Verifiable Credentials
Overview of the generation process for Verifiable Credentials/mDL that are required for users to access Private Wallets
This diagram illustrates how mobile driver's licenses (mDLs) are generated and delivered to users.
Generation Flow Diagram
Process Steps
1. Form Submission (User Desktop)
The user fills out a form containing their personal information:
- Name (first, last)
- Email address
- Residential address (street, apt, city, state, zip)
- Banking information (routing, account)
- Age verification
2. JSON Transmission (Desktop → Server)
The desktop application:
- Collects all form data
- Formats it as a structured JSON payload
- Sends via secure HTTPS POST to the credential server
3. Server Processing
The credential server:
- Validates the incoming JSON payload
- Encodes each data element in CBOR format
- Creates the
issuerSignedsection with all credential data - Signs the credential using EdDSA algorithm (creates
issuerAuth) - Generates the
deviceSignedsection for device authentication - Assembles the complete ISO 18013-5.1 mDL structure
4. Email Delivery
The server:
- Extracts the email address from the JSON payload
- Sends an email to that address
- Attaches the signed mDL credential file
5. User Receipt
The user:
- Receives the email
- Downloads the mDL attachment
- Imports it into their mobile wallet application
Security Considerations
During Transmission
- All data transmitted over HTTPS for confidentiality
- Server validates JSON structure before processing
- Email address must match the credential subject
Cryptographic Signing
- EdDSA signature provides:
- Authentication (proves issuer identity)
- Integrity (detects tampering)
- Non-repudiation (issuer cannot deny issuance)
Two-Layer Security
- Issuer Signature: Server signs the credential data
- Device Signature: Device proves possession when presenting credential
Data Flow Summary
Alternative View: Component Flow
Technical Specifications
| Component | Technology |
|---|---|
| Transport | HTTPS (TLS 1.3) |
| Data Format | JSON → CBOR |
| Signature Algorithm | EdDSA |
| Credential Standard | ISO 18013-5.1 |
| Signature Format | COSE (CBOR Object Signing) |
| Email Protocol | SMTP with attachment |