What are KERI, the vLEI, and the LEI?

Q: What is all this stuff?

A: The LEI is a Legal Entity Identifier, the verifiable Legal Entity Identifier (vLEI) is a cryptographic credential that’s tightly bound to the LEI and can be used for digital identity applications that modern enterprises can leverage, and KERI is the underlying suite of technologies that makes this all possible. KERI is developed as open source software and the LEI and vLEI are managed by the Global Legal Entity Identifier Foundation (GLEIF).

Q: Huh?

A: Sorry, it’s a niche subject now but soon to become vitally important in the world. Let me start again.

The LEI is an identifier that any company in the world can apply for from GLEIF. GLEIF will do due diligence on the application (to make sure the information is all correct) and then grant that business an LEI with which it can do business. Today, these LEIs are mostly used in financial transactions.

Q: Who gave GLEIF that ability?

A: GLEIF operates under the Financial Stability Board which gets its authority from the G20. It was set up after the financial crisis of 2008 to help provide the necessary visibility to member states of the global trade that flows in and out of their borders. The LEI is basically envisioned as an number for each company on Earth that isn’t anchored in one company or country.

Q: Oh, well then why do we need the vLEI?

A: The vLEI is a far-sighted program by GLEIF to make the next step in digital identity in a movement that’s coming to give companies and people control over the identities that they operate under. Cryptographic identifiers like the vLEI provide far more utility than just another number required for certain forms. The vLEI is envisioned as a grand program to provide an assured verified basis for identity that companies can use to derive and develop all kinds of useful services and credentials for the market.

Q: Services and other credentials?

A: Right, one of the cornerstones of the vLEI is its ability to construct other credentials while maintaining the security and assurance of the vLEI itself. Rather than being tightly tied into a particular computer system or particular federation, or even worse, a particular blockchain, companies can have credentials and create credentials and do things with those credentials unimpeded. They can run it on a few machines to get as much authority as a TLS server today or on a thousand for far more reliability and security.

Today issuers of vLEIs can issue special credentials to officers and agents of companies (after doing due diligence of course) that can be traced back cryptographically to that vLEI. These credentials are issued under a program that is also administered and governed by GLEIF but this type of scheme is fairly easy to engineer. In the future, businesses will be able to create and extend their own credential schemes with the vLEI as the root.

Q: So what those services?

A: Anything that cryptography allows! Today the vLEI is used mostly to sign financial documents in pilot programs. In the future, the vLEI will serve as the base of employees cryptographically signing documents, tracking document provenance, encrypting communications between those employees and even to customers, authorizing and authenticating users and customers, storing secrets in a manner that can survive disasters, and probably a whole lot more! This scheme can support every prototype we’ve thought up so far and we’re sure that it has a lot more room to expand as we develop the tools and products to fully utilize its capabilities.

Q: That all sounds kind of abstract. What are some real world uses?

A: Today there are startups and companies prototyping and developing the use of the vLEI and /or KERI as the basis for:

• • Encrypting telecom communications and providing secure private communication channels for their customers
• • Dealing with distributed market chains of music intellectual property rightrs.
• • Pilots with US customs to fill out forms as goods come across the border
• • Pilots of Know Your Business KYC/AML compliance
• • Regulatory Signoffs for financial transactions or authorized reports
• • Document provenance for e-discovery
• • and much more.

Q: So why can’t we just do that with the technology we have? Why do we need that “carry” you mentioned?

A: Ahh, KERI stands for the Key Event Receipt Infrastructure. It is the revolutionary new suite of technologies that makes this all possible. Its being developed in the WebOfTrust open source community with associated open standards being developed at the Trust Over IP Foundation. It is a revolutionary Distributed Public Key Infrastructure based system.

It can be run on one computer or a whole distributed network. It can accommodate a few transactions a year with long lived credentials (like a drivers license) or 10,000 transactions a second. One could use it to secure a military base or just a teenager’s secret diary. Its versatility is its key selling point and something that’s unlike many of the other systems that exist today.

Q: Oh so KERI makes all the vLEI stuff possible.

A: Yeah!

Q: I think I get it; this is about companies having credentials that they control, derived from an authoritative source, and giving them the ability to derive other credentials for their employees, systems, and business processes that can be used for all kinds of futuristic sci-fi things.

A: Exactly, we’re focusing identity away from where its been historically (the computer systems those identities were operating from) and instead focusing it on the businesses and people that run those businesses directly.

Q: Cool stuff. How can I contact you to get more information on what you can do for my company?

A: Haha, our contact information is below. Please reach out as soon as possible!