Addresses the case where a verifier cannot supply a challenge to proof the credential

Description (User Story)

The very first credentials were just parchements with a seal in wax or other media, like the Chinese "Chop" mark. These type of credential remain the most common today. This use case addresses credentials that can be read in digital format, but not modified by the user app in any way.

Narrative

There are two media that are most common for an RO digital cred today: (1) The NFC card and (2) a bar code, or QR code containing the information. These are given to the user in for storage on a mobile phone, or printed on a card or piece of paper. It is common for credentials installed on a mobile phone to also be provided as a bar or QR code to handle cases where the phone is non-functional for some reason.

Secondary Use Case

It is also possible for the verifier to obtain additional credentials as well as the RO Cred including a proof of presence response to a nonce transmitted by the Verifier. That case is not addressed here because the primary cred is still just an RO cred.

Many RO creds are also available using a BLE (Bluetooth Low Energy) or other radio, but these are similar to NFC and so are not further considered.

Actors

Actor	Role in the use case
Holder	of the cred
Verifier	of the cred
NFC card	hold the cred

User Stories

Element	Detail	Notes
As a,	<description of user>
I want	<functionality>
so that	<benefit>
Acceptance Criteria
Given	<how things begin>
When	<action taken>
Then	<outcome of taking action>

Prerequisites / Assumptions

Duplication of RO cred can be simple and so mitigation like short time duration and online verification are often employed to prevent replay attacks.
Note that online verification is a privacy risk of the issuer leaning where the cred has been used. This logging is also considered to be a positive security feature as attacks during of after presentment can be evaluated.
One well-know replay attack against a smart health card COVID credential is that when installed on an Apple wallet, it can be displayed to another phone which can capture the cred and install in the reader's wallet.

Use Case Details

Privacy

Data Provided

Data Retained

Diagram

Steps

Primary Use Case

The anticipated normal sequence

#	Step	Description
1
2
3
4

Secondary Use Case(s)

Alternate or variant sequences

#	Step	Description
1
2
3
4

Sequence Diagram

End State

Describe what measures or signifies the end of the case

Success

Markers or metrics that indicate success

Failure

Markers or metrics that indicate failure

References

Champion / Stakeholder

Tom Jones

Related Material

Resources and Links

Browser not supported