ID Wallets are secure, private tools that allow individuals to manage their digital identities. Over the past two decades, various types of ID Wallets have emerged, most commonly as mobile apps. The earliest and most widespread examples have been government-driven initiatives, which typically digitize physical IDs and integrate with government services via APIs. Some private sector use cases have also been included. Countries like Estonia and Singapore are recognized as pioneers in this space, with global recognition for their efforts.

More recent solutions, still under development, aim to combine government-issued IDs with private sector technologies and interfaces. These solutions follow international standards and protocols to ensure high levels of interoperability, both nationally and globally. Notable examples include India’s Aadhaar, the upcoming European ID Wallets (which, under the eIDAS2 Regulation, will become mandatory for private sector use starting in 2026), the Pan Canadian Trust Framework, and the growing adoption of Mobile Driver Licenses in various U.S. states.

The new generation of ID Wallets is based on digital credentials in machine-readable formats (such as JSON files). These credentials are cryptographically signed by issuers and tied directly to the individual’s identity. This combination of cryptography, open-source protocols, and standards creates a promising foundation for global interoperability of digital IDs, offering an alternative to traditional authentication methods like passwords and biometrics.

Key protocols driving this shift include:

• OpenID4VC and OpenID4VP: Protocols for requesting, issuing, and presenting digital credentials.

• W3C Verifiable Credentials and ISO 18013: Standards for the data formats of digital credentials.

• W3C DID: A standard for generating and resolving unique identifiers.

• NIST Post-Quantum Cryptography: Quantum-resistant algorithms to secure communication and signatures.

At Blerify, we have implemented all the industry-leading standards mentioned above, ensuring compliance with the highest levels of privacy, security, and interoperability.

Our mission is to power a seamless digital ecosystem where ID Wallets and Digital Credentials drive secure and efficient interactions across both the public and private sectors. With a composable and flexible architecture, our platform enables effortless integrations, allowing organizations to adopt and scale digital identity solutions with ease.

Two widely recognized and rapidly adopted standards are shaping the next generation of digital credentials: the W3C Verifiable Credentials (VC) standard and the ISO 18013 standard. Both define digital credentials as cryptographically signed digital files issued to users, who can then present them securely to third parties while maintaining privacy, security, interoperability, and verifiability.

Verifiable Credentials (VCs):

The W3C Verifiable Credential standard establishes a flexible and interoperable model for issuing, holding, and verifying digital credentials. VCs are digitally signed statements that allow individuals to prove attributes —such as their identity, qualifications, or authorizations—. They leverage decentralized identifiers (DIDs) and cryptographic proofs to ensure authenticity and tamper resistance, enabling trust across different ecosystems.

ISO 18013:

The ISO/IEC 18013 standard defines the framework for mobile driving licenses (mDLs) and other identity credentials stored on mobile devices. It ensures secure issuance, storage, and presentation of identity information while enabling offline and online verification. A key aspect of ISO 18013 is its emphasis on privacy-preserving mechanisms, such as selective disclosure, allowing users to share only necessary information rather than their full identity details.

At Blerify, we have fully implemented the W3C Verifiable Credentials and ISO 18013 standards. We have already developed multiple solutions for real world applications across Latin America and the Caribbean. Our composable platform allows organizations to easily configure digital credentials via our web portal and integrate them seamlessly through our SDK libraries and APIs. We have multiple templates and also enable flows for custom credential designs.

For credential verification, we offer an advanced solution based on OpenID4VP, enabling the seamless configuration of Points of Verification (PoVs) across mobile and web platforms. These PoVs allow organizations to request and verify credentials effortlessly while integrating them into their existing interfaces. Our solution provides full configurability, allowing organizations to configure as part of the verifation requests the credential types, trusted issuers, encryption methods, signature formats, and zero-knowledge proofs (ZKPs), among other parameters. This ensures maximum flexibility, security, and interoperability.

Key Features of a POV in Blerify:

1. Credential Verification:

   • POVs allow the verification of the authenticity of digital credentials, ensuring they were issued by a trusted issuer and have not been tampered with.

2. Interoperability:

   • POVs are designed to be compatible with international standards like W3C Verifiable Credentials and ISO 18013-5, ensuring they can work across different ecosystems and with various types of credentials.

3. Flexible Configuration:

   • Blerify offers a highly configurable solution for POVs, allowing organizations to define:

     • Types of credentials that can be verified.

     • Trusted issuers whose credentials will be accepted.

     • Encryption methods and signature formats.

     • Zero-Knowledge Proofs (ZKPs) to protect user privacy.

4. Easy Integration:

   • Blerify provides SDK libraries and API interfaces to integrate POVs into existing web or mobile applications. This makes it easy to implement credential verification in different environments.

5. User Privacy:

   • POVs are designed to respect user privacy, allowing selective disclosure of information. This means the user only shares the information necessary for verification, rather than revealing all the data in the credential.

1. Verification Request:

   • When a user presents a digital credential (e.g., a mobile driver's license), the POV requests verification of the credential.

2. Credential Validation:

   • The POV verifies:

     • The cryptographic signature of the credential to ensure it has not been altered.

     • The legitimacy of the issuer (i.e., whether the credential was issued by a trusted entity).

     • The status of the credential (whether it has been revoked or not).

3. Verification Response:

   • The POV returns a result indicating whether the credential is valid or not, along with any additional information the organization may need.

The rise of quantum computing poses a significant threat to modern cryptographic systems that protect online communications and sensitive data, as they rely on cryptographic algorithms that are not quantum-resistant. Once quantum computers become powerful enough to execute Shor’s algorithm at scale, widely used asymmetric cryptographic algorithms—such as RSA, (EC)DSA, and (EC)DH—will become vulnerable, as quantum computers will be able to break them in a matter of seconds.

Post-Quantum Cryptography (PQC) refers to a new generation of asymmetric cryptographic algorithms designed to resist quantum attacks. Unlike traditional methods, PQC does not depend on quantum mechanics for key exchange but instead leverages complex mathematical problems that cannot be efficiently solved by quantum computers.

To address this global security challenge, NIST initiated a post-quantum cryptography standardization process in 2016, inviting candidates for evaluation. After several selection rounds, in August 2024, NIST finalized three post-quantum digital signature standards: CRYSTALS-Dilithium, FALCON, and SPHINCS+, marking a crucial step toward a quantum-resistant future.

API Endpoints for W3C-VC Standard Issuance

The following are the Blerify API endpoints for Verifiable Credentials issuance:

1- "Create" Endpoint

• Description: This endpoint is used to create a W3C Verifiable Credentials format.

• HTTP Method: POST

• Endpoint URL: {{api-host}}/api/v1/organizations/{{organization-id}}/projects/{{project-id}}/credentials

2- "Approve" Endpoint

• Description: This endpoint is used to approve the VC created in the previous step.

• HTTP Method: POST

• Endpoint URL: {{api-host}}/api/v1/organizations/{{organization-id}}/projects/{{project-id}}/crypto/sign/es256

Example Workflow

1. The Service Account is created in the Blerify portal and the JSON file is downloaded.

2. A library (preferred by the client) is used to generate the access token.

3. The "Create" endpoint is called to create the W3C-VC, sending the access token at all times and generating it again if necessary.

4. The Digital Credential ID is received in the response.

5. The "Approve" endpoint is called using the Digital Credential ID and the digital signature.

6. The complete credential object is received in the response.

7. This object is delivered to the end user for download to their wallet.

To verify a digital credential, three key elements must be resolved and validated:

• Issuer Verification (Ensuring Trust & Legitimacy)

  • This involves checking the issuer’s cryptographic signature and identity.

  • The verifier must determine who the issuer is and whether they are authorized to issue the credential according to a recognized trust framework.

• Subject Verification (Validating the Holder’s Identity)

  • The verifier must confirm that the credential belongs to the person presenting it.

  • This process can be purely cryptographic, using authentication mechanisms to establish ownership.

• Credential Format & Status (Ensuring Validity & Integrity)

  • The credential's type and structure must match the expected standard.

  • Its revocation status must be checked, as credentials can be revoked temporarily or permanently by either the issuer or the subject.

