Using the Mobile Wallet App

Introduction

A common component of any digital trust infrastructure is a user's Digital Wallet. The root of trust in a decentralized identity ecosystem primarily comes from issuers which are authorities on a set of information. Issuers provide users with credentials that contain authoritative information about them in the form of digitally verifiable claims.

The wallet allows an end-user to store and manage Verifiable Credentials that have been issued to them, so they can later be used for authentication and access purposes. By giving the user control of their own Digital Wallet, a user is fully in charge of how and when they choose to present information to a verifier or relying party. When a verifier needs to validate some information, they can request specific pieces of data from the holder to meet their verification requirements.

The wallet handles the logic for you and puts the user in charge of who and what gets access to their data. Our Mobile Wallet App makes use of the powerful computing hardware found in smartphones and packages the wallet to the user as a downloadable application.

Pre-Requisites

We recommended you use one of the following devices.

  • Android 8 or higher

    • e.g. Samsung Galaxy S7 or later

  • iOS 12.4 or higher

    • e.g. iPhone 7 or later

Download from the store

You can download the MATTR wallet app on your iPhone using the App Store or Android using Google Play.

Initial Setup

Setting up a PIN

Set up a 6-digit PIN to being, this will be used to unlock the wallet. When you close the app or after a certain period of inactivity, the wallet will lock itself to keep your Credentials safe. You can unlock your app at any time by typing in the PIN.

Using biometric authentication

If your device has fingerprint or facial recognition, you will have the option to use biometrics as the unlocking mechanism.

You will always be able to fall back on the configured PIN to unlock the wallet.

Messaging & push notifications

You will be prompted to enable push notifications, if you accept, a messaging inbox will be created on the MATTR servers and notifications will be delivered to your device allowing you to see updates like changes to a revocation status or start an action like a verify flow. If you choose not to enable push notifications during onboarding, you can still enable basic messaging in the Settings menu. This will create the messaging inbox but you will need to open the MATTR mobile wallet app to check for new messages.

Connectivity & settings

Most of the features in the wallet require access to the public internet, most transfers are relatively low data, however larger credentials with images may be up to 2MB in size. Sources such as JSON-LD schemas and the manifest.json from tenants may be fetched as required and cached.

Currently, there is very limited support available for language settings between US and UK English at this stage, this is automatically determined by the locale setting on your mobile device.

Other settings are available from the menu.

How it works

Interactions:

The interactions screen shows different Issuers and Verifiers you have interacted with. The mobile wallet will automatically create a new interaction whenever it encounters a new domain.

There are 2 main ways to create an Interaction:

  1. Scanning a QR code for an OpenID Credential provider URL - this will result in creating a new Interaction based on the domain included in the issuer value.

  2. Receiving a JWM message - the Interaction is based on the included sender domain

Once an Interaction has been created, events are grouped under this interaction and can be viewed using the conversational user interface, also known as the ‘chat interface’.

Subject & Holder DIDs

Generally for each interaction, a new DID is created on the mobile wallet and associated with any events that happen. So for Credential issuance, the DID will be used as the Subject DID for subject binding and for verify flows, the DID is used as the Holder DID in the Verifiable Presentation.

Interaction verification

Domains of Issuers and Verifiers are validated using DID-to-Domain credentials available from the tenant, if this validation is successful then a Verified tick is shown during the flows.

Scan screen:

The wallet opens to the scan screen so you can quickly start issuance or verify journeys that use a QR code. The quality of the camera on your device will determine the resolution and density of the information that can be read by the app.

Many QR codes will simply be a redirect URL to obtain more data from an online reference, however, it is possible to include entire credential payloads inside a QR using future technologies being developed on our roadmap.

Credentials:

All credentials held on the wallet are shown in the Credentials screen, in order of receiving them, in the summary view you can see:

  • Name of the credential and a logo if available from a custom domain

  • Issuer name (if available) or the full domain of the Issuer of the credential

Opening a credential allows you to view the raw information held in the credential in a human-readable format based on the JSON-LD schema of certain known data types:

  • Name fields (e.g. title ,givenName , familyName) are grouped

  • Embedded images are displayed if they are base64 encoded, they are cropped to a square with the full image showing when tapped.

  • Date types following ISO 8601 are displayed in the device locale setting

  • Telephone and email addresses can be opened in their respective apps

A special UI overlay can be triggered from the Credential Type CourseCredential (these will be expanded over time).

Further details on how to issue credentials can be found on the Issue a complex JSON-LD credential tutorial.

There are further options in the menu to delete the credential and view the raw source of the JSON-LD credential.

Verified

Whenever a credential is opened a series of verification checks are performed by the wallet:

  • Domain of the Issuer is in control of the Issuer DID used to sign the credential

  • JSON-LD schema is available and the context used in the credential is valid for the structure of the Verifiable Credential.

  • The current revocation status of the credential is fetched

  • Finally, resolve the Issuer DID used to sign the verifiable credential use the public keys to determine if the proof of the credential is valid and the credential has not been tampered with.

If all checks pass successfully, a green 'Verified' label is shown in the credential. If the credential has been revoked, a red warning message is displayed, however, the credential may still be considered verified in all other regards.

Flows

Issue a credential using OpenId Connect:

Start by scanning a QR code or opening a message referencing OpenId Credential Provider configuration, the Credential Offer screen is shown. This screen is the consent to start the journey, continuing will open a web view and start the Authentication flow. Once authentication with the Openid Provider is completed, the wallet will receive the credential and store it.

Verify flow:

Start by scanning a QR code, following a deeplink or opening a message containing a reference to a Verifiable Presentation Request message. Based on the contents of the request message, the wallet will attempt to find matching credentials, if there are multiple matching credentials they will be displayed for you to choose the most appropriate. For request messages using query-by-frame, matching BBS+ credentials are derived to only disclose the selected credential attributes.

Receiving push notifications:

Push notifications are used to retrieve secure DID messages from the inbox on the server, all messages are encrypted to can only be read by the intended recipient (using DIDs).

Further details on how to construct and send messages using the MATTR VII platform can be found on the Use messaging tutorial.


Apple and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc., registered in the U.S. and other countries. Google Play and Android are trademarks of Google LLC.