search

New ID System (Verifiable Credentials)

National digital identity and verifiable credentials under S.I.G.N., including SSI principles, trust registry, offline verification, and revocation/status.

hashtag
Purpose

The New ID System provides a reusable national identity + credentialing layer built on:

  • Self-Sovereign Identity (SSI) principles

  • W3C Verifiable Credentials (VC)

  • W3C Decentralized Identifiers (DID)

  • selective disclosure + privacy-preserving proofs

  • trust registry + revocation/status infrastructure

This system enables:

  • one citizen, one verifiable identity layer (across agencies and regulated operators),

  • interoperability across service providers,

  • privacy-preserving verification without central “query my identity” APIs,

  • standardized, inspection-ready audit evidence.

hashtag
SSI principles (operationalized)

A national SSI design should support:

  • User control and consent: holders decide when/where to present credentials

  • Portability: credentials usable across agencies and regulated operators

  • Privacy by design: disclose only what is required; avoid linkability

  • Cryptographic verification: verifiers validate without issuer live queries

  • Standards-based interoperability: reduces fragmentation and vendor lock-in

hashtag
Credential lifecycle (VC)

hashtag
1) Issuance

  • Authorized issuer signs a VC bound to a schema

  • Credential is delivered to a holder wallet (non-custodial)

hashtag
2) Storage

  • Holder stores VCs locally (device secured)

  • Keys and credential material must be protected by device security and policy-approved recovery

hashtag
3) Presentation

  • Holder constructs a presentation (VP)

  • Only required attributes are disclosed (or proved via ZK / selective disclosure)

hashtag
4) Verification

Verifier checks:

  • issuer signature validity

  • issuer legitimacy via trust registry (accreditation)

  • schema compliance (expected fields/types)

  • revocation/status validity at verification time

hashtag
5) Revocation / status

Issuer updates status registry; verifiers check during verification.

hashtag
Components

hashtag
A) Issuer services

  • credential issuance service (OIDC4VCI recommended)

  • issuer DID/key custody

  • issuer governance and audit logging

hashtag
B) Holder wallets

Key capabilities:

  • non-custodial storage

  • biometric/device-protected access

  • offline presentation (QR/NFC)

  • multi-credential management

  • secure key backup/recovery (as approved by policy)

hashtag
C) Verifier services

  • verification SDK/service for VCs and VPs

  • status check logic (bitstring status lists)

  • verification event logging (evidence)

hashtag
D) Trust registry (anchored)

Tracks:

  • issuer DIDs + public keys

  • issuer accreditation status

  • approved schemas and schema versions

  • revocation/status endpoints/references

  • governance policy for issuer onboarding/offboarding

hashtag
Reference technical specifications (identity stack)

  • Credential model: W3C Verifiable Credentials 2.0

  • Identifier: W3C DIDs

  • Formats: VC-JWT, SD-JWT VC, JSON-LD with BBS+

  • Signature algorithms: ECDSA (secp256k1, P-256), EdDSA (Ed25519), RSA

  • ZK proof systems: Groth16, Plonk, BBS+ (unlinkable credentials)

  • Wallet security: device secure enclave + biometric authentication

  • Issuance protocol: OpenID for VC Issuance (OIDC4VCI)

  • Presentation protocol: OpenID for VC Presentations (OIDC4VP)

  • Revocation: W3C Bitstring Status List

  • Offline support: QR and NFC-based credential presentation

  • mDL compatibility: ISO/IEC 18013-5/7

hashtag
Privacy-preserving verification

hashtag
Selective disclosure patterns

Examples:

  • “age ≥ 18” without revealing full DOB

  • “resident of region X” without revealing full address

  • “licensed professional” without revealing full license number

hashtag
Unlinkability patterns

When using unlinkable credentials (e.g., BBS+ or ZK-backed), design verifiers to:

  • avoid storing correlatable identifiers

  • store minimal evidence required for audit

  • rotate verifier session identifiers to reduce metadata linking

hashtag
Revocation and status (recommended model)

A verifier should:

  1. verify issuer signature

  2. verify issuer trust registry accreditation

  3. check status list at verification time

  4. log the status check time + reference (evidence)

Example verification evidence (illustrative):

hashtag
How Sign Protocol fits (evidence layer)

Sign Protocol can anchor:

  • issuer accreditation events

  • schema publication and versions

  • verification evidence (when appropriate)

  • eligibility proofs for programs

  • audit manifests and reconciliation anchors

It also supports privacy modes (including ZK attestations) to avoid exposing sensitive details on public rails.

hashtag
Interoperability with money + capital

hashtag
Identity → Money

  • Identity proofs enable account creation (CBDC or regulated stablecoin)

  • compliance checks can reuse credential evidence (per policy)

hashtag
Identity → Capital / distribution

  • eligibility attributes gate access to benefits and subsidies

  • duplicate prevention uses identity-linked targeting and evidence checks

hashtag
Where to go next

PreviousNew Money System (CBDC & Stablecoins)NextNew Capital System (RWA / Programmable Capital)

Last updated

Was this helpful?