While cryptographic verification ensures authenticity, additional trust registry lookups are often required to resolve dynamic information that may change after issuance. Trust registries enable:

• Issuer and subject key rotations without requiring credential reissuance.

• Real-time validation of issuer legitimacy and credential revocation status.

• Scalable, long-term credential usability by decoupling identity resolution from the original credential structure.

Trust registries can be centralized (e.g., government or industry-run) or decentralized (e.g., blockchain-based ledgers). At Blerify, we support both, but centralized trust registries face limitations, particularly in scalability. Conversely, decentralized trust registries provide publicly accessible roots of trust, ensuring greater interoperability and resilience. However, it is critical not to store sensitive, personal, or private data in a decentralized trust registry, even in encrypted form. A well-designed architecture leverages decentralized registries for scalability while preserving privacy and security.

We have built a suite of Solidity smart contracts for EVM-compatible blockchain networks, to implement the first-of-its-kind Decentralized Root of Trust, combining smart-contract-based Key Directories and Trusted Lists to resolve complex issuer identity structures securely and transparently.

Gestión y seguridad de Credenciales Verificables Renovación de Keys para Organizaciones:

• Mejora en la administración de claves para mayor seguridad y estabilidad.

• Acceso Directo a Información de ProjectId y TemplateId: Ahora disponible desde el frontend para una gestión más eficiente.

• Mejora en Seguridad para el Acceso a Template IDs: Protección reforzada en la manipulación de plantillas.

• Migración del Portal Web a TypeScript: Código más robusto, seguro y escalable.

• Absorción de Autenticación en el Core: Integración optimizada para una gestión centralizada.

• Integraciones y Configuración Generación de Endpoints para Configuración de Cuentas de Servicio: Integración más fluida entre backend y frontend.

• Optimización de Archivos y Documentos Incorporación de Plantillas sin PDF Asociado: Se permite la creación y uso de plantillas sin necesidad de un archivo PDF.

• Nuevo Flujo de Creación para Plantillas sin PDF: Interfaz optimizada para facilitar su configuración.

Mejoras de UX y diseño

• Ajustes en Responsive para Dimensiones >1200px: Se optimizó la visualización en pantallas grandes.

• Ajustes de texto en la sección de Beneficios: Mayor claridad y coherencia en la presentación de los beneficios para los usuarios.

Verifiable Credentials (VCs) Management

• Membership VC with Benefits: You can now create and associate exclusive benefits such as discounts, special pricing, or custom groupings with membership credentials.

• Gov ID VC: Exclusive for government organizations.

• VC Package Purchase Management: You can now purchase a package, and we will assign the number of VCs you have bought.

• Improvements in VC Creation Flow: VCs can now only be created through the Getting Started guide.

Data Update and Management

• Smart Database Upload: If an email already exists in the database, fields such as names will be updated automatically.

• New Registration Form: Add individual contacts quickly and easily.

• Recent Recipients View: Easily check the most recent recipients.

Virtual Wallet Improvements

• Homepage Redesign: New interface with visual and text adjustments for a better user experience.

• Faster VC Issuance: Credentials will automatically appear in the wallet upon issuance.

• Safe Rollback: If an approved issuance fails, the system will automatically revert the process.

• Issuer Images: Included in the wallet and verifier for a more personalized experience.

File and Document Optimization

• HTML to PDF Conversion: New feature to improve PDF viewing compatibility.

• Improved PDF Upload and Viewing: Faster and more efficient.

• Private Template Viewing: Easily access your custom templates.

Performance and Security

• Performance Improvement: Reduced loading times and optimized credential issuance.

• Optional Attributes in POV Rules: Greater flexibility in rule configuration.

• Signature and Approval Management: Improved visualization and approval flow for credentials.

• JWT Fix After DID Key Renewal: Greater stability and security in authentications.

Benefits Section

• New Membership Credentials: It is now possible to issue verifiable membership credentials within the wallet.

• Benefit Management from the Portal: Added the option to create benefits such as discounts, groupings, or special pricing directly from the administrative portal.

• Association of Benefits to Credentials: Benefits can be linked to specific credentials, allowing for a personalized user experience.

• Portal-Wallet Integration: Automatic synchronization between the portal and the wallet to ensure benefits are always up to date.

• Verifiable Web for Benefits: New functionality that allows users to view the benefits associated with a credential through Verifiable Web.

• Benefit Activation from the Gateway: Added support for activating and managing benefits through gateway integrations.

Credentials

• VC Issuance Limit: It is now possible to define and view the issuance limit for verifiable credentials (VCs).

• OpenID4VP Compatibility: Support for authentication and presentation of verifiable credentials using OpenID4VP.

• New VC Types:

  • Membership: Creation and association of benefits with membership-type credentials.

  • Gov ID: Exclusive for government organizations.

• VC Creation Flow: All credentials must now be generated through the Getting Started section.

• Automatic Data Update: If a database with existing emails is uploaded, names will be updated automatically (backend integration).

• Single Contact Registration: Added a form to register a single contact.

• Automatic Wallet Display: Approved VCs will appear immediately in the Wallet.

• Rollback on Approval Failures: If an approved VC fails, the system will execute an automatic rollback.

• Issuer Image: The issuer's image is now included in the Wallet (RoT) and the verifier.

• Recipient History: Lists the most recently added recipients.

• Persistent User Selection: When changing pages, selected users will not be deselected.

• VC Metadata: Added created_at and updated_at in the frontend with creation date.

Flow and UX Improvements

• POV Flow:

  • Adjustment in the instruction code to improve the user experience.

  • Support for optional attributes in POV rules.

  • Integration with the Presentation Exchange v2.0.0 standard.

• HTML to PDF Conversion: Added HTML to PDF conversion with Node.js.

• PDF Loading Optimization: Improved performance in loading and viewing PDF documents.

• Private Template Support: Viewing of generic private templates.

• Email Notification on VC Issuance: An automatic email is sent when a credential is issued to an existing DID.

• Automatic Signature on Credentials: Credentials can now be created with automatic signing.

• Improved VC Reception Time in Wallet: Optimized backend-wallet integration to reduce latency.

• Unification of VC Creation Flows: Integration of Getting Started with creation from an empty project.

• JWT Integration: Fixed JWT handling when a DID renews its expired keys.

Backend & API Improvements

• Approvals:

  • New API to update and return the number of approvers required in a flow.

  • Fixed the display of VCs approved by a signer, preventing them from remaining pending for another Approver.

• QR Generation: Improved QR code display within generated PDFs.

• Schema Validations in Backend:

  • Implementation of networknt/json-schema-validator for schema validation.

  • Ability to customize formats, validations, and vocabularies.

Wallet Interface Improvements

• Home Screen Redesign: New layout and optimized experience for users.

• Visual and Text Adjustments: Improved readability and consistency of texts within the app.

Wallet Connection Management

• Relocation of "Connections": The Connections section is now located within Profile for better organization.

• Interaction with Organizations:

  • Clicking on an organization the user is connected to enables new management and viewing options.

We are excited to announce a series of updates and improvements designed to make our platform more versatile, efficient, and user-friendly. Here's a rundown of what's new:

• Verifiable Credential of the membership type.

• Create benefit (discount / group / price).

• Associate benefit(s) with Verifiable Credentials.

• Wallet integration.

• Verifier (view Benefits).

The Orchestration Process in Blerify Vouchers is a streamlined workflow designed for Orchestrators—entities authorized to create, manage, and distribute digital Vouchers. These Vouchers are purchased by organizations and distributed to end-users (employees, citizens, etc.), who can then redeem them at enabled merchants for products or services. The process combines security, transparency, and efficiency, ensuring a seamless experience for all parties involved.

Key Steps in the Orchestration Process

1. Access and Setup:

   • Orchestrators log into the Blerify Portal using their authorized accounts. Once inside, they have access to a centralized dashboard where they can manage all aspects of Voucher creation, merchant management, and transaction tracking.

2. Merchant Management:

   • Orchestrators can register and manage merchants that are authorized to accept their Vouchers. This includes entering detailed information such as legal, administrative, and banking data for each merchant. Merchants must be validated and approved by the Orchestrator before they can participate in the Voucher program.

