Credentials Function

Verifiable Credentials (VC) are descriptive proof of some of the user's Decentralized Identity (DID) properties (the relationship between the identity of the entity and the entity) backed by the DID of the issuer with its own digital signature in the field of DID. It can be regarded as a type of digital certificate. ONTO's Credentials function allows users to edit and send the credentials to their contacts for verification; verified credentials can be sent to other contacts to verify their status. Verifiable Credentials enable long-distance interaction of authoritative information.

For example, when someone joins a new company, a credential of his/her work experience can be sent to his/her former employee for verification, after which this credential can be used for background checking. The new company can verify whether his/her work experience is true by simply verifying the credentials.

My Credentials

You can find your verified credentials here and check the authentication history or send the credentials to your contacts for authentication or verification.

Request

This includes authentication requests and credential verification requests. You can view and process the requests sent to you by other users.

History

Here you can find the history of the authentication, issuance, and verification actions you made for others. Each historical record includes the recipient, the recipient's ONT ID, the time the credential was created, the type of credential, and the time of authentication or verification.

Drafts

Unsent credential drafts will be saved here, and you can edit and send them out later.

Credential Templates

These include templates of academic courses, proof of employment, and skills. You can select a template, fill in the information, and send it out. You can upload a PDF file to the template to generate a file hash, which will be authenticated or verified as part of the credential. The PDF file can be sent to the authenticator (verifier) by third-party applications (social apps, email, etc.). After receiving the invitation, the authenticator (verifier) needs to upload the same file to verify whether the file hash matches for authentication (verification), thus ensuring that the PDF file it receives is the one uploaded by the sender when editing the credential.

Customize Credentials

Tap the pencil icon in the lower right corner to create a custom credential, and tap the "+" icon on the "Edit" page to add field values.

Issuance

The issuance process of verifiable credentials involves two roles, namely the Issuer and the Recipient. Generally, a verifiable credential should include the contents of the credential, digital signature, and blockchain records. More specifically, a credential contains:

1. Credential ID: the unique credential ID;

2. Credential content: specific information, such as degree certificate;

3. Credential metadata:

1) Creation time: the time the credential was created;

2) Issuer: ONT ID of the Issuer;

3) Recipient: ONT ID of the Recipient;

4) Expiry time: the time when the credential automatically expires;

5) Revocation mechanism: the revocation list can be used, or the revocation information can be directly recorded in the smart contract;

4. Blockchain proof

5. Signature

1) Issuer's public key ID

2) Signature value

Verifiable Credential Issuance Process

In a nutshell, there are two ways to authenticate and issue credentials:

Authenticate by invitation: that is, the recipient fills in the content of the credential and invites the issuer to authenticate the credential. After the issuer authenticates it, the result is sent back to the recipient, and the credential will then belong to the recipient. For example, an employee fills in his proof of employment and sends it to his/her company. After the company authenticates it, the proof of employment becomes effective, and the employee obtains the credential.

Issue credentials: Issuers fill in the Credentials, authenticate them, and send them to the recipients, who will be the owners. For example, teachers fill in and send the report credentials to the students.

Verify Credentials

Authenticated credentials can be shared with your contacts, who need to check their validity when viewing. Simply put, verifying credentials has three steps:

1. Check if it's on the blockchain;

2. Check if the signature has expired (optional);

3. Check if the credential has been revoked (optional).

In the future, more credential templates will be added and more authentication institutions will be available to meet the demand for different scenarios, improve the DID authentication system, and enable users to manage their identity credentials.