Key Digital Functionalities describe the core (required) functions that this Building Block must be able to perform.
1. Credential Storage and Management
Credential holders should be able to retrieve, securely store and manage various types of digital credentials, including educational, professional, and other verifiable credentials in the Wallet.
1.1. Integrate with Credential Issuers PHASE 1
The wallet must seamlessly integrate with a variety of credential issuers, ensuring a streamlined process for credential issuance and updates into the wallet.
A user-friendly and customizable mechanism should be in place to facilitate integration with credential issuers. This ensures a simplified and efficient addition of new credentials to the wallet.
1.2. Secure Storage of Credentials PHASE 1
The wallet must provide a secure environment for storing sensitive credential information, implementing encryption techniques to protect stored credentials and ensuring that only authorized users can access and decrypt the information.
1.3. Organise and Manage Credentials
The wallet must provide mechanisms to organise the credentials and should support features such as,
Ordering of credentials in the wallet
Ability to categorise the credentials based on type
Ability to give a name to the credential
1.4. Remove a Credential
The wallet must allow the holder the ability to remove credentials from the wallet.
2. Presentation and Sharing
The wallet must empower credential holders with control over their digital credentials, allowing them to decide when and how to share specific information.
2.1. Presenting Credentials in Standardized Formats PHASE 1
The holder should be able to digitally present the credentials to relying parties or verifiers through a secure and standardized format, making it interoperable and convenient for various verification scenarios.
2.2. Selective Disclosure
To enhance privacy, the holder should be able to choose and share specific attributes of a credential without revealing unnecessary details, giving them control over the information disclosed.
2.3. Sharing of Credentials
The wallet should provide a mechanism for the holder to share the credentials in a secure and standardized manner using standard protocols.
Here, are a few methods for sharing credentials with Verifiers,
QR Code Sharing
Method: Generate a QR code representation of the verifiable credentials.
Usage: Users can display the QR code on their device, and verifiers can scan it to receive the credential information. This method is efficient and can be used in offline scenarios.
Secure URL or Links
Method: Create a secure URL link to the verifiable credentials.
Usage: Users can share the link with verifiers, who can then access the credential information through a secure online connection. This method is convenient for remote verification.
Bluetooth Sharing PHASE 1
Method: Leverage Bluetooth technology for secure data transmission.
Usage: Users can share their credentials with Bluetooth-enabled devices, providing a wireless and secure means of transferring information.
NFC (Near Field Communication) Sharing
Method: Transmit credential information between devices using NFC.
Usage: Users tap their device against an NFC-enabled verifier's device to securely share the credential.2. User Control and Consent.
Deep Linking
Method: Generate a deep link pointing to the specific credential within the Digital Credential Wallet.
Usage: Users share the deep link, and recipients can click or open it to access the credential directly within the app.
Credential Sharing via DLT (Distributed Ledger Technology):
Method: Leverage blockchain or other DLT for secure and tamper-evident credential sharing.
Usage: Credentials are stored on a decentralized ledger, and users can share proof of credentials without revealing the actual data.
Email or Messaging Integration:
Method: Send encrypted credential information via email or messaging.
Usage: Users send verifiable credentials directly to verifiers through secure communication channels.
2.4. Biometric Authorization for Sharing PHASE 1
The digital wallet should offer a provision for credential holders to authenticate themselves, preferably utilizing biometrics, before sharing credentials, thereby adding a layer of security. This process also ensures that the credential holder was physically present during the credential sharing, and implicit consent was captured.
3. Verification of Credentials
Verifiers must be able to independently verify the authenticity of the credentials shared by the credential holders.
3.1. Standardized Verification Process
The verifiers should have a standardized and reliable process to identify the type of credentials and independently verify the authenticity of presented credentials to ensure that the credential has not been tampered with and is issued by a trusted issuer.
3.2. Decentralized Verification
The verification process should not rely solely on a centralized authority; verification can happen in a decentralized manner.
3.3. Cryptographic Verification Mechanisms
Cryptographic techniques should be employed to verify the authenticity of credentials, such as digital signatures, ensuring that the credentials presented are genuine and have not been manipulated.
3.4. Interoperability with Verifiers
The wallet should be designed for seamless interoperability with diverse verifiers across different systems. The implementation of standardized formats and protocols guarantees that the wallet can effectively undergo verification processes with a broad spectrum of entities, fostering enhanced interoperability.
4. Revocation and Expiry Management
The wallet must proficiently manage situations in which credentials are vulnerable to revocation and expiration.
4.1. Periodic re-issuance of Credentials
The wallet should regularly renew particular credentials, based on the credential type, to assess their current validity. This functionality may be necessary for credentials susceptible to revocation by the issuing entity.
4.2. Credential Expiry Handling
The wallet must automatically identify credential based on the expirations and marking expired credentials as invalid.