3. Voucher Creation:

   • Orchestrators create custom Vouchers by defining key details such as the Voucher name, description, expiration date, currency, and the specific merchants where the Vouchers can be redeemed. Once configured, the Vouchers are published on the platform, making them available for organizations to purchase.

4. Sales to Organizations:

   • Organizations (Blerify clients) purchase Vouchers from the Orchestrator. The Orchestrator can track these purchases, including the organization’s details, the number of Vouchers bought, and the payment status. Each purchase goes through a workflow that includes steps like request creation, proof of payment submission, and approval.

5. Distribution to End-Users:

   • Once the Vouchers are purchased, organizations distribute them to their end-users (e.g., employees, citizens). The Orchestrator can monitor this distribution, including the list of beneficiaries and the status of Voucher usage.

6. Redemption at Merchants:

   • End-users redeem the Vouchers at enabled merchants. The Orchestrator tracks these redemptions in real-time, including the number of Vouchers redeemed, the total amount to be paid to each merchant, and the dates of redemption.

7. Payment to Merchants:

   • The Orchestrator manages payments to merchants for the redeemed Vouchers. This includes initiating bank transfers or other payment methods and tracking the status of each payment (e.g., pending, processed, completed).

8. Reporting and Analytics:

   • Orchestrators have access to real-time analytics and detailed reports on Voucher usage. This includes metrics such as total Vouchers sold, total Vouchers redeemed, revenue generated, and the most active merchants or organizations.

9. Notifications and Alerts:

   • Orchestrators receive automatic notifications for key events, such as new purchase requests, proof of payment submissions, Voucher redemptions, and pending payments. They can also set up custom alerts for specific scenarios, such as when a merchant reaches a redemption limit.

Key Features of the Orchestration Process

• Centralized Management: Orchestrators have a single platform to manage all aspects of Voucher creation, distribution, and redemption.

• Real-Time Tracking: All transactions, from Voucher purchases to redemptions and payments, are tracked in real-time.

• Customizable Vouchers: Orchestrators can create Vouchers tailored to specific needs, including expiration dates, currencies, and enabled merchants.

• Secure Payments: Payments to merchants are managed securely, with clear tracking of payment statuses.

• Comprehensive Reporting: Detailed reports and analytics provide insights into Voucher usage, helping Orchestrators make data-driven decisions.

• Automated Notifications: Orchestrators stay informed with automatic alerts for important events, ensuring timely actions.

Benefits of the Orchestration Process

• Efficiency: The process is streamlined, reducing manual effort and administrative overhead.

• Transparency: Real-time tracking and reporting ensure full visibility into Voucher usage and payments.

• Security: Blockchain-based technology ensures the integrity and security of all transactions.

• Scalability: The system is designed to handle large volumes of Vouchers and transactions, making it suitable for both small and large-scale operations.

• Flexibility: Orchestrators can customize Vouchers and manage multiple merchants and organizations from a single platform.

V

1. Log in to Your Blerify Account

• Access your Blerify account using your credentials.

2. Enter the Project of Interest

• Navigate to the project you are working on, such as Licenses, Credentials, Memberships, etc.

3. Go to the Applications Section

4. Create a New Application and Select Its Type

• Click on Create New Application.

• Choose the type of application:

  • Website Authentication Widget: Allows users to authenticate on your website using Blerify Wallet.

  • Validation of Events Access: Enrolls users into your platform by requesting Verifiable Credentials.

5. Complete the Steps to Create the POV

Step 1: Application Details

• Application Name: Enter a name for your application (e.g., "Age Verification for Events").

• Application Description: Provide a brief description of the application's purpose.

• Credential Type to Verify: Select the type of credential to be verified (e.g., Driver’s License, Membership Card).

• Credential Issuer: Specify the trusted issuer(s) of the credential.

• Issuance Date Range: Define the range of issuance dates for valid credentials.

• Expiration Date Range: Define the range of expiration dates for valid credentials.

Step 2: Credential Fields and Response Format

• Credential Fields to Share and Verify: Select the specific fields from the credential that need to be shared and verified (e.g., name, date of birth, license number).

• Response Format: Choose the format in which the verification response will be delivered (e.g., JSON, XML).

Step 3: Widget or QR Configuration

• Website for Widget or QR: Enter the website URL where the widget or QR code will be published.

• Language: Select the language for the widget interface.

• Dark or Light Mode: Choose the widget’s appearance (dark or light mode).

• Size: Define the size of the widget or QR code.

Final Step: Register the POV

• Once all the details are filled in, click Register POV.

• As a result, Blerify will generate a script that you need to copy and paste into your website’s code. This script will enable the POV functionality on your site.

Summary of the Process

1. Log in to your Blerify account.

2. Navigate to the desired project (e.g., Licenses, Credentials, Memberships).

3. Go to the Applications section and create a new application.

4. Select the application type: Website Authentication Widget or Validation of Events Access.

5. Complete the three steps:

   • Step 1: Provide application details, credential type, issuer, and date ranges.

   • Step 2: Define the credential fields to verify and the response format.

   • Step 3: Configure the widget or QR code (website, language, mode, size).

6. Register the POV and copy the generated script to your website.

Identity is the set of characteristics that make someone or something unique, distinguishing them from others in a given context.

These can include physical traits, experiences, relationships, possessions, and other attributes that help us stand out. Being uniquely identifiable is essential for authentication, which is the process of proving who you are by validating these unique traits.

A digital identity is a collection of attributes that allow individuals to be identified and authenticate themselves online. Everyone has multiple digital identities, each represented by identifiers and unique attributes within specific contexts. Digital identities make it possible to build trust in online transactions and services, without the limitations of the physical world. Effective identity management systems are crucial because they ensure we can trust that we’re interacting with the right person or business online.

Currently, most people don’t fully own their digital identities. They have limited control over their personal data and, therefore, cannot authenticate themselves directly. Instead, digital authentication often relies on third-party identity providers, federated identity systems, and biometric verification, all of which can be tedious and invasive. While these systems are important for enabling digital access, they also raise questions about who truly owns and controls our digital identities. Additionally, biometric ID verification is becoming obsolete as AI technology advances, enabling deep fakes and impersonations that undermine its reliability.

In 2016, Christopher Allen proposed Self-Sovereign Identity (SSI), a framework with ten principles: existence, control, access, transparency, persistence, portability, interoperability, consent, minimalization, and protection. Over the last decade, a User-Centric Identity model based on these principles has gained traction. With the rapid development of AI, traditional third-party models, like federated identities or password-based systems, are becoming outdated. Similarly, biometric ID verification is become obsolete due to the unability to

Fortunately, new technologies and tools are emerging just in time to support this shift. By 2024, we are seeing strong regulatory support and growing adoption of User-Centric ID systems. This model involves Digital ID Credentials issued by trusted organizations, which users manage directly through a sovereign ID wallet. This way, individuals can control when and with whom they share personal information, track their data-sharing history, and exercise their right to be forgotten.

Blerify offers a comprehensive 360° Platform-as-a-Service (PaaS) that enables public and private sector organizations to seamlessly interact with ID Wallets. Our platform facilitates the issuance of digital credentials and provides value-added services such as notifications, benefits, and vouchers. To ensure seamless integration, we offer SDK libraries and API interfaces that allow issuers and verifiers to interact effortlessly with ID Wallets. At Blerify, we provide our own Blerify ID Wallet, but we also support organizations seeking a white-label solution, enabling them to deploy fully branded ID Wallets tailored to their specific needs.

Tools for Issuing and Managing Vouchers

Built on Lacchain’s blockchain infrastructure, our system ensures transparency, security, and efficiency. It enables seamless integration into third-party platforms using RESTful APIs, while offering robust customization for various use cases

Functionalities

API Endpoints for License Issuance

The following are the Blerify API endpoints for mDL issuance:

1- "Create" Endpoint

• Description: This endpoint is used to create a ISO mDL format.

• HTTP Method: POST

• Endpoint URL: {{api-host}}/api/v1/organizations/{{organization-id}}/projects/{{project-id}}/credentials

2- "Sign" Endpoint

• Description: This endpoint is used to sign the ISO mDL created in the previous step.

• HTTP Method: POST

• Endpoint URL: {{api-host}}/api/v1/organizations/{{organization-id}}/projects/{{project-id}}/crypto/sign/es256

3- "Assemble" Endpoint

• Description: This endpoint is used to combine the ISO mDL and the signature into a single object, which is delivered to the end user.

