dHealth Network is on the verge of launching a groundbreaking suite of healthcare applications powered by blockchain technology. Leading this innovation are Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), which are currently being implemented on our test net. These tools are poised to revolutionize healthcare by addressing stakeholders' critical challenges in managing and securing data. Let us explain the significance of DIDs and VCs in the healthcare sector and how blockchain technology provides the solutions needed to overcome these challenges.
DIDs and VCs are two key components of a decentralized identity ecosystem that enable secure, privacy-preserving digital identity management. Here’s how they relate to each other:
Relationship Between DIDs and VCs
1. Decentralized Identifiers (DIDs):
- DIDs are unique, self-owned, and self-managed identifiers that are not dependent on any central authority. They are used to establish a verifiable and persistent identity in a decentralized manner.
- DIDs can be resolved into DID documents containing information needed to authenticate and interact with the entity associated with the DID. This includes public keys, service endpoints, and other metadata.
2. Verifiable Credentials (VCs):
- VCs are tamper-proof, digitally signed documents that provide proof of specific attributes or qualifications of an individual, organization, or device. They are issued by trusted entities (issuers) and can be verified by other parties (verifiers) without contacting the issuer directly.
- A VC is typically linked to a DID, meaning the holder of the VC can prove ownership of the credentials by proving control over the associated DID. Usally issuers and holders of VC have to have a DID.
How They Work Together
Ownership and Control: A person or organization can use their DID to receive, store, and present VCs. The link between a DID and a VC ensures that the credentials are cryptographically bound to the identifier, allowing the holder to securely control and share their credentials.
Privacy and Selective Disclosure: DIDs and VCs allow for selective disclosure of information. For instance, a person can prove they are a qualified healthcare professional without revealing unnecessary personal information. Thanks to the cryptographic proofs associated with the VC, the verifier can confirm the credential’s authenticity without needing to verify the identity of the issuer directly.
Example: Vaccination as a Verifiable Credential Issued by a Tropical Health Institute
Let's consider a tropical health institute (THI) specializing in diseases prevalent in tropical regions, such as yellow fever, dengue, malaria, etc. The THI issues verifiable credentials (VCs) for vaccinations to individuals who receive vaccines for these diseases.
Step-by-Step Breakdown
- Issuance of DID: An individual, John, registers for vaccination at the THI. Upon registration, John is assigned a Decentralized Identifier (DID) that he controls via a digital wallet on his smartphone or another secure device.
- Vaccination and Credential Issuance: After receiving a yellow fever vaccination, the THI issues John a verifiable credential (VC) digitally signed by the institute. This credential includes details such as:some text
- Vaccine Type: Yellow Fever
- Date of Vaccination: August 14, 2024
- Vaccination Site: Tropical Health Institute
- Expiry Date: 10 years from the date of vaccination (as per standard
yellow fever vaccine guidelines) - Issuer: Tropical Health Institute, with its own DID
- Storage of the Verifiable Credential: John stores this VC in his digital wallet, which is linked to his DID. The credential is tamper-proof and cryptographically signed, ensuring its authenticity.
- Verification by a Third Party: some text
- When John travels to a country where yellow fever vaccination is required, he must prove his vaccination status at the border or to an airline.
- John presents his VC through his digital wallet. The border official or airline, acting as a verifier, checks the VC against the THI's DID. The verification process confirms thatsome text
- the credential was indeed issued by the THI.
- It hasn’t been tampered with (integrity).
- It’s still valid (within the expiry period).
- Selective Disclosure and Privacy: If the verifier only needs to know that John has been vaccinated for yellow fever, John can choose to disclose only that specific piece of information from the VC, maintaining privacy over other potential details included in his digital identity.
- Trust and Decentralization: The entire process is decentralized, meaning that John doesn’t need to rely on the THI to validate his vaccination status continually. The cryptographic proofs and the DID system ensure that the credential remains verifiable independently.
Benefits
- Security: The VC is tamper-proof and cryptographically secured, reducing the risk of forged vaccination records.
- Privacy: John controls his credentials and can choose what information to share.
- Portability: The VC can be easily stored and presented digitally, making it convenient for international travel or other purposes.
- Trust: Thanks to the cryptographic validation process, the verifier can trust the VC without contacting the THI directly.
This example illustrates how DIDs and VCs can be used to create a secure, privacy-respecting, and efficient system for managing healthcare data in the form of a vaccination record, particularly in the context of international travel or public health compliance.