Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Key Digital Functionalities describe the core (required) functions that this Building Block must be able to perform.

Table of Contents
stylenone

1. Credential

...

LifeCycle in Wallet

Credential holders should be able to retrieve, securely store and manage various types of digital credentials, including educational, professional, and other verifiable credentials in the Wallet.

1.1.

...

Importing Credentials into Wallet

The wallet must seamlessly integrate with numerous a variety of credential issuers to facilitate smooth , ensuring a streamlined process for credential issuance and updates into the wallet.

A straightforward user-friendly and customisable mechanism should exist for integrating be in place to facilitate integration with credential issuers, simplifying the . This ensures a simplified and efficient addition of new credentials to the wallet.

Tip

Use Case

Robert applies for health insurance with XYZ Insurance. Upon verifying his details, XYZ Insurance issues the policy and sends it to Robert via email. The email contains a QR code. When Robert scans the QR code with his mobile phone, the wallet app prompts him to enter the policy ID and date of birth for security. Upon entering the details, Robert receives the Policy Credential in the wallet.

Info

1.2. Secure Storage of Credentials in Wallet

The wallet must provide a secure environment for storing sensitive credential information, implementing encryption techniques to protect stored credentials and ensuring that only authorized authorised users can access and decrypt the information.

1.3. Organise and Manage Credentials in Wallet

The wallet must provide mechanisms to organise the credentials and should support features such as,

  1. Ordering of credentials in the wallet

  2. Ability to categorizing categorise the credentials based on type

  3. Ability to give a name to the credential

1.4.

...

Remove a Credential from the Wallet

The wallet must allow the holder the ability to remove credentials from the wallet.

Tip

Use Case

Moris plans a trip to the Caribbean, purchases flight tickets, and adds the ticket credentials to his wallet. However, due to unforeseen circumstances, he has to cancel the trip. To tidy up his wallet, he decides to remove the ticket credentials:

  • Moris navigates to the wallet section where his flight ticket credentials are stored.

  • He locates the option to remove the credential and clicks on it.

  • A confirmation pop-up appears, prompting Moris to confirm the removal.

  • Moris confirms the removal, and the flight ticket credential is successfully removed from his wallet.

1.5. Transfer of Credentials from One Device to Another

The credentials can be transfered from one device to another (when credentials are locally stored in a device) by the holder. The transfer can happen subject to the binding of credentials to the new device has to happen once again.

Tip

Use Case

Amanda, in the process of upgrading her phone, needs to transfer all her data, including credentials and documents, to her new device. With no automatic cloud wallet integration available, she follows these steps:

  1. Settings Options:
    Accessing the wallet settings on her old phone, Amanda finds "Transfer to new device" and "Transfer from another device" options.

  2. Initiate Transfer from Old Phone:
    On her old phone, Amanda selects "Transfer from another device," generating a QR code with connection details.

  3. Initiate Transfer on New Phone:

...

  1. Installing the wallet on her new phone, Amanda selects "Transfer to new device" and uses the QR code scanner to establish a connection with the old phone.

  2. Credential Selection:
    On her old phone, Amanda sees a pre-selected list of credentials.

  3. Authenticate and Transfer:
    Clicking on "Authenticate & Share" (or "Share" based on security levels), Amanda authenticates herself securely.

  4. Completion:
    All credentials and documents successfully transfer to her new phone. However, credentials explicitly bound to the key on the previous phone are no longer bound.

  5. Re-binding:
    Amanda needs to bind these specific credentials once again due to the change in device.

2. Presentation and Sharing of Credentials

The wallet must empower credential holders with control over their digital credentials, allowing them to decide when and how to share specific information.

2.1. Presenting Credentials in Standardised Formats

The holder should be able to digitally present the credentials to relying parties or verifiers through a secure and standardised format, making it interoperable and convenient for various verification scenarios.

2.2. Selective Disclosure

To enhance privacy, the holder should be able to choose and share specific attributes of a credential without revealing unnecessary details, giving them control over the information disclosed.

Tip

Hari, a 19-year-old, was riding his bike when he was stopped by a Traffic Police officer. Observing Hari's youthful appearance, the officer decided to verify Hari's age since the country has a minimum age limit of 18 for individuals to ride a vehicle.

3. Decentralized Architecture

Implement a decentralized approach using technologies like blockchain to enhance the security, trust, and interoperability of the digital credential wallet.

4. Presentation and Verification

Credential holders should be able to present digital credentials digitally for verification purposes, and verifiers must be able to independently verify the authenticity of these credentials.

5. Revocation and Expiry Management

Support the revocation and expiration of digital credentials to ensure users present the most up-to-date and valid information.

6. Multi-Purpose Use

...

The officer requested Hari to show his credentials for age verification. In response, Hari accessed his mobile wallet, while the police officer opened his verification application. The officer then initiated an authorization request to Hari's device.

Hari's wallet retrieved the request object, which requested for the claim "ageOver18" from his driving license to be shared. The wallet informed Hari that the Police Officer was seeking confirmation of whether the age is over 18 or not. Considering that his driving license credential contained the claim "ageOver18," Hari authorized the sharing of this information with the police officer.

Info

Reference:

Info

Selective Disclosure Signatures

2.3. Mode of Sharing

The wallet should provide a mechanism for the holder to share the credentials in a secure and standardised manner using standard protocols.