• HTTP Method: PUT

• Endpoint URL: {{api-host}}/api/v1/organizations/{{organization-id}}/projects/{{project-id}}/credentials/{{_credential_id}}/sign

Example Workflow

1. The Service Account is created in the Blerify portal and the JSON file is downloaded.

2. A library (preferred by the client) is used to generate the access token.

3. The "Create" endpoint is called to create the ISO mDL, sending the access token at all times and generating it again if necessary.

4. The Digital Credential ID is received in the response.

5. The "Sign" endpoint is called using the Digital Credential ID.

6. The digital signature of the ISO mDL is received in the response.

7. The "Assemble" endpoint is called using the Digital Credential ID and the digital signature.

8. The complete credential object is received in the response.

9. This object is delivered to the end user for download to their wallet.

Blerify’s modular verification infrastructure is built to align with the principles and technical requirements of the ISO/IEC 18013-5 standard.

Our technology enables the creation, management, and verification of secure, verifiable credentials that meet global interoperability and security needs.

Key Points of Alignment:

1. Verifiable and Secure Credentials:

   • Blerify leverages blockchain technology and cryptographic methods to ensure credentials are tamper-proof and verifiable, in line with ISO 18013-5’s emphasis on data integrity and trust.

2. Selective Disclosure:

   • With Blerify, users have control over their credentials. They can share only the necessary information, such as confirming their age or access permissions, without revealing sensitive data.

3. Global Interoperability:

   • Blerify’s wallet-based ecosystem supports online and offline credential verification, enabling global compatibility in line with ISO requirements.

4. Secure Communication Channels:

   • Blerify supports credential sharing through QR codes and other secure mechanisms, ensuring a frictionless user experience during credential validation.

5. Use Case Expansion:

   • While ISO/IEC 18013-5 focuses on mDLs, Blerify extends these principles to other digital identity use cases, including educational credentials, membership IDs, vouchers, and benefits, offering a versatile solution for various sectors.

Through verifiable credentials, Blerify enables organizations to manage and distribute benefits centrally, while users access discounts and personalized offers quickly and transparently.

Current Problems Solved by Blerify:

1. Inefficient Management: Eliminates manual processes and fragmented platforms, reducing errors and operational costs.

2. Lack of Transparency: Provides real-time traceability, ensuring benefits reach the right users.

3. Limited Personalization: Allows for the configuration of specific benefits (discounts, promotions) to improve loyalty and social impact.

4. Complex Validation: Simplifies eligibility verification, eliminating the need for physical proof and reducing wait times.

5. Accessibility: Digitizes benefits, enabling access for users in remote areas or vulnerable situations.

6. Fraud and Misuse: Uses verifiable credentials to prevent unauthorized use of benefits.

7. Integration with Retailers: Facilitates the incorporation of benefits into existing retailer systems.

8. Environmental Impact: Reduces the ecological footprint by eliminating physical vouchers and optimizing digital distribution.

How It Works:

• Organizations: Create and distribute membership credentials, onboard retailers, and configure benefits in the administrative portal.

• Users: Access benefits through verifiable credentials by presenting a QR code at the point of sale.

• Retailers: Validate user eligibility with an app and deliver the benefit instantly.

Key Advantages:

• Centralized Management: Simplifies the administration of retailers and benefits.

• Complete Traceability: Enables reliable and transparent audits.

• Dynamic Personalization: Offers benefits tailored to each user's needs.

• Instant Validation: Speeds up the verification process at the point of sale.

• Global Access: Digitizes benefits to reach more users, including vulnerable communities.

• Guaranteed Security: Uses verifiable credentials and blockchain to prevent fraud.

• Intuitive Interface: Facilitates adoption by retailers and users.

• Sustainability: Reduces paper usage and carbon footprint.

Use Cases:

• Retail: Discounts on selected products and exclusive promotions.

• NGOs: Special offers on essential products for vulnerable communities.

• Corporates: Personalized incentives for employees.

Functionalities:

• Issuance Portal: Allows management of recipients, amounts, payment statuses, and data analytics.

• Mobile App / Wallet: Users can store and manage their vouchers, scan QR codes at retailers, and make secure transfers.

• Integration with POS Systems: Facilitates the validation and redemption of benefits at the point of sale.

Blerify offers a Verifiable Credentials (VCs) service based on the W3C Verifiable Credentials (W3C-VC) standard, enabling organizations to issue, manage, and verify digital credentials securely, reliably, and in a decentralized manner. This service is designed to ensure the authenticity, integrity, and privacy of credentials while giving users full control over their personal data.

Key Features:

1. W3C-VC Standard:

   • Credentials adhere to the W3C Verifiable Credentials standard, ensuring interoperability with other systems and platforms.

   • Advanced cryptography is used to guarantee authenticity and prevent forgery.

2. Centralized Issuance and Management:

   • Organizations can issue verifiable credentials through an intuitive administrative portal.

   • Specific attributes (such as memberships, government IDs, certifications, etc.) can be associated with each credential.

3. User Control (Self-Sovereign Identity - SSI):

   • Users store their credentials in a digital wallet under their control.

   • They decide when, with whom, and what information to share, adhering to privacy and consent principles.

4. Instant Verification:

   • Credentials can be instantly and reliably verified by third parties without intermediaries.

   • Uses digital signatures and blockchain to ensure the integrity and validity of credentials.

5. Interoperability:

   • Compatible with other systems following the W3C-VC standard, enabling integration with multiple platforms and ecosystems.

   • Supports protocols such as OpenID4VP and DID (Decentralized Identifiers).

6. Advanced Security:

   • Protects against fraud and identity spoofing through post-quantum cryptography and revocation mechanisms.

   • Includes timestamps and trust lists to ensure credential validity.

Use Cases:

1. Government IDs (Gov ID):

   • Issuance of verifiable credentials for official identification, permits, or licenses.

2. Memberships and Benefits:

   • Membership credentials with associated benefits, such as discounts, exclusive access, or loyalty programs.

3. Certifications and Diplomas:

   • Issuance of academic or professional certificates that can be instantly verified.

4. Secure Access:

   • Credentials for physical or digital access to buildings, systems, or services.

5. Online Identity Verification:

   • Secure authentication for digital services without the need for passwords.

Benefits:

• Transparency and Trust: Credentials are verifiable in real-time, increasing trust between parties.

• Fraud Reduction: Advanced cryptography and traceability prevent misuse or forgery.

• Operational Efficiency: Eliminates manual processes and reduces costs associated with physical document verification.

• User Privacy: Users have full control over their data, complying with regulations such as GDPR.

• Sustainability: Reduces reliance on physical documents, contributing to waste reduction.

Here’s how it works:

1. Scan the POV:

   • During checkout, for example, the user scans a POV QR code displayed on the e-commerce website using their Blerify app.

2. Send Verifiable Credential:

   • The user selects and sends a verifiable credential (e.g., a loyalty card, membership ID, or discount voucher) from their Blerify app.

3. Automatic Verification and Benefit Application:

   • The system verifies the credential’s authenticity and checks the user’s eligibility for benefits.

   • If the user qualifies, the system automatically applies the relevant discount or promotion to their purchase.

4. Complete the Purchase:

   • The user sees the updated total with the applied benefits and proceeds to complete their purchase seamlessly.

Advantages of This Checkout Experience

• Frictionless Process: Users can claim benefits with just a scan, eliminating the need for manual coupon codes or complex steps.

• Enhanced Security: Verifiable credentials ensure that only legitimate users receive discounts, reducing fraud.

• Personalized Offers: The system tailors benefits based on the user’s verified data, improving customer satisfaction.

• Real-Time Verification: Benefits are applied instantly, creating a smooth and efficient checkout experience.

At Blerify, Points of Verification (POVs) are a key tool that enables third parties, such as organizations or merchants, to securely and efficiently verify verifiable credentials issued under international standards like ISO 18013-5 (for mobile driver’s licenses) or W3C Verifiable Credentials. These POVs act as interaction points where digital credentials can be validated in real-time, ensuring their authenticity, integrity, and validity.

