Remote verification

Remote verification allows verifiers to check the validity of a credential without the need for a physical presence. This is particularly useful for scenarios where the verifier and holder are not in the same location, such as online transactions or remote identity verification processes.

Remote verification is available for the following credential formats:

mDocs

mDocs can be verified remotely via the OID4VP specification  workflow, as defined in ISO/IEC 18013-7  in one of the following interactions:

• Web app verification: In this mode, the verifier initiates a request for an mDoc via a web application that embeds the MATTR Pi Verifier Web SDK. The holder can respond to the request using a mobile wallet app in one of two ways:

  • Same-device flow: The holder accesses the verifier’s web application directly on their mobile device (where the wallet app is installed) and completes the verification within the same device.
  • Cross-device flow: The holder starts the process on a desktop or laptop browser, then switches to their mobile device to complete the verification using their wallet app.

• Mobile app verification: In this mode, the holder interacts with a mobile app on their device that requests an mDoc for verification. This app embeds the MATTR Pi iOS Verifier SDK. The holder then uses a wallet app, also installed on the same device, to present the appropriate mDoc in response.

The following standard checks are performed on all mDocs verification requests:

• Issuer IACA is valid as per ISO/IEC 18013-5:2021 .
• Credential was issued by a trusted issuer (by checking the issuer’s IACA against a local or external list of trusted issuers).
• Digital signature is valid.
• Credential structure complies with ISO/IEC 18013-5:2021 .

The following checks are optional and defined as part of the verification request:

• Current time is after the beginning of the credential validity period.
• Current time is not after the end of the credential validity period.
• Credential has not been revoked.

Additional resources

JSON credentials

JSON credentials can be verified in one of two methods:

• Direct verification: Assumes you already have an out-of-band way of getting the credential from the holder, and you only need to verify it by making a request to a dedicated MATTR VII endpoint with the credential enclosed in the request body.
• Presentation verification: Use MATTR VII to create a presentation template, which details the information you wish to verify. Then, use this template to create a specific verification request from a specific holder. Presentation verification is only available for JSON credentials.

The following standard checks are performed on all JSON credentials verification requests, regardless of the verification method:

• Issuer DID can be used to resolve its DID document.
• Public key from issuer’s DID document validates the proof signature, confirming the credential has not been tampered with.
• JSON-LD context is valid for credential claims.

The following checks are optional and are defined as part of the verification request:

• Current time is after the beginning of the credential validity period.
• Current time is not after the end of the credential validity period.
• Credential has not been revoked.

Additional resources