Here, are a few methods for sharing credentials with Verifiers,

  • QR Code Sharing

    • Method: Generate a QR code representation of the verifiable credentials.

    • Usage: Users can display the QR code on their device, and verifiers can scan it to receive the credential information. This method is efficient and can be used in offline scenarios.

  • Secure URL or Links

    • Method: Create a secure URL link to the verifiable credentials.

    • Usage: Users can share the link with verifiers, who can then access the credential information through a secure online connection. This method is convenient for remote verification.

  • Bluetooth Sharing

    • Method: Leverage Bluetooth technology for secure data transmission.

    • Usage: Users can share their credentials with Bluetooth-enabled devices, providing a wireless and secure means of transferring information.

  • NFC (Near Field Communication) Sharing

    • Method: Transmit credential information between devices using NFC.

    • Usage: Users tap their device against an NFC-enabled verifier's device to securely share the credential.2. User Control and Consent.

  • Deep Linking

    • Method: Generate a deep link pointing to the specific credential within the Digital Credential Wallet.

    • Usage: Users share the deep link, and recipients can click or open it to access the credential directly within the app.

  • Credential Sharing via DLT (Distributed Ledger Technology):

    • Method: Leverage blockchain or other DLT for secure and tamper-evident credential sharing.

    • Usage: Credentials are stored on a decentralised ledger, and users can share proof of credentials without revealing the actual data.

  • Email or Messaging Integration:

    • Method: Send encrypted credential information via email or messaging.

    • Usage: Users send verifiable credentials directly to verifiers through secure communication channels.

2.4. Biometric Authorisation during Sharing

The digital wallet should offer a provision for credential holders to authenticate themselves, preferably utilising biometrics, before sharing credentials, thereby adding a layer of security. This process also ensures that the credential holder was physically present during the credential sharing, and implicit consent was captured.

3. Verification of Credentials

Verifiers must be able to independently verify the authenticity of the credentials shared by the credential holders.

3.1. Standardised Verification Process

The verifiers should have a standardised and reliable process to identify the type of credentials and independently verify the authenticity of presented credentials to ensure that the credential has not been tampered with and is issued by a trusted issuer.

3.2. Decentralised Verification

The verification process should not rely solely on a centralised authority; verification can happen in a decentralised manner. Hence, we are recommending the use of Verifiable Credentials for the digital credential wallet.

3.3. Cryptographic Verification Mechanisms

Cryptographic techniques should be employed to verify the authenticity of credentials, such as digital signatures, ensuring that the credentials presented are genuine and have not been manipulated.

4. Revocation and Expiry Management

The wallet must proficiently manage situations in which credentials are vulnerable to revocation and expiration.

4.1. Revocation Notifications

The holder should receive timely notifications when one of his/her credentials is revoked. The notifications may be sent through push notifications, email, or other designated communication channels. This would help the holder to keep the wallet upto date.

4.2. Periodic Re-issuance of Credentials

The wallet should regularly renew particular credentials, based on the credential type, to assess their current validity. This functionality may be necessary for credentials susceptible to revocation by the issuing entity.

4.3. Credential Expiry Handling

The wallet must automatically identify credential based on the expirations and marking expired credentials as invalid.

5. Administation

5.1. Governance

5.1.1. Creation of a Wallet Registry

In the context of the system's administration and governance in a country, the creation of a Wallet Registry could be needed. This registry serves the purpose of recording and managing wallets authorized to store credentials that are issued within the country. The primary objective is to establish a controlled environment where issuers can verify the authenticity of a wallet before transferring or sharing credentials to it.

5.1.2. Creation of a Sectorial Issuer Registry

In the governance framework of the system, a Sectorial Issuer Registry can be established. This registry is intended to systematically record and manage information about issuers operating within specific sectors. The goal is to provide a structured approach for overseeing and verifying the legitimacy of issuers before they participate in the issuance and sharing of credentials. This registry can be used by wallets or verifiers to verify by the

5.1.3. Workflow Management for Registration

Should provide a configurable workflow to perform review of the application shared by a wallet solution or Issuer to register into the respective trust registry.

5.2. Issuer Side Administrator

5.2.1. Issuance of Credentials into Registry

As part of the administrative capabilities on the issuer side, the Issuer Side Administrator should have the functionality to add credentials into the registry.

5.2.2. Revocation of Issued Credential

The system should facilitate the revocation and potential reversal of issued credentials by administrators.

5.2.3. Ledger Management

Issuer Side Administrators should have the capability to trace and monitor changes made to a credential using a ledger.

5.2.4. Controls by Issuers

  1. The format of the credential to be Issued

  2. The type of the credential to be issued

  3. The authentication methods for issuing a credential

  4. The authentication methods to share a credential from a wallet

6. Wallet Usage

This section will detail the usage of wallet once the credentials are onboarded on the wallet.

6.1. Credentials for Authentication

This feature allows credential holders to authenticate themselves using selected credentials stored in the wallet, leveraging diverse authentication mechanisms available within the wallet's functionality.

The type of authentication methods supported by a credential can be defined by the issuer.

6.2. Using Wallet for Signing Documents

This feature allows the user to take a document as input and sign it using the user’s key present in the user’s device which is bounded to a specific credential.

6.2. Using Wallet for storing and sharing Documents

The user can use his wallet like a Personal Vault.

This feature allows the user to save and share personals documents (eg passport, birth certificate, diploma,…)