Digital credential

Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print. Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print. Because of the still evolving, and sometimes conflicting, terminologies used in the fields of computer science, computer security, and cryptography, the term 'digital credential' is used quite confusingly in these fields. Sometimes passwords or other means of authentication are referred to as credentials. In operating system design, credentials are the properties of a process (such as its effective UID) that is used for determining its access rights. On other occasions, certificates and associated key material such as those stored in PKCS#12 and PKCS#15 are referred to as credentials. Digital badges are a form of digital credential that indicate an accomplishment, skill, quality or interest. Digital badges can be earned in a variety of learning environments. Real world credentials are a diverse social phenomenon, and as such are difficult to define. As with digital signatures it is misleading to assume a direct correspondence between the real-world and the digital concept. This holds even if defining criteria for credentials in the digital world could be agreed on. The success of digital signatures as a replacement for paper based signatures has lagged behind expectations. On the other hand, many unexpected uses of digital signatures were discovered by recent cryptographic research. A related insight that can be learned from digital signatures is that the cryptographic mechanism need not be confused with overall process that turns a digital signature into something that has more or less the same properties as a paper based signature. Electronic signatures such as paper signatures sent by fax may have legal meaning, while secure cryptographic signatures may serve completely different purposes. We need to distinguish the algorithm from the process. Money is usually not seen as a qualification that is attached to a specific person as token money is taken to have a value on its own. Digital assets like digital cash are easily copied. Consequently, digital cash protocols have to make an extra effort to avoid the double spending of coins. Credentials are a proof of qualification that is attached to a person. E-Coins are given to individuals, who cannot pass them on to others, but can only spend them with merchants. As long as they spend a coin only once, they are anonymous, but should they spend a coin twice, they become identifiable and appropriate actions can be taken by the bank. This commonality, the binding to an individual, is why digital cash and digital credentials share many commonalities. In fact most implementations of anonymous digital credential also realize digital cash. The main idea behind anonymous digital credentials is that users are given cryptographic tokens which allow them to prove statements about themselves and their relationships with public and private organizations anonymously. This is seen as a more privacy-friendly alternative to keeping and using large centralized and linkable user records. Anonymous digital credentials are thus related to privacy and anonymity. Paper world analogues of personalized, or non-anonymous credentials are: passports, driving licenses, credit cards, health insurance cards, club membership cards etc. These contain the name of the owner and have some authenticating information such as a signature, PIN or photograph, to stop them being used by anyone other than the rightful owner. Paper world analogues of anonymous credentials are: money, bus and train tickets, and game-arcade tokens. These don't have any personally identifying information and consequently can be transferred between users without the issuers or relying parties being aware of this. Credentials are issued by organizations that ascertain the authenticity of the information which can be provided to verifying entities on demand.