Credential Verification
Overview
Credential verification is the process by which a verifier, such as a service or a platform, checks the validity of a digital credential presented by a holder. Verification includes the following checks:
- Identity assurance:
- Establish trust in the entity attesting the claims in the credential. This is achieved by resolving and validating the Issuer's identifier.
- Check that the credential was issued by a trusted Issuer. This can be achieved by checking the Issuer's identifier against a local or external list of trusted issuers.
- Information assurance:
- Establish trust in the integrity of the information included in the credential and that it has not been tampered with. This is achieved by verifying the credential digital signature (cryptographic trust).
- Ensuring the credential conforms to a referenced specification by validating its format and content against it (when applicable).
- Ensuring the information in the credential is currently valid - the credential is currently active, has not yet expired (when applicable), and has not been revoked (when applicable).
Verifying a credential does not include evaluating the truth of the claims encoded in the credential. Rather, verification only confirms that these are the same claims signed by the issuer, meaning the credential hasn't been tampered with.
Verification channels
Different use cases call for different verification channels:
-
In-person channels: The holder and the verifier are in the same physical location. Holders use their digital wallets to physically present digital credentials to a verifier, whether that’s a self-service kiosk or a person using a dedicated device. For example, a driver might present a mobile driver licence to a police officer at a roadside stop, where the officer uses a handheld device to verify the credential.
-
Remote channels: The holder and verifier are in different physical locations. Holders use their digital wallets to present digital credentials remotely, typically as part of an online interaction. For example, an online shopper might present a mobile driver licence to verify their age when purchasing an age-restricted item from an e-commerce site.
Underlying platforms
You can use different MATTR VII, MATTR Pi and/or MATTR GO capabilities to verify different Credential formats based on your unique use-case:
- MATTR VII:
- In-person verification of CWT and Semantic CWT credentials.
- Remote verification of JSON credentials.
- MATTR Pi:
- In-person verification of CWT and Semantic CWT credentials.
- In-person and Remote verification of mDocs.
- MATTR GO:
- In-person verification of CWT and Semantic CWT credentials and mDocs.
Choosing the right platform and format for you depends on your use case, requirements, resources and implementation timelines. Contact us to discuss your options.
How would you rate this page?