mDocs Remote Verification
Remote verification enables a mobile device to securely present mobile credentials (mDocs) to a remote verifier. Unlike in-person verification, remote verification allows trusted interactions between a user’s mobile wallet and a verifier’s system (such as a website or app) without needing to be in the same physical place.
This capability is defined by the ISO/IEC 18013-7:2025 specification, which establishes interoperable methods for remote presentation and verification of mDocs such as mobile driver’s licenses (mDLs) and other digital credentials.
Verification requests
The ISO/IEC 18013-7:2025 specification defines two key aspects of remote verification requests:
-
Wallet interaction: Defines how the request and response are transferred between the verifier and the user’s wallet:
-
HTTP Redirects: Standard HTTP redirects are used to pass information between the verifier and the wallet, typically via a web browser.
-
Digital Credentials API (DC API): A browser-integrated API for digital credential interactions. The DC API allows web apps to communicate securely and seamlessly with wallet apps, improving user experience by eliminating multiple browser redirects.
-
-
Request type: Defines how the verifier requests the credential from the user’s device and how should the device respond:
-
Device retrieval: Based on the ISO/IEC 18013-5:2021 standard and defined in ISO/IEC 18013-7 Annex A. The verifier directly requests a credential from the user’s device, and the device retrieves and presents the necessary credential data in response.
-
OID4VP (OpenID for Verifiable Presentations): Based on the OID4VP protocol and defined in ISO/IEC 18013-7 Annex B. The verifier sends an authentication request, and the device responds with a verifiable presentation containing the requested data.
-
ISO/IEC 18013-7:2025 Annexes
ISO/IEC 18013-7:2025 defines specific annexes for each combination of wallet interaction and request type:
Annex | Request type | Transfer method | Platform support |
---|---|---|---|
A | Device Retrieval | HTTPs | General purpose, browser-based interactions |
B | OID4VP | HTTPs Redirects | General purpose, browser-based interactions |
C | Device Retrieval | Digital Credentials API | Supported on iOS devices and the Safari browser |
The next iteration of ISO/IEC 18013-7 is expected to define an additional Annex D:
Annex | Request type | Transfer method | Platform support |
---|---|---|---|
D | OID4VP | Digital Credentials API | Supported on Android devices and Chromium-based browsers |
Apple Verify with Wallet
In addition to the protocols defined in the ISO/IEC 18013-7 specification, Apple has introduced the proprietary Verify with Wallet API . This API can be used to streamline the verification process on iOS same-device flows by allowing direct communication between the verifier and the wallet apps.
Verification flows
The ISO/IEC 18013-7:2025 specification defines different flows for requesting and presenting mDocs based on the type of verifier application and the responding device:
-
Verifier web applications: Typically use HTTP redirects or the Digital Credentials API to invoke the wallet from a desktop or mobile browser. Web applications support same-device and cross-device flows:
-
Same-device flow: You start the verification experience in a mobile browser and are redirected to a wallet app (where your mDoc is stored) installed on the same mobile device to respond to the request.
For example, an online banking portal accessed from your mobile browser prompts you to open your wallet app on the same phone to present your mDoc for identity verification.
-
Cross-device flow: You start the verification experience in a desktop browser and use your mobile device (where your mDoc is stored in a wallet app) to respond to the verification request.
For example, you visit a government tax website on your desktop computer, and scan a QR code with your mobile wallet app to present your mDoc.
-
-
Verifier mobile applications: Can use platform capabilities or app-to-app communication to initiate and complete the verification. Similar to web applications, mobile applications support both same-device and cross-device flows:
-
Same-device flow: You start the experience on a mobile app, and are redirected to a wallet app installed on the same device to present the credential.
For example, a tax filing mobile app redirects you to your wallet app on the same phone to verify your identity with your mDoc before filing your return.
-
Cross-device flow: You start the experience on a mobile app, but use a different mobile device to present the credential. This may happen if your credential is only available on another device you own.
For example, you use your tablet to access a government service app, but the app enables you to scan a QR code using your phone where the required mDoc is available in a wallet app.
-
The exact protocols and flows used depend on the requesting application and the user’s wallet. Different wallets and browsers support different combinations of these request types and transfer methods.
Supported verification channels
Verifier mobile applications
The following table details the different verification channels for mobile applications, including supported flows, supported wallets, underlying protocols and MATTR support status:
Flow | Wallet | Protocol | MATTR support |
---|---|---|---|
Same-device | Apple | Apple’s Verify with Wallet | GA |
Same-device |
| ISO 18013-7 Annex B | GA |
|
| ISO 18013-7 Annex D (Draft) | Preview |
Cross-device |
| ISO 18013-7 Annex C | Preview |
Verifier web applications
The following table details the different verification channels for web applications, including supported flows, supported wallets, underlying protocols and MATTR support status:
Flow | Wallet | Protocol | MATTR support |
---|---|---|---|
|
| ISO 18013-7 Annex C | Preview |
|
| ISO 18013-7 Annex B | GA |
|
| ISO 18013-7 Annex D (Draft) | Preview |