How can a verifier access the user's personal data at the request of an authority?

Created by Charanraj Shetty, Modified on Mon, 8 May, 2023 at 5:03 PM by Charanraj Shetty

This can be achieved by changing the query presented by the verifier and using selective disclosure. 

  1. The Issuer should include an identifier of the KYC credential that the issuer is using in its internal systems (not related to the user DID, but to the specific KYC process followed to this credential) - for this, the field has to be already present in the credential Schema (we recommend that this is a mandatory field)

  2. The verifier should always query this field as part of the KYC check (with selective disclosure). For example, the query could be “Prove that you have passed KYC and share the KYC identifier field”. The verifier should store this KYC identifier along with the user's DID.

 

In case the authorities need to reveal the data behind the KYC process, and even if the user is using profiles to hide his DID from the issuer and the verifier, the authorities will be able to use the KYC identifier to request the data from the issuer.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article