How can we ensure that the person presenting a credential is truly the same person who received the credential?
This is a crucial question, especially when dealing with sensitive information.
Our approach is to have the biometric provider issue a short-lived credential attesting to a recent biometric check whenever the issuer or verifier needs to confirm the physical presence of a credential holder.
This biometric check credential can be used by the issuer to embed biometric-binding attributes into the primary credential of interest (the credential issued by a standard issuer, such as a bank or government authority), and then it can be used by the verifier to check that it is the same person presenting the primary credential.
Let's break down the process:
- Enrollment: The first step involves the user providing a biometric sample, such as a thumbprint or face scan, which the biometric provider can use to generate a biometric enrollment credential. The key advantage here is that the biometric data remains on the user's device—there's no need for the biometric provider to maintain a large, potentially vulnerable database. This credential, signed by the biometric provider, is secure and tamper-proof.
- Issuance: The biometric provider can use the enrollment credential from the previous step to derive a separate biometric check credential that is shared with the issuer of the primary credential. The biometric check credential does not contain the biometric data, but is evidence that the biometric provider was able to successfully check a biometric that matches a specific privacy-preserving biometric ID. The issuer embeds into the primary credential some attributes identifying the issuer of the biometric check credential and the biometric ID that was used. These are known as biometric-binding attributes.
- Verification: When verifying the primary credential, relying parties will also request a fresh biometric check credential. The user’s wallet will enable the biometric provider to perform a new biometric check and issue the associated credential containing the same biometric ID that was recorded in the enrollment credential. The verifier can then confirm that the biometric ID in the primary credential matches the biometric ID in the biometric check credential, proving that it is the same physical person who was issued the primary credential.
As an example, let’s look at how a bank can tie a customer identity credential to an individual’s biometric.
Before issuing the credential, the bank would request that the customer shares a fresh biometric check credential.
This will trigger the wallet to enroll the customer’s biometric as part of issuing the biometric check credential.
The bank can then embed the biometric-binding attributes into the customer identity credential that they issue.
When the customer wants to prove their identity to a verifier, the verifier can require a recent biometric check credential along with the bank-issued identity credential.
This will trigger the wallet to have the biometric provider run a biometric check and issue a new biometric check credential which will then be used to confirm that the person presenting the bank identity credential is indeed the same person who originally received it.
By making the biometric provider a recognized issuer within the credentialing ecosystem, we streamline the process.
All necessary integrations happen on the user's device, ensuring data security while allowing for robust biometric proofing and credential binding.
This method eliminates the need for each participant in the ecosystem to integrate directly with the biometric provider, reducing complexity and cost.
Additionally, the biometric provider can monetize their services as these credentials are utilized throughout the ecosystem.
You can learn more by reading our documentation on biometric-bound credentials and the biometric service provider plugin for wallets.