light-mode-image
Learn
Mobile

mDocs remote mobile verification journey pattern

This journey pattern is used to verify an mDoc remotely by presenting it to an app installed on the same mobile device as the digital wallet, as per ISO/IEC 18013-7:2025 and OID4VP.

Overview

  • Issuance channel: Remote, unsupervised
  • Device/s: Same-device
  • Formats: mDocs
  • Information assurance level: High
  • Identity assurance level: High

Journey flow

mDocs remote mobile verification journey pattern part 1

Accessing the service

Samantha opens a mobile application on her phone. She begins an interaction that requires her to verify her identity.

Receiving a verification request

The app prompts Samantha to present a digital credential. The request clearly shows:

  • Why the information is being requested.
  • Whether the verifier is trusted within the relevant trust network and authorized to make this request.

Invoking a digital wallet

Samantha taps a “Present credential” button. The app uses a custom URI or universal link to invoke a matching wallet app on the same device.

mDocs remote mobile verification journey pattern part 2

Handoff to the wallet

The wallet app launches automatically and retrieves the verification request from the MATTR VII verifier tenant.

Authentication

The wallet prompts Samantha to authenticate herself using biometrics or a device passcode.

mDocs remote mobile verification journey pattern part 3

Once authenticated, the wallet displays a summary of the verification request:

  • The credential(s) being requested.
  • The specific data fields that will be shared.

Samantha reviews the request and consents to share the required information.

Completing the verification

The wallet app securely sends the verifiable presentation to the MATTR VII verifier tenant which verifies the credential and returns the results.

Displaying verification results

After the verification is processed, the wallet redirects Samantha back to the mobile application where she started the interaction.

The verification result is displayed in the app, allowing her to continue the interaction.

Architecture

Remote verification mobile architecture

Interacting with the mobile application

The user accesses a mobile app that embeds the MATTR Pi Verifier Mobile SDK. The app initiates and handles the entire verification flow on the same device.

Requesting a credential for verification

The Verifier Mobile SDK sends a verification request to a configured MATTR VII verifier tenant, defining:

  • The credentials and claims required
  • The supported interaction mode (same-device)

The MATTR VII verifier tenant is configured with:

  • Which apps or domains can issue verification requests
  • The workflows it supports (same-device and/or cross-device)
  • The protocols it supports (e.g. OID4VP, Apple’s Verify with Wallet API)
  • Which wallet applications it can invoke on the same device

The verifier tenant responds with a custom URI or universal link. The Verifier Mobile SDK uses this to launch the wallet app directly.

Presenting request details to the user

The wallet retrieves the presentation request and displays:

  • The credentials requested
  • The claims that will be shared
  • Whether the relying party is trusted by the Digital Trust Service
  • Which of the user’s credentials match the request

The user authenticates and consents to share the requested information.

Verifying the credential

The MATTR VII verifier tenant verifies the credential by checking:

  • Validating the digital signature to confirm the data has not been tampered with
  • Checking that the credential has not been revoked or suspended, using a revocation list (if applicable)
  • Verifying that the credential is currently valid, based on its “valid from” and “valid until” dates
  • Ensuring the credential was issued by a trusted issuer, based on information retrieved from a Digital Trust Service

The issuer of the credential is not informed that the presentation has occurred. No data about the verifier, the context of use, or the interaction itself is shared with the issuer. The only interaction with the issuer is a potential call to an online revocation endpoint, if revocation checking is required.

Displaying verification results

Once verification is complete, the wallet app redirects the user back to the mobile application using the provided redirect URI. The Verifier Mobile SDK receives the result and displays it within the app interface.

The MATTR VII verifier tenant can also be configured to share the verification results with a configured back-end rather than the front-end directly.

How would you rate this page?