POVs are designed to integrate seamlessly into existing systems, such as web applications, mobile apps, or e-commerce platforms, allowing organizations to verify credentials quickly and reliably. This is especially useful in scenarios where it is necessary to validate a user’s identity, permissions, or any other attribute contained in a digital credential.

Why a POV is Ideal for Organizational Login Systems

1. Enhanced Security:

   • A POV verifies the authenticity of digital credentials using cryptographic signatures and blockchain technology, ensuring that only legitimate credentials are accepted.

   • This reduces the risk of fraudulent logins, such as phishing attacks or stolen credentials, since the credentials are tied to the user’s identity and cannot be easily forged.

2. User Privacy:

   • POVs support selective disclosure, meaning users only share the information necessary for login (e.g., proof of identity or age) without revealing unnecessary personal data.

   • This aligns with privacy-by-design principles, ensuring compliance with regulations like GDPR.

3. Seamless User Experience:

   • Users can log in by simply presenting their digital credentials (e.g., from a mobile wallet) instead of remembering complex passwords or going through multi-factor authentication (MFA) processes.

   • This creates a frictionless login experience, improving user satisfaction.

4. Interoperability:

   • POVs are compatible with global standards like ISO 18013-5 (for mDLs) and W3C Verifiable Credentials, making them suitable for organizations that operate across different regions or industries.

   • This ensures that the login system can work with a wide range of digital credentials issued by trusted entities.

5. Real-Time Verification:

   • POVs perform real-time checks on the status of credentials, such as whether they have been revoked or expired.

   • This ensures that only valid and up-to-date credentials are accepted for login.

6. Customizable Verification Policies:

   • Organizations can configure POVs to enforce specific login policies, such as:

     • Requiring credentials from trusted issuers (e.g., government-issued IDs or corporate credentials).

     • Verifying specific attributes (e.g., age, role, or membership status) to grant access to certain resources.

7. Reduced Password Management Overhead:

   • By replacing traditional username/password systems with credential-based logins, organizations can eliminate the costs and risks associated with password management, such as password resets or breaches.

8. Scalability:

   • POVs are designed to handle high volumes of verification requests, making them suitable for organizations of all sizes, from small businesses to large enterprises.

How a POV Works in a Login System

1. User Presents Credential:

   • The user attempts to log in by presenting a digital credential (e.g., an mDL or verifiable credential) from their mobile wallet or app.

2. POV Verification:

   • The POV verifies the credential by:

     • Checking the cryptographic signature to ensure it hasn’t been tampered with.

     • Validating the issuer’s legitimacy (e.g., confirming it was issued by a trusted government or organization).

     • Checking the credential status (e.g., ensuring it hasn’t been revoked or expired).

3. Attribute Verification:

   • The POV verifies specific attributes required for login, such as:

     • Identity: Confirming the user is who they claim to be.

     • Role or Membership: Ensuring the user has the necessary permissions to access the system.

4. Login Approval:

   • If the credential and attributes are valid, the POV approves the login request, granting the user access to the system.

5. Notification:

   • Both the user and the organization receive a notification confirming the successful login.

Benefits of Using a POV for Organizational Login

• Strong Authentication: Replaces weak passwords with secure, cryptographically signed credentials.

• Fraud Prevention: Reduces the risk of unauthorized access through credential verification.

• Privacy Protection: Users only share the minimum required information.

• User Convenience: Simplifies the login process by eliminating the need for passwords or complex MFA.

• Compliance: Helps organizations meet regulatory requirements for identity verification and data protection.

• Scalability: Supports high volumes of login requests, making it suitable for large organizations.

1. QR Code Scanning and Credential Selection

• Once the QR code is published on a website and scanned by the user using the Blerify Wallet App, the app will search for a credential that meets the requirements defined in the POV.

  • If a matching credential is found:

    • The user will be allowed to select the credential and send its data to the website.

  • If no matching credential is found:

    • The user will not be able to proceed, and the process will stop.

2. Page Update and Credential Data Handling

• After the user sends the credential data, the webpage displaying the QR code will be updated with the received information.

• The website can perform various actions based on the credential data, such as:

  • Logging in the user.

  • Registering the user.

  • Validating the user’s access.

  • Using the credential ID to call a procedure and retrieve additional details about the credential, such as the DID (Decentralized Identifier) and any associated benefits (e.g., discounts for e-commerce).

3. Receiving Credential Data via POST

• The credential data is sent to the website via a POST request when the page is redirected.

• The following parameters are included in the POST request:

  • POST['subject']: Contains the name of the person (credential subject).

  • POST['id']: Contains the ID of the credential received.

4. Retrieving Credential Details and Benefits

• Using the credential ID received in the POST request, you can call the following public API endpoint to retrieve detailed information about the credential and its benefits:

  Endpoint:

  Copy

  https://api.blerify.com/api/v1/wallet/credentials/{$id}/verify

  Replace {$id} with the actual credential ID.

5. Example API Response

The API response will include detailed information about the credential, its issuer, verification status, and any associated benefits. Below is an example of the response structure:

