digital first environment to be able to do that, and that's what verifiable credentials are actually gonna bring to the table for us. So there are some digital identity standards that are coming around that kind of guideline. Some of this stuff, if you look at nist, that's a big one in the us. So the 800 dash 63 dash three standard talks about how you go about verifying identities in a digital first environment. There are others, there's E ideas, there's G P, excuse me, G P G 45.

But at the end of the day, what these guidelines are built to do is to establish identity and doing that remotely. So there are multiple identity sources and they're matched to real human biometrics. So what do I mean by that? The concept is ID plus selfie. So we take a selfie, we look at the face, we then scan the documents, we take the picture off those documents and try to match everything. Do they match? Is the face present on the, on the, on the document similar to the one that was just given through the biometric?

If so, then we can start to build that verified credential. And then in terms of multiple identity, identity sources, you know, we're looking at, again, like I said earlier, driver's license.

Same, the same documents we're using today. We're just scanning those in and doing it digitally. So in doing this, and in building these verifiable credentials, it does a couple of things. So I talked about the ID plus selfie, right? So the ID proofing it gives me, we're leveraging the camera to scan the document and we're matching that to the live selfie.

And then that check, when we're looking at the documents, like a driver's license as an example, or even a passport, there are holograms, there are specific shapes, there are things that are built into those documents that we can look at to make sure that the document is valid. Now, on top of that, we could, depending upon the country, go out and check against the issuing authority to make sure that the document is an actual document. Meaning does the document number, so the driver's license number, does that number exist in your database, yes or no?

And if it's a yes, well then we can assume that the document that's in front of us is valid. Now, once you do all of those things and you, you, you check that idea against the source of truth that ID plus selfie now becomes a verified credential, right? And there's an issuing or there's a standardized body around that, and that is the, you know, the W three C, right? That verified credential. So once you have that credential, you can assign that to the user. That trusted credential can now be immutably linked because it's typically these things are built on a blockchain.

So that blockchain then gives you that immutable, that immutable audit trail and the biometric that goes along goes along with it. So there's a couple of things that this brings to the table. And when we think about it from an organizational standpoint, one, we're looking at safety and privacy. So you have a verified identity, it's reusable, but it's not shareable, which is a key component. And there's no storage of PII data that you have to leverage deal with anymore.

So from a GDPR perspective, it becomes much more easy to manage that data because it's kept with the user, it's kept on the blockchain, only they have access to it. Therefore, you as an organization, no longer have to manage it. And if you look at it from a speed standpoint, what we, what I mean by speed is, is that you can get this up and in production much faster. If you're leveraging a third party, like one cosmos as an example, you don't have to build it yourself, right?

So that federated identity that you're leveraging, you know, you no longer have to build the piping to make all of that work. It works inherently with the credentialing issuer, which would be somebody like ourselves, right? So that instant ID verification becomes much, becomes very powerful within the organization because now you have a verified credential that you can use to authenticate the user, or you can even use it to authenticate the user into, let's say for example, you have a a third party HR system, or you have a third party training system that you need users to log into.

Well, instead of trying to build the login into that and verify that the user is an employee of the company, you now have a verified credential that you could then u have the user leverage to log into those, those those areas. Let's say, you know, you have a third party that you, your employees get a discount with because of your relationship, whatever that that third party might be. Maybe you get discounts on clothing or mortgages or whatever that might be. You have a verified credential that you've already built.

You no longer have to try to build something in for the, for the, the employee to go prove that they're a, an employee of your organization. So how does it, how does it work?

Well, you have ID issuers, so that would be you as the, as the, as the organization. So you as the employer, you're going to do the proofing, the KYC proofing or just the identity proofing in general. So you're going to check national IDs, you're gonna check driver's license, passports, bank health accounts, telcos, sim cards. There's a bunch of things that you can leverage to build that verified credential. Once that's built, you can then issue a public and private key to the user that they're then going to utilize to prove who they are.

So that digital identity now becomes part of an identity wallet. You know, we'll probably call it something a little bit different within the organization. But basically you're building a wallet with those credentials that the user is gonna be able to leverage to log in to either the organization or into that third party, like I mentioned earlier. And those digital wallets and agents, you're now leveraging a W three C verified credential all stored and leveraged on the blockchain for that immutable audit trail that I mentioned earlier.

And now, because you're able to verify that identity, you can then issue that out to either third parties or whatever that that may be. So if you wanna see how it works, you can do that right on our website. You can go to developer.one cosmos.com and you can actually go issue your own verified credential just to see how it works. We don't do anything with it.

Again, once you leave, it's, it's gone, but you can go see how it, how it works. I'm gonna show you how it works here in a second. But if you want to go do it for yourself, there's a sandbox you can go play in to check it out for yourself. So how do you go about identity and biometric enrollment?

