How Affinidi Vault Works

Learn how to use Affinidi Vault to discover, collect, store, share, and monetise your data with consent.

Use Affinidi Vault to discover, collect, store, share, and monetise your data across different applications while controlling your data. Applications that wish to request data from you must get the user’s consent before being able to extract the data from the Affinidi Vault through Verifiable Presentation (VP).

Affinidi Vault stores your data securely on the local storage of your device (edge).

Requesting Data from Affinidi Vault

The Affinidi Vault uses the Presentation Exchange protocol , which allows developers to query user data from the Affinidi Vault with consent. Applications can assess the trustworthiness of the data by describing the required data that the user must satisfy using the presentation definition.

See the sample PEX query that requests the user’s basic information from their Affinidi Vault:

{
  "id": "token_with_identity_fullname_vc",
  "input_descriptors": [
    {
      "id": "profile_name",
      "name": "Profile Name",
      "purpose": "Check if data contains necessary fields",
      "constraints": {
        "fields": [
          {
            "path": [
              "$.@context"
            ],
            "purpose": "Verify VC Context",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^https://schema.affinidi.io/profile-template/context.jsonld$"
              }
            }
          },
          {
            "path": [
              "$.type"
            ],
            "purpose": "Verify VC Type",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^ProfileTemplate$"
              }
            }
          },
          {
            "path": [
              "$.credentialSubject.person.givenName"
            ],
            "purpose": "Require first name"
          },
          {
            "path": [
              "$.credentialSubject.person.familyName"
            ],
            "purpose": "Require last name"
          },
          {
            "path": [
              "$.credentialSubject.person.birthdate"
            ],
            "purpose": "Require birthdate"
          }
        ]
      }
    }
  ]
}

The above presentation definition enables businesses to onboard users into their platform seamlessly by requesting the basic information already available in the user’s Affinidi Vault with their consent.

Explore Affinidi Iota Framework to learn how to enable your application with a consent-based data-sharing process.

Data collected by users from different authoritative or trusted sources is stored and managed within the Affinidi Vault, which is accessible only to the user. Applications or websites can implement a flow or call to action that allows them to request data from the user in exchange for a particular value (e.g. a personalised experience or offer).

At the core of this data-sharing flow, the user is asked for consent to share their data stored in the Affinidi Vault.

The consent page displays the data requested by the application, and the user must select to either allow access to this data or decline the request. If multiple profiles are created in the user’s Affinidi Vault, the user must select which available profiles they want to share the data from. Read more about multi-profile here.

Additionally, the user can select to remember the consent for the application so that next time, the user will no longer be asked for consent.

Affinidi Vault Features

Affinidi Vault provides the following feature that enable users to securely store, manage, and share their data.

Multi-Profile Management

Affinidi Vault empowers users to create different representations of themselves based on various contexts. It enables users to create different profiles containing different data sets that they can use to claim credentials and share data depending on the websites they interact with. For example, users may have different representations of themselves in social platforms compared to other platforms such as e-commerce or online learning sites.

Read more about profiles and how claiming and sharing credentials works with multi-profile here.

Inside the Affinidi Vault, users can see all the sites where they have given their consent, including the date/time they have provided their consent and if they have allowed automatic consent.

Backup and Restore

Affinidi Vault enables users to back up their Affinidi Vault data and restore it when setting up Affinidi Vault account.

Backup Note

The backup is encrypted and can only be restored with the user’s Affinidi Vault passphrase.

Backup Affinidi Vault Data

The Affinidi Vault provides two options to back up your Affinidi Vault data:

Local Backup: An encrypted JSON file is generated and downloaded to your machine if you select a local backup.
Cloud Backup: If you select Cloud Backup, Affinidi Vault will send an email with the Backup ID and details on restoring and deleting the backup.

Restore Affinidi Vault Backup

The encrypted Affinidi Vault backup can be restored using one of the two options when setting up your Affinidi Vault.

Restore from the JSON file you downloaded as a backup.
Restore from Cloud Backup using the Backup ID sent to your email when you back up using Cloud.

Delete Affinidi Vault Data

The user has the option to delete Affinidi Vault data that is securely stored on their device if they wish. Ensure you have generated a backup to restore the previous data before deleting your Affinidi Vault data.

To delete your Affinidi Vault data from the current device, go to the Settings page, click the Delete vault section and enter your Passphrase to confirm. This action can’t be undone. All your data, including settings and personal content will be permanently deleted.

Passphrase Reset

Passphrase reset provides a mechanism for users to seamlessly and securely recover access to their Affinidi Vault. In the settings page of the Affinidi Vault, users can download PDF files containing a QR code and secret phrases, which must be securely stored and/or distributed to trusted parties or devices.

Read more about how Passphrase reset works here.

Affinidi Vault - Passphrase Reset Settings

If the user forgets their passphrase to unlock their Affinidi Vault, they can click the Forgot passphrase link in the Affinidi Vault login screen and upload two of the three PDF files downloaded previously to reset the passphrase.

It provides a smoother user experience and enhanced security while using the Affinidi Vault.

Note

Users must securely store and distribute the PDF files to their trusted parties or devices for enhanced security and retrieve them when they need to regain access to their Vault. Read more about Passphrase reset here.

If the user updates their passphrase after downloading the PDF files, they will need to download the files again.

Learn more about the available data and how to request user data from the Affinidi Vault.

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.