jsonCopy

{
  "verificationRegistry": {
    "registered": true,
    "onHold": false,
    "expired": true,
    "revoked": false,
    "revokedAt": null
  },
  "issuer": {
    "blockchainId": 0,
    "previousBlock": 0,
    "legalName": "",
    "category": 8,
    "legalStatus": 2,
    "country": "AR",
    "contactName": "",
    "contactEmail": "",
    "companyCreatedAt": "",
    "companyRegisteredAt": null,
    "companyAddress": null,
    "companyPhone": null,
    "websiteUrl": null,
    "lei": "",
    "registeredAt": null,
    "chainOfTrustAddress": "",
    "expires": false,
    "expireAt": "",
    "dids": [
      "did:lac1:1iT4zWg7gpM5AKbhCXadsaf343rer5KZCWRRAZmkHcowK6uS"
    ],
    "timeline": [
      {
        "blockNumber": 0,
        "events": [
          {
            "name": "Change of Trust contract changed",
            "cotAddress": "0x350555f0e1a493fdfsde57567b51db8a3f6d",
            "status": false,
            "prevBlock": 1
          },
          {
            "name": "Member Changed",
            "did": "did:lac1:1iT4zWg7gpM5AKrewwL6xSC9KD3vgy8kTHkoD5KZCWRRAZmkHcowK6uS",
            "iat": 1734129647,
            "exp": 0,
            "expires": false,
            "rawData": "ewogICJkaWQiIDogrewrebGVnYWxOYW1lIiA6ICJFZGlmaWNpbyBOZXdlbiIsCiAgImNvbnRhY3ROYW1lIiA6ICJQYWJsbyIsCiAgImNvbnRhY3RFbWFpbCIgOiAiZGVtb3Vuby5ibGVyaWZ5K25ld2VuQGdtYWlsLmNvbSIsCiAgImNhdGVnb3J5IiA6IDgsCiAgImNvdW50cnlDb2RlIiA6ICJBUiIsCiAgImxlZ2FsU3RhdHVzIiA6IDIsCiAgImNyZWF0aW9uRGF0ZSIgOiAxNzM0MTE4ODQzLAogICJjb21wYW55Q3JlYXRlZEF0IiA6IDE3MzQxMTg4NDMsCiAgImxlaSIgOiAiIgp9",
            "currentTimestap": 1734129647,
            "prevBlock": 0
          }
        ]
      }
    ]
  },
  "issuerImage": "",
  "rootOfTrust": {
    "valid": true,
    "id": "did:web:lacchain.id:3DArjNYv1q235YgLrfdsgfdmNncxu7qdXVnXvPx22e3UsX2RgNhHyhvZEw1Gb5C",
    "gId": 1,
    "iat": "1970-01-01T00:00:00",
    "exp": "1970-01-01T00:00:00",
    "isValid": true,
    "trustedBy": null,
    "child": {
      "valid": true,
      "id": "did:lac1:1iT4zWg7gpM5AKbhCXa1d6V1fdfddf3vgy8kTHkoD5KZCWRRAZmkHcowK6uS",
      "gId": 161,
      "iat": "2024-12-13T22:40:49",
      "exp": "2025-12-08T22:40:49",
      "isValid": true,
      "trustedBy": "0x7fc60a3389b42c54360fd6810ed047e8b6d7859"
    }
  },
  "subjectDID": "did:lac1:1iT4aCuLD2km6MtCWZ4w4M534ewfucG55xGurAJJuEd5Tdce1XXvhBFZDnSj9b6W513JFy",
  "credential": "{\n  \"@context\" : [ \"https://www.w3.org/2018/credentials/v1\", \"https://vc.blerify.com/membership/other/MembershipCredential\" ],\n  \"type\" : [ \"VerifiableCredential\", \"MembershipCredential\" ],\n  \"id\" : \"19184f44-3f7d-4935-ab8e-ffa89cb04574\",\n  \"issuer\" : \"did:lac1:1iT4zWg7gpM5AKbhCXa1d6V1ZXnjrwL6xSC9KD3vgy8kTHkoD5KZCWRRAZmkHcowK6uS\",\n  \"issuanceDate\" : \"2025-01-23T20:19:17.204Z\",\n  \"name\" : \"MembershipTest\",\n  \"description\" : \"MembershipTest\",\n  \"credentialSubject\" : {\n    \"type\" : [ \"MembershipCredential\" ],\n    \"id\" : \"did:lac1:1iT4aCuLD2km6MtCWZ4w4MYRT3ucG55xGurAJJuEd5Tdce1XXvhBFZDnSj9b6W513JFy\",\n    \"title\" : \"MembershipTest 23 ene\",\n    \"subjectName\" : \"Martin Carrera\",\n    \"kind\" : \"MembershipTest\"\n  },\n  \"proof\" : [ {\n    \"type\" : \"DataIntegrityProof\",\n    \"cryptosuite\" : \"ecdsa-rdfc-2019\",\n    \"created\" : \"2025-01-23T20:20:10.749806592\",\n    \"verificationMethod\" : \"did:lac1:1iT4zWg7gpM5AKbhCXa1d6V1ZXnjrwL6xSC9KD3vgy8kTHkoD5KZCWRRAZmkHcowK6uS#CaMSshUJANwAS3YcovUvFq8ctadLR3xRQ7s7b3WHDfaf\",\n    \"proofPurpose\" : \"assertionMethod\",\n    \"proofValue\" : \"0x8e6ccc0e5495eb0c991ecda7c6334328c3f7ec142efdbec70e9527ed94ae44d17059e6ea130c5f1632fdcb31761c39baed802759027ad52e40b0e83989f1b6101c\",\n    \"domain\" : \"1PbJk8mnGMtBsnkLT2muesuSMrpKksZJNAZ7jC6G23NpG9LuxPTdSpf8UwmxKyxTXbQ7fKQgFNyTgntT9YWQF8Rotf\"\n  } ]\n}",
  "signatureVerification": true,
  "template": {
    "id": "",
    "name": "",
    "description": "",
    "projectId": "",
    "organizationId": ""
  },
  "pdf": "",
  "thumbnail": "",
  "signers": null,
  "issuance": {
    "protocol": "WALLET",
    "issuedAt": "2025-01-23T20:20:12",
    "transactionHash": "",
    "blockNumber": 36488538
  },
  "revocation": null,
  "benefits": [
    {
      "id": "",
      "type": "",
      "shopName": "",
      "productTitle": "",
      "productDescription": "",
      "discountType": "",
      "discountValue": 0,
      "receivedUnits": 0,
      "paidUnits": 0,
      "recurrenceType": null,
      "recurrence": 0,
      "currency": null,
      "availability": [
        "AR"
      ],
      "settings": {
        "images": {
          "productBigImage": "",
          "shopImage": "",
          "productSmallImage": ""
        }
      },
      "category": "",
      "projectId": "",
      "linkedTemplate": false,
      "organizationName": "",
      "organizationLogo": "",
      "expireAt": null
    },
    {
      "id": "",
      "type": "",
      "shopName": "",
      "productTitle": "",
      "productDescription": "",
      "discountType": "",
      "discountValue": 0.0,
      "receivedUnits": 0,
      "paidUnits": 0,
      "recurrenceType": null,
      "recurrence": 0,
      "currency": null,
      "availability": [
        "AR",
        "PE",
        "MX",
        "BR",
        "US",
        "ES"
      ],
      "settings": {
        "images": {
          "productBigImage": "",
          "shopImage": "",
          "productSmallImage": ""
        }
      },
      "category": "",
      "projectId": "",
      "linkedTemplate": false,
      "organizationName": "",
      "organizationLogo": "
      "expireAt" : null
  } ]
}

ContinueNew chat

This system leverages the security, transparency, and decentralization of blockchain to provide an efficient, secure, and user-friendly platform for managing voucher-based transactions.

Key Principles

1. Security:

   • Blockchain ensures all voucher transactions are tamper-proof.

   • Digital signatures authenticate and verify every operation.

2. Decentralization:

   • Vouchers operate without reliance on centralized systems, offering high reliability and independence.

3. Transparency:

   • All voucher issuance and redemption are recorded immutably on the blockchain.

   • Organizations can audit transactions with full confidence.

4. Privacy:

   • User-sensitive data is handled off-chain, linked securely via cryptographic hashes.

   • Ensures compliance with global data protection standards.

Technology Framework

Blockchain-Based Tokens: Blerify vouchers are implemented as blockchain tokens on the LACChain network. This ensures:

• Traceability: Every voucher is uniquely identifiable.

• Real-Time Validation: Transactions are processed and validated instantly.

Integration with Verifiable Credentials:

• Vouchers are issued to users who already possess a Verifiable Credential in their Blerify Wallet.

• Users can present vouchers seamlessly alongside their credentials for validation.

Smart Contracts:

• Smart contracts automate the rules of voucher issuance, redemption, and validation, ensuring consistency and minimizing human error.

1. Efficiency:

   • Streamlines voucher distribution and redemption processes.

2. Scalability:

   • Supports high volumes of transactions without compromising performance.

3. Interoperability:

   • Integrates with diverse systems, enabling a wide range of use cases from loyalty programs to subsidies.

4. User-Centric:

   • Provides users with full control over their vouchers via the Blerify Wallet.

Applications

• Retail: Digital coupons for discounts or promotions.

• Subsidies: Distribution of government aid or benefits.

• Loyalty Programs: Reward points issued as vouchers.

• Event Access: Tickets and passes as redeemable tokens.

Blerify mDL Architecture

The diagram shows a modular architecture for Blerify’s mDL (Mobile Driver’s License) solution, based on multiple layers and services that interact with external and internal systems.

mDL Issuance Process

The process focuses on issuing mDL (Mobile Driver’s License) within an integrated architecture, involving multiple technical stages and components. Here’s a breakdown of the key points:

Authentication

Before using the Blerify API endpoints, you need to authenticate using an access token. This token is obtained from a Service Account previously created in the Blerify portal.

Creating a Service Account

To access the Blerify API, you need to create a Service Account. Follow these steps:

1. Access the Blerify portal: Log in to the Blerify portal using your credentials.

1. Navigate to the "Service Accounts" section: Locate and select the "Service Accounts" section in the portal menu.

2. Create a new Service Account: Click the "Create Service Account" button.

3. Complete the Service Account information:

   • Enter a descriptive name to identify the account (e.g., "Payments Application", "CRM Integration").

   • You can add a description to detail the use of this account.

   • Select the type of encryption algorithm.

   • Select one or more roles that will grant permissions to the Access Token that will be generated.

4. Finish and Download the JSON file: Blerify will generate a JSON file containing the information needed to generate the access token. Store this file in a secure location and do not share it with anyone.

5. File format: JSON

Generating the Access Token

Once you have created the Service Account and downloaded the JSON file, you can generate the access token using your preferred programming language. Here is an example with a Blerify client library developed in PHP.

Example code (PHP):

Response (Example of Generated Access Token):

• access_token: The generated access token.

• expires_in: Lifetime in seconds of the access token. In this example, 3600 seconds (1 hour).

• refresh_token: A token that can be used to obtain a new access token without re-authenticating the user.

Important: The access token has a limited lifetime, specified in the expires_in parameter.

Recommendations:

• Check expiration: Before using the access token, the developer should check if it has expired. To do this, they can compare the current timestamp with the sum of the token generation timestamp and the expires_in value.