Well, first thing you're gonna do is you're gonna go download our app as an example. And then you're in doing, so there's a, a private and public key generated that's stored on the TPM of the device. Generate a pin in case your face ID doesn't work or something like that. You can enter a pin to enter in the app and then you're gonna allow it to use your touch and or face id, which is the, the, the biometrics built into the device. You're then gonna build your live id, the real biometric that I mentioned earlier, right?

And that's an important step later on down the road because we're gonna utilize that to compare the, the image that we pull off the documents that we're gonna scan in the next step. So a lot, that all happened very, very quickly, but what we did is we basically started the wallet. So we can start building that verified credential. Now we're going to scan in the documents. First thing we're gonna do is we're gonna scan in a driver's license and that driver's license, we're gonna pull the information off the front and back.

And once we do that, we could go out and verify it against the issuing authority if you wanted to go and do that step, don't have to, but that's an option. All right, driver's license is in, now we're gonna do passport passport's. Interesting if you have a smart passport with a chip on it, we're gonna scan the information off the front of the passport. We're gonna read that r Z data, which is then gonna give us access to the chip on the passport.

So we're then gonna do an NFC read of that chip to make sure that the doc, that the information on the front on the passport that we just scanned is the same thing that's on the chip. We now have a high res version of your face as well cuz there's a really high res version of that picture that's on the passport and we're gonna leverage that.

So again, that all happens very quickly. So those things all happen faster than than I can actually talk. So now that we have that done, we have a wallet, we have a verified credential, now we can send it to the employer to start building your, your, I guess your identity within the organization itself, right? So that new personnel onboarding has just now been automated. You're then gonna scan in your documents, you're gonna send that into the organization. They're gonna say, yep, that's Rob and I'm going to then send that to it to build your account. So let's look at what that looks like.

So the onboarding new hires with a verified credential is very easy. Let's take a look at what that looks like. We're gonna scan the QR code, that QR code's gonna say Hey, alright Michael, it's actually Mike cause Mike was gonna do the demo.

Mike, are you okay with me sending this information? Yes, well gimme your live ID to make sure it's you and we'll send it along. And now you can see that all that information's been sent. And if you're interested in IAL one or I AAL two, we are, we were an IAL two certified credential that we're now sending into the organization. So last couple of steps here, I'm gonna enter in my personal email and phone number that's contacting hr. The next step that's gonna happen is, okay great, HR has got all your stuff.

I'm gonna get an email to enroll into block id, which is then going to give me, is now gonna bind me to my, my hr, my IT account. So when I first start on day one of the organization, I'm gonna open up my laptop, there's gonna be a QR code staring at me and that QR code is how I'm going to authenticate going forward. So never a username, never a password ever enters this situation. So the user starts day one without a traditional credential. They're using a verified credential now as they log in.

So we're gonna scan the QR code again and Mike did his, his face I his live ID and he's in now you're thinking Rob, I don't want people to have to do that every time they have to log in. That's okay. We're going to, in this case lock the lock the computer and this time when I go back to log in, it's just gonna send me a push notification, which I can then either accept on my device or as you'll see here, Mike is gonna do with his, with his watch, you can see, hey, do you want to do that? Are you okay? And you're in, it's pretty easy. Great user experience too, right?

So if you think about your first day at work, I don't know about you, typically I get, oh, I get an email with a username and password or my manager sends it to me. Again, not a great experience. Not very secure. And that's all done because of the manual process that has to happen to onboard a user, whether that be an employee or a or a a third party contractor. So pretty straightforward using those verified credentials makes it super easy to get users into the, into the user journey within the organization.

It also enables you to do a whole bunch of cool things like make sure there's never a username and password used on even day one of employment. And I'm right on time. Thank you. Any questions? Do we have time for questions? We have time for one question.

Oh, very good. One question And then just bundle 'em out. You're leaving a pair of Smoking shoes.

Okay, Where did that come from? Laser. There's a question at the back and if you do have questions we have a booth just outside, you can come see me there too. What's the format of the credential? In what sense?

The, which of the DC formats are you using? That's a good question that I don't have an answer for right here. But if you come to the booth I will get you an answer for that. That's a good one. Somebody asked me that earlier today. I meant to get an answer for it. And my apologies. VP of product marketing, right? So not the engineer side, but I do have an answer for that and I will get it for you. Okay. And that was unfortunately my only question. That was it. Unfortunately we we're also out of time. But thank you Robert for your session. Thanks for jumping in and last Minute also.

Appreciate it and thank you everybody. Hopefully we'll see you a little bit. The booth.