By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
DenyAccept

Biometric-Bound Verifiable Credentials: Full Presentation at EIC 2025 [Video and Takeaways]

Published
May 16, 2025
Table of content
This is also a heading
This is a heading

Join 14,000+ identity enthusiasts who subscribe to our newsletter for expert insights.

By subscribing you agree to with our Privacy Policy.
Success! You’re now subscribed to the newsletter.
Oops! Something went wrong while submitting the form.

At this year’s European Identity and Cloud Conference (EIC), Richard Esplin, Head of Product at Dock Labs, delivered a session on one of the most pressing challenges in digital identity: How can we ensure that the person presenting a digital credential is really the one it was issued to?

His answer lies in the combination of verifiable credentials and biometrics. Used together, these technologies can give organizations strong assurances about identity ownership, while preserving user privacy and avoiding the pitfalls of centralized data storage.

Here are the key takeaways from the presentation.

Identity Today: Complexity, Silos, and Risk

  • Fragmented identity systems are a major problem
    • Caused by M&A, rogue teams, or diverging business units
    • Identity architects struggle to unify platforms across environments
  • Cross-organizational sharing adds friction
    • Businesses often need to pass identity data across organizational boundaries
    • Results in expensive, brittle integrations
  • Adversaries are increasingly sophisticated
    • State-sponsored actors use advanced tools, including AI
    • Sensitive identity data is a prime target

The Human Factor in Identity

  • People are complex and hard to pin down digitally
    • Individuals want to be trusted, but institutions often prefer data from third parties
    • There’s a tension between user empowerment and organizational risk aversion
  • Informal identity delegation is common
    • People let others act on their behalf (coworkers, family)
    • AI agents will make this more common and harder to detect
  • End-user devices are unreliable
    • Users often reuse passwords, leave devices unlocked, or share them
    • Trusting identity data from devices is risky without additional safeguards
  • Identity matching is difficult
    • When two systems say they know “Jane Doe,” how do we know it’s the same person?
    • And how do we know that person is the one currently interacting?

The Role of Verifiable Credentials

  • Verifiable credentials shift control to the user
    • The user carries their data and chooses when/how to share it
    • Information is still signed by trusted issuers, preserving trust
  • Consent and integrity are built-in
    • Credentials ensure traceability and tamper-evidence
    • Organizations can trust the source and the context of shared data
  • Flexible and secure integration
    • Attributes, issuers, and use cases can change without modifying backend systems
    • Reduces the number of systems accessing sensitive data, improving security posture

Biometrics as a Trust Anchor

  • Biometrics prove possession
    • Ensure the person presenting a credential is the person it was issued to
    • Essential in the age of device sharing and AI delegation
  • The goal: keep biometric control with the user
    • Avoid centralized biometric honeypots
    • Reduce privacy risks by not duplicating or sharing biometric data unnecessarily

Models for Biometric Storage and Matching

  • Traditional model: central database
    • High risk, hard to secure
    • Often regulated and slow to adapt
  • Innovative model: distributed computation
    • Biometric data split and reassembled only with a valid sample
    • More secure but technically complex
  • Emerging model: credentials holding biometric data
    • Credential stored on device, signed by biometric service
    • Easier to implement while retaining trust

Choosing Sensors and Environments

  • Sensors at verifier location
    • High control, physical security possible
    • Trust, flexibility, and vendor lock-in are concerns
  • Sensors in user’s device (wallet)
    • High usability and flexibility
    • Better fits with decentralized identity model
    • Relies on trusting user devices
  • Comparison on device
    • Most private option, data never leaves the device
    • Needs strong assurance that device hasn’t been tampered with
  • Comparison in the cloud
    • Easier to standardize and scale
    • Biometric data leaves device for processing (not necessarily storage)

Combining Biometrics + Credentials

  • The Dock Labs approach: biometric-bound credentials
    • Biometrics enrolled and stored locally in the wallet
    • Credential issued by the biometric service with a non-derivable biometric ID
    • Future checks trigger local comparisons and generate temporary proof credentials
  • Three-credential system:
    • Enrollment Credential
      • Biometric data, signed by issuer, includes a non-derivable biometric ID
    • Biometric Check Credential
      • Time-limited, confirms successful recent biometric match
    • Biometric-Bound Credential
      • Ties the original credential (e.g., bank ID) to the biometric check
  • How it's used
    • Verifier receives the bound credential and a recent biometric check credential
    • Confirms both come from the same ecosystem and issuer
    • Provides assurance the user is the rightful holder of the credential

Advantages of This Architecture

  • Data remains siloed by design
    • No need to expose databases or transfer raw identity data
  • Relying parties gain trust with less friction
    • Strong guarantees without storing or processing sensitive biometrics
  • Modular and interoperable
    • Works with multiple biometric providers and supports updates
    • Avoids vendor lock-in

Create your first Verifiable Credential today

Truvera enables IDV providers and IAM systems to verify the same person across multiple businesses or siloed systems. It enables them to easily confirm that a user has been verified before, create a consistent view of that user’s identity and significantly reduce onboarding friction.

Sign up for free
Request Free Consultation

Ready to get started?

Sign up to TruveraRequest Free Consultation

Company

Truvera Platform

Developers

Industries

Resources

Copyright © 2024 Dock Labs AG