• Generate a new token: If the access token has expired, the developer must generate a new one using the Blerify client library.

• Store the token securely: The access token should be stored securely to prevent unauthorized use.

Using the Access Token

Once you have obtained the access token, you can use it to access the Blerify API endpoints. To do this, you must include the access token in the Authorization header of the HTTP request, using the Bearer scheme.

In Blerify’s system, the Point of Verification (POV) user (e.g., a security guard or access controller) plays a central role in managing physical access. The process involves the POV user generating a QR code from their Blerify app, which the end-user scans to present their credential.

1. Enhanced Security:

   • The POV user controls the process, ensuring that only authorized individuals can initiate access requests.

   • Verifiable credentials are cryptographically signed, reducing the risk of fraud or tampering.

2. User Convenience:

   • End-users only need to scan a QR code, and their app handles the rest, making the process quick and intuitive.

   • Automatic credential selection eliminates the need for users to manually choose or present their credentials.

3. Real-Time Verification:

   • Credentials are validated instantly, reducing delays at access points and ensuring a smooth flow of people.

4. Privacy Protection:

   • The system supports selective disclosure, meaning users only share the information necessary for access (e.g., proof of identity or ticket validity) without revealing unnecessary personal data.

5. Flexibility and Customization:

   • The POV user can define specific access requirements (e.g., credential type, issuer trust, or attributes) when generating the QR code, allowing for tailored access policies.

6. Scalability:

   • The system can handle high volumes of access requests, making it ideal for large events, corporate offices, or busy environments.

7. Auditability and Compliance:

   • All access attempts are logged, creating a detailed audit trail for security monitoring and compliance purposes.

8. Interoperability:

   • The system works with global standards like ISO 18013-5 and W3C Verifiable Credentials, ensuring compatibility with a wide range of digital credentials.

When a Blerify user generates a QR code for their credential, another user can scan it to access a public verification portal.

This portal provides a comprehensive view of the credential, including details like the user’s name, credential type, issuance date, and issuer information.

This process enhances transparency and trust, as recipients can independently verify the credential’s validity without relying on physical documents or manual checks. By leveraging blockchain technology, Blerify ensures that credentials are secure, tamper-proof, and globally interoperable. This seamless integration of QR codes and public verification portals simplifies credential sharing while maintaining the highest standards of security and authenticity.

Mejoras en la Interfaz

• Nuevos Textos Descriptivos para Perfiles: Se mejoraron las descripciones en la configuración de perfiles para mayor claridad y facilidad de uso.

QR y PoV Mobile Ajustes en la Generación de QR para PoV Mobile:

• Corrección y optimización en la visualización y escaneo de puntos de verificación mobile.

What is ISO/IEC 18013-5?

It sets clear technical and security guidelines to ensure mobile licenses are secure, trustworthy, and globally interoperable.

The standard focuses on:

• Data Authenticity and Integrity: Ensures all credentials are verifiable and tamper-proof using cryptographic methods.

• User Privacy and Control: Supports Selective Disclosure, allowing individuals to share only the data required for specific transactions (e.g., age verification).

• Global Compatibility: Provides specifications for digital credentials to be recognized and validated both online and offline across borders.

• Secure Communication: Facilitates secure interactions using technologies like NFC, Bluetooth, and QR codes, ensuring seamless verification processes.

With ISO/IEC 18013-5, governments, organizations, and developers have a unified standard for building digital identity solutions that are reliable, private, and universally accepted.

What is ISO/IEC 18013-5?

It sets clear technical and security guidelines to ensure mobile licenses are secure, trustworthy, and globally interoperable.

The standard focuses on:

• Data Authenticity and Integrity: Ensures all credentials are verifiable and tamper-proof using cryptographic methods.

• User Privacy and Control: Supports Selective Disclosure, allowing individuals to share only the data required for specific transactions (e.g., age verification).

• Global Compatibility: Provides specifications for digital credentials to be recognized and validated both online and offline across borders.

• Secure Communication: Facilitates secure interactions using technologies like NFC, Bluetooth, and QR codes, ensuring seamless verification processes.

With ISO/IEC 18013-5, governments, organizations, and developers have a unified standard for building digital identity solutions that are reliable, private, and universally accepted.

Terminology:

• Admin

• Manager

• Assignor

Capability:

Refers to a privilege inherently owned or granted. Such Capabilities are:

• Assertion

• Authentication

• Key Agreement

• Capability Invocation

• Capability Delegation

• Services

Base Considerations:

There are three main levels of control:

• Admin level: Any actor with this privilege has full control over a particular identity instance living on a specified DID Registry, can do any action

Smart Contract Considerations:

• Due to the roles feature that DID Controller has it allows multiple agents controlling a particular DID Registry at the same time.

• Due to gas limitations, full verification of the payload to be relayed is not made. The contract just resolves the type of property to be added to the DID Document (verification method,service, controller management action) and determines whether the agent calling the contract is authorized to perform such action.

Decentralized Public Key Directories (DPKDs)

DPKDs serve as on-chain registries where the identity of issuers of Digital Credentials is publicly recorded, allowing third parties to resolve and verify them in a trustless manner. These decentralized public key directories are implemented as smart contracts compatible with any Ethereum Virtual Machine (EVM)-based blockchain.

Our data schema enables the association of an issuer’s identity information with multiple data formats, including:

• W3C Verifiable Credentials (VCs)

• ISO 18013 digital credentials

• EBSI Legal Entity data formats

• Other standardized and custom schemas

Additionally, our solution supports immutable timestamps, allowing the system to record when an entity ceases to be valid within the DPKD. This ensures historical transparency and facilitates time-bound verification. These DPKDs are designed to be governed by a Decentralized Certificate Authority (DCA), ensuring decentralized and tamper-proof identity verification.

Decentralized Trusted Lists (DTLs)

DTLs introduce a multi-level smart contract framework where individuals or organizations can endorse reputational trust to other entities for general or specific purposes. Similar to our DPKD, our DTL solution allows the use of immutable timestamps, enabling transparent tracking of trust endorsements and revocations. If an entity’s reputational trust is removed, any credential or asset issued by that entity can be rejected based on its validity timeframe.

DTLs are interoperable with DPKDs, allowing for seamless integration between public key verification and reputational trust mechanisms. Unlike DPKDs, which focus on identity verification, DTLs are designed to be self-managed by the entities that issue and receive endorsements.

Authentication & Security in DPKDs and DTLs

Since DPKDs and DTLs are built on EVM-compatible blockchains, every privileged action must be authenticated. Our architecture supports two authentication models:

1. Externally Owned Accounts (EOAs) – Simple authentication usig a private key-controlled Ethereum account.

2. Contract Accounts (CAs) – A more advanced and secure model where contract-based authentication replaces single-key authentication.

This enables entities to secure access to DPKD/DTL instances using smart contracts instead of relying solely on cryptographic keys. Key benefits include:

• Multi-signature contract accounts, adding an extra layer of security for identity management.

• Account abstraction, allowing the implementation of custom authentication mechanisms beyond the standard ECDSA-secp256k1 signatures (used across Ethereum networks).

• Hardware Security Module (HSM) integration, enabling enterprises to enhance security and mitigate risks related to key compromise.

Decentralized Root of Trust (DRoT) & Access Recovery

In the Decentralized Root of Trust (DRoT) model, entities always retain a path to recover access. The entity that initially endorsed trust can update or restore access when necessary. However, endorsing trust to another entity does not imply control over that entity's identity.

Furthermore, when an entity is endorsed, it must acknowledge the endorsement to establish trust. The mechanism for acknowledgment is left to implementations built on top of this protocol, allowing flexibility in trust management while preserving decentralization and autonomy.

For each level of depth in the trusted lists, is it possible to create different groups.

The verifiability of digital credentials depends on the cryptographic signatures of issuers and subjects. Historically, X.509 certificates have been used for authentication, primarily in server and application security. However, these certificates lack the scalability and flexibility needed for digital credentials. A more scalable approach requires decentralized identifiers (DIDs), which allow entities to manage multiple cryptographic key pairs while supporting key rotation, revocation, and multiple endpoints. This makes DIDs an ideal solution for modern digital credential ecosystems.

