When the world underwent a major digital transformation in the mid-to-late 90s with the introduction of eCommerce, RSA was there. RSA pioneered the BSAFE cryptographic library, which Netscape then embedded into their browser to enable secure financial transactions over the web. Now as the world shifts again, this time towards decentralized infrastructure, RSA once again has a role to play. It’s in this context that we’d like to introduce the latest project out of RSA Labs: Project Mercury.
In 2018, RSA Labs investigated decentralized identity with Project Sif. Since then a lot of progress has been made in the field. Standards have emerged and development tools have become available. One area that has developed that looks particularly promising is around Verifiable Credentials. The idea behind verifiable credentials is simple but powerful. Verifiable credentials are cryptographically signed attestations that can be issued by anyone including governments, banks, or even a friend or family member. The key to their utility is that they can be instantly verified by anyone. The number of applications of this technology is limitless. Need a way to prove you’re licensed to operate a vehicle? The DMV can issue you a credential. Only want to interview candidates that can prove they have a college degree? Universities can issue credentials to their alumni. The list goes on and on.
The problem companies face in adopting verifiable credential technology is that much of the infrastructure must be custom built. It’s not simple to work with and requires specialized expertise. We’ve seen with Amazon’s AWS the value that companies can realize by building atop undifferentiated infrastructure. Similarly, there is a need to provide a set of tools and services that make verifiable credential technology easy for companies to build upon. The vision for Project Mercury is to build a suite of cloud-hosted services to enable companies to utilize verifiable credentials to improve their business. Improvement can come in the form of a streamlined user experience and/or reducing the cost and/or risk of doing business. Once this infrastructure is built companies will be free to innovate around the technology to achieve things not currently possible. RSA wants to be the catalyst that enables those transformations just as we enabled eCommerce 25 years ago.
To illustrate what’s possible consider the case of proving ownership of your bank account to your utility company to setup automatic bill pay. Today this is achieved by your utility company depositing a small amount of money into the account; a transaction which take several days to clear. Once you see the transaction appear in your bank account, you then must go back to your utility provider and enter the transaction amount, and then finally try to remember what it was you were doing in the first place. Instead consider this flow: The bank issues you a verifiable credential attesting to your ownership of your bank account. When your utility company requests your bank account information to setup automatic bill pay, you only need to present your credential. Upon showing your credential the utility provider can verify the information within seconds and you can be on your way. Another example where this technology may prove essential is in a post-Covid-19 world. Bill Gates and others have discussed the need for digital credentials that can provide assurances about vaccination or exposure. It’s possible that such credentials may even be required for traveling internationally. Verifiable credentials could fulfill such a need.
Things are just getting started with Project Mercury. Please stay tuned to the RSA Labs blog for the latest updates. Let us know if you have any questions or feedback through the comments below. Thanks!