How Affinidi Vault Works

Use Affinidi Vault to discover, collect, store, share, and monetise your data across different applications while controlling your data. Applications that wish to request data from you must get the user’s consent before being able to extract the data from the Affinidi Vault through Verifiable Presentation (VP).

Affinidi Vault stores your data securely on the local storage of your device (edge).

Requesting Data from Affinidi Vault

The Affinidi Vault uses the Presentation Exchange protocol , which allows developers to query user data from the Affinidi Vault with consent. Applications can assess the trustworthiness of the data by describing the required data that the user must satisfy using the presentation definition.

See the sample PEX query that requests the email address of the user from the Affinidi Vault:

{
  "id": "email_vc_data",
  "name": "Email VC data",
  "purpose": "Check if data contains necessary fields",
  "constraints": {
    "fields": [
      {
        "path": [
          "$.credentialSubject.email"
        ],
        "purpose": "Email address",
        "filter": {
          "type": "string"
        }
      }
    ]
  }
}

The above definition is part of the default presentation definition of Affinidi Login, which authenticates users using their verified email address as their identity.

Explore our Labs to learn how to request user data from your application.

Sharing Data with Consent

Data collected by users from different authoritative or trusted sources is stored and managed within the Affinidi Vault, which is accessible only to the user. Applications or websites can implement a flow or call to action that allows them to request data from the user in exchange for a particular value (e.g. a personalised experience or offer).

At the core of this data-sharing flow, the user is asked for consent to share their data stored in the Affinidi Vault.

The consent page displays the data requested by the application, and the user must select to either allow access to this data or decline the request. If multiple profiles are created in the user’s Affinidi Vault, the user must select which available profiles they want to share the data from. Read more about multi-profile here.

The screenshot shows a preview of the multi-profile feature of Affinidi Vault that is coming soon.

Additionally, the user can select to remember the consent for the application so that next time, the user will no longer be asked for consent.

Affinidi Vault Features

Affinidi Vault provides the following feature that enable users to securely store, manage, and share their data.

Multi-Profile Management

Affinidi Vault empowers users to create different representations of themselves based on various contexts. It enables users to create different profiles containing different data sets that they can use to claim credentials and share data depending on the websites they interact with. For example, users may have different representations of themselves in social platforms compared to other platforms such as e-commerce or online learning sites.

Read more about profiles and how claiming and sharing credentials works with multi-profile here.

Liveness Check

To provide an additional layer of authenticity, security, and a better user experience when onboarding the users to the application. Affinidi Vault can verify if the user is real by doing a Liveness check. Liveness check is a technique that securely detects whether the source of a biometric sample is a real person or a fake representation by taking a live photo of the user.

The Affinidi Vault generates a Verifiable Credentials called HITLivenessCheck that represents the result of the Liveness check, whether it is passed or failed.

Consent History

Inside the Affinidi Vault, users can see all the sites where they have given their consent, including the date/time they have provided their consent and if they have allowed automatic consent.

Backup and Restore

Affinidi Vault enables users to back up their Affinidi Vault data and restore it when setting up Affinidi Vault account.

Backup Affinidi Vault Data

The Affinidi Vault provides two options to back up your Affinidi Vault data:

• Local Backup: An encrypted JSON file is generated and downloaded to your machine if you select a local backup.
• Cloud Backup: If you select Cloud Backup, Affinidi Vault will send an email with the Backup ID and details on restoring and deleting the backup.

Restore Affinidi Vault Backup

The encrypted Affinidi Vault backup can be restored using one of the two options when setting up your Affinidi Vault.

• Restore from the JSON file you downloaded as a backup.
• Restore from Cloud Backup using the Backup ID sent to your email when you back up using Cloud.

Delete Affinidi Vault Data

The user has the option to delete Affinidi Vault data that is securely stored on their device if they wish. Ensure you have generated a backup to restore the previous data before deleting your Affinidi Vault data.

To delete your Affinidi Vault data from the current device, go to the Settings page, click the Delete vault section and enter your Passphrase to confirm. This action can’t be undone. All your data, including settings and personal content will be permanently deleted.

Passphrase Reset

Passphrase reset provides a mechanism for users to seamlessly and securely recover access to their Affinidi Vault. In the settings page of the Affinidi Vault, users can download PDF files containing a QR code and secret phrases, which must be securely stored and/or distributed to trusted parties or devices.

Read more about how Passphrase reset works here.

If the user forgets their passphrase to unlock their Affinidi Vault, they can click the Forgot passphrase link in the Affinidi Vault login screen and upload two of the three PDF files downloaded previously to reset the passphrase.

It provides a smoother user experience and enhanced security while using the Affinidi Vault.

Learn more about the available data and how to request user data from the Affinidi Vault.