• Backwards Revocation Time Support: This feature allows a DID controller to revoke a key not only from the moment of revocation but also retroactively, specifying a time in the past (t₁) after which the key is considered revoked. This is particularly useful when revoking a key without invalidating all cryptographically verifiable statements signed with it—only those issued after t₁ are affected. Key benefits are:

  • Transparency: Since revocations are recorded on the blockchain, all key changes are fully traceable and auditable.

  • Key Compromise Scenarios: If a key associated with a DID is compromised, the controller has two options:

    1. Full revocation, which invalidates all statements signed with that key.

    2. Selective revocation, where the controller specifies a past date when the key became invalid (e.g., if a vulnerability was identified X days ago, only statements issued after X days ago are revoked, while earlier statements remain valid). To ensure a verifier can trust that a cryptographically verifiable statement was made before X days ago, the statement should include a proof of time, such as a timestamp anchored to a blockchain. This allows verifiers to confirm the document’s existence at a specific point in time.

• Direct DID Registry Resolution: Our method encodes the exact path to the DID registry within the DID itself, eliminating the need for additional lookups and ensuring seamless resolution.

• Backward Compatibility & Upgradability: Enhancements to the DID method are designed to be fully backward compatible, ensuring continued support for existing implementations while allowing for future improvements.

• DID Migration Support: Through the also Known as attribute, our method enables smooth migration to a different DID, ensuring identity continuity without disrupting existing verifiable interactions.

By integrating these innovations, our DID method enhances trust, transparency, and flexibility, making it a powerful solution for verifiable credentials and decentralized identity management

Technical Diagrams for Quantum-Resistant Communication

The communication diagram between servers has been updated.

The process of obtaining a certificate involves:

• Downloading an executable (certificate manager) that allows the generation of hybrid certificates.

• User authentication.

• Generating a CSR (Certificate Signing Request).

• Generating the certificate and registering it in a high-availability trust list with a timestamp.

• Sending the CSR to Blerify.

• Receiving the hybrid certificate issued by Blerify.

Blerify has taken a proactive approach to cybersecurity by integrating post-quantum certificates into its platform. This advanced feature ensures that the system remains secure against potential future threats posed by quantum computing.

1. What Are Post-Quantum Certificates?

Post-quantum certificates are cryptographic credentials designed to resist attacks from quantum computers. Traditional encryption methods, such as RSA and ECC (Elliptic Curve Cryptography), rely on mathematical problems that quantum computers could eventually solve efficiently (e.g., Shor's algorithm). Post-quantum cryptography, on the other hand, uses algorithms that are believed to be secure even against quantum computing power.

2. Why Are Post-Quantum Certificates Important?

Quantum computers, while still in development, have the potential to break widely used encryption methods. By adopting post-quantum certificates, Blerify ensures that its platform remains secure in the long term, protecting sensitive data and maintaining trust with users even as quantum computing technology advances.

3. How Blerify Implements Post-Quantum Certificates

Blerify has integrated post-quantum cryptographic algorithms into its infrastructure. These algorithms are used for:

• Key Generation: Creating secure cryptographic keys resistant to quantum attacks.

• Digital Signatures: Ensuring the authenticity and integrity of data.

• Encryption: Protecting data in transit and at rest from quantum decryption attempts.

4. Benefits of Post-Quantum Certificates in Blerify

• Future-Proof Security: Protects the platform against emerging quantum threats.

• Compliance with Standards: Aligns with recommendations from organizations like NIST (National Institute of Standards and Technology), which is actively standardizing post-quantum cryptographic algorithms.

• Enhanced Trust: Demonstrates Blerify's commitment to cutting-edge security practices.

• Seamless Integration: Post-quantum certificates work alongside traditional cryptographic methods, ensuring compatibility and smooth operation.

5. How Blerify Ensures a Smooth Transition

Blerify has implemented a hybrid approach, combining traditional and post-quantum cryptography. This ensures:

• Backward Compatibility: Existing systems and integrations continue to function without disruption.

• Gradual Adoption: Users and organizations can transition to post-quantum certificates at their own pace.

• Continuous Updates: Blerify stays ahead of the curve by monitoring advancements in quantum computing and cryptography, ensuring the platform remains secure.

6. Use Cases for Post-Quantum Certificates in Blerify

• Verifiable Credentials (VCs): Protecting the issuance, storage, and verification of VCs from quantum attacks.

• Data Encryption: Safeguarding sensitive user data and communications.

• Digital Signatures: Ensuring the authenticity of documents and transactions.

• API Security: Securing interactions between Blerify and external systems.

It allows customers to redeem vouchers seamlessly while ensuring that merchants can validate and confirm transactions in real-time. Below is a step-by-step guide and a detailed summary of the process.

Step-by-Step Process:

1. User Action: The customer opens the Blerify app and scans the merchant’s QR code.

2. Merchant System: The cashier registers the transaction amount in their POS system.

3. Voucher Selection: The user selects the desired voucher and submits the payment request.

4. Code Generation: The app generates a unique 6-digit code for the transaction.

5. Merchant Validation: The cashier enters the code in their system and triggers a call to the Blerify API.

6. API Verification:

   • The API checks the validity of the code, ensuring the transaction is in a pending state.

   • If valid, the API confirms the transaction and marks the voucher as redeemed.

7. Final Notification: Both the customer and merchant are notified of the successful transaction.

Revocation of certificates

From the Blerify Portal, the user can request the revocation of a certificate. Once the Blerify CA administrator authorizes the revocation, the corresponding certificate will be published in the trust list as a revoked record.

1. Certificate Structure and Components

A post-quantum certificate typically includes:

• Public Key: Generated using post-quantum cryptographic algorithms.

• Digital Signature: Created using a post-quantum signature scheme.

• Metadata: Information such as issuer details, validity period, and usage constraints.

• Extensions: Additional data, such as key usage policies or revocation status.

2. Steps to Verify a Post-Quantum Certificate

a. Validate the Certificate Chain

• Verify that the certificate is issued by a trusted Certificate Authority (CA) using post-quantum cryptographic methods.

• Check the entire certificate chain, ensuring that each intermediate and root certificate is valid and trusted.

b. Verify the Digital Signature

• Use the issuer's public key (also post-quantum) to verify the digital signature on the certificate.

• Ensure the signature was generated using a post-quantum algorithm (e.g., CRYSTALS-Dilithium, SPHINCS+, or Falcon).

c. Check the Validity Period

• Confirm that the certificate is within its validity period (not expired or not yet active).

d. Verify Revocation Status

• Check the certificate against a Certificate Revocation List (CRL) or use an Online Certificate Status Protocol (OCSP) to ensure it has not been revoked.

• For post-quantum systems, this step may involve querying a quantum-resistant revocation database.

e. Validate Key Usage

• Ensure the certificate is being used for its intended purpose (e.g., encryption, signing, or authentication) as specified in the key usage extensions.

f. Verify the Integrity of the Certificate

• Ensure that the certificate has not been tampered with by recalculating and comparing its hash or using other integrity-checking mechanisms.

3. Tools and Protocols for Verification

• Post-Quantum Cryptographic Libraries: Use libraries like Open Quantum Safe (OQS) or others that support post-quantum algorithms.

• Trusted CA Infrastructure: Ensure the CA issuing the certificate is using post-quantum standards.

• Revocation Services: Use quantum-resistant revocation mechanisms, such as CRLs or OCSP, updated for post-quantum environments.

4. Example Workflow for Verification

1. Receive the Certificate: Obtain the post-quantum certificate from the entity presenting it.

2. Extract Public Key and Metadata: Parse the certificate to retrieve the public key and other details.

3. Verify the Signature: Use the issuer's public key to validate the certificate's signature.

4. Check Validity and Revocation: Ensure the certificate is valid and not revoked.

5. Confirm Key Usage: Validate that the certificate is being used appropriately.

6. Final Validation: If all checks pass, the certificate is considered verified.

5. Challenges in Post-Quantum Certificate Verification

• Algorithm Transition: Ensuring compatibility between traditional and post-quantum systems during the transition phase.

• Performance: Post-quantum algorithms may require more computational resources, impacting verification speed.

• Standardization: Waiting for finalization of post-quantum standards by organizations like NIST.