Identity Verification

Seamlessly onboard customers with a verified identity to your platform.

Identity Verification is a feature of Affinidi Vault that provides consumers with a method to verify their identity using standard identity documents like Passports. Upon successful verification, it creates a verified identity document using the Verifiable Credential (VC) format (verified identity VC) that consumers can share and reuse for the ID verification process.

With Identity Verification, businesses can request the verified identity document of the consumer during the ID verification process to streamline consumer onboarding into their platform.

How Identity Verification Flow Works

The diagram below details how the Identity Verification flow works using the Affinidi Iota Framework.

sequenceDiagram
actor u as User
participant app as Website
participant iota as Affinidi Iota Framework
participant vault as Affinidi Vault
participant acq as Affinidi IDV Service
participant provider as IDV Provider
u ->> app: Subscribe to verified service
app ->> iota: Initialise data-sharing request
Note over iota: Generate request token<br>with IDV provider claim
iota -->> app: Signed request token
app ->> vault: Redirect user to start data-sharing flow with signed request token
Note over vault: Query stored VC
alt verified identity VC not found
vault ->> acq: Trigger Identity Verification flow using<br>signed request token + consumer token
Note over acq: Check request token and project configuration
acq ->> +provider: Initiate session
provider -->> -acq: Session URL
acq -->> vault: Session URL
vault -->> provider: Redirect
u ->> provider: Capture self-photo and identity document
Note over provider: Process verification
provider ->> acq: Verification result webhook
Note over acq: Create verified identity VC
acq->>vault: verified identity VC
Note over vault: Store verified identity VC
end
vault->>+u: Request for consent to share data
u-->>-vault: Allow access to the data
vault -->> iota: Generate and send Verifiable Presentation
iota -->> app: Verifiable Presentation
Note over iota, app: Contains the verified identity VC <br/> shared by the user
app ->> u: Continue journey on the website

Identity Verification Flow Highlights:

The website initiates user onboarding through Affinidi Iota Framework and requests the user’s verified identity.
The user unlocks their Affinidi Vault, which queries the local storage to see if the verified identity VC satisfying the Presentation Definition is available; otherwise, it triggers the identity verification flow and creates a session with the Identity Verification provider.
The user completes the verification process by providing a screen capture of their face and supported identity documents like a Passport.
ID verification provider verifies the provided data and sends the verification result to the Affinidi Service.
Affinidi Vault fetches the generated VC from the identity verification and stores it locally.
Affinidi Vault requests user consent to share the verified identity VC to the website.
Once the user consents to share the data, the Affinidi Vault generates the Verifiable Presentation and sends it to the Affinidi Iota Framework.
The website parses the Verifiable Presentation response from the Affinidi Iota Framework and continues the user’s journey.

Note

A failed or incomplete identity verification process will return an access_denied response code to the website.

Enabling Identity Verification Flow

Identity Verification is currently in Closed Beta. To enable this feature in your project, send us a request through Contact Us form and get your Project ID whitelisted.

To request the user’s verified identity, integrate your website with the Affinidi Iota Framework, a consent-driven data-sharing process. Enabling the identity verification flow requires the following changes:

Create or update an Affinidi Iota Framework configuration using this guide.
Ensure that you select Redirect as the data-sharing mode and check the Enable Identity Verification (IDV) option (only available to specific projects).

Note

Identity Verification is only available using the Redirect mode of Affinidi Iota Framework.

After creating the Affinidi Iota Framework configuration with the Identity Verification option enabled, create a Presentation Definition using the following query requesting a Passport document.
The Affinidi Vault checks the query included in the request token of the Affinidi Iota Framework to determine if the Verifiable Credential being requested is a verified identity VC and initiates the Identity Verification flow if the VC is not present.

{
  "id": "verified_identity",
  "input_descriptors": [
    {
      "id": "id_document_input",
      "name": "ID Document from IDV provider",
      "constraints": {
        "fields": [
          {
            "path": ["$.issuer", "$.vc.issuer", "$.iss"],
            "purpose": "Only accept credentials issued by Affinidi IDV",
            "filter": {
              "type": "string",
              "pattern": "^did:web:idv.affinidi.com$"
            }
          },
          {
            "path": [
              "$.type"
            ],
            "purpose": "Only accept IDV type VC",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^VerifiedIdentityDocument$"
              }
            }
          },
          {
            "path": [
              "$.type"
            ],
            "purpose": "Only accept IDV supported document",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "^Passport$"
              }
            }
          }
        ]
      }
    }
  ]
}

Important Note

The verified identity VC generated after successful verification is signed and issued by Affinidi’s DID (did:web:idv.affinidi.com) using the did:web method. Hence, following the Presentation Definition template is essential to request the user’s verified identity VC from the Affinidi Vault.

After setting up the configuration and creating the required query, implement the Affinidi Iota Framework into your website using Redirect mode with this guide.

Supported Documents

Currently, the Identity Verification flow supports the following type of document that users can present during the ID verification process:

Passport - contains information of the user extracted from a Passport document captured during the verification process.

Frequently Asked Questions

What happens if my customer has already been through an ID verification in their Affinidi Vault?
The verified identity VCs are stored in consumer’s Affinidi Vault, allowing them to reuse the credential whenever they need to. This reduces the friction of customers going through the same ID verification process multiple times on different apps, enabling a more seamless onboarding to your service.
How much does Identity Verification cost?
We aim to bring down the cost of ID verification through the power of reusability. Talk to our team about your requirements.
Who is doing the verification?
The ID Verification process is currently handled by Veriff. Veriff ID Verification solution has a success rate of 95% on the user’s first try.
What happens if my user is not verified?
If the user is not verified due to technical issues within Affinidi services or technical issues at our Partner’s end - you will not be charged for initiating such verification. You are only charged when a user consents to share data. If the user fails the identity verification (due to abandoning the session or using a fraudulent document), you will receive a access_denied response code.
Metrics on aggregate failure rates and reasons can be tracked in the Affinidi Portal.
How to report an issue?
You may raise the issue using this form or you may reach out to your assigned POC.

Was this page helpful?

Glad to hear it! Please tell us how we can improve more.

Sorry to hear that. Please tell us how we can improve.

Thank you for sharing your feedback so we can improve your experience.