Extends existing present-proof protocols to allow proofing the control of a hardware bound key embedded within a verfiable credential.
To enable use-cases which require a high level of assurance a verifier must reach a high degree of confidence that a verifiable credential (VC) can only be used by the person it was issued for. One way to enforce this requirement is that the issuer additionally binds the VC to a hardware bound public key and therefore binding the credential to the device, as discussed in the DIF Wallet Security WG. The issaunce process, including the attestation of the wallet and the hardware bound key is off-scope for this Aries RFC. A valid presentation of the VC then requires an additional challenge which proofs that the presenter is in control of the corresponding private key.
Since the proof of control must be part of legitimate presentation it makes sense to extend all current present-proof
protocols.
Note: The focus so far has been on AnonCreds, we will also look into device binding of W3C VC, however this is currently lacking in the examples.
To proof the control of a hardware bound key the holder must answer a challenge for one or more public keys embedded within verifiable credentials.
The following challenge object must be provided by the verifier.
Description of attributes:
nonce
โ a nonce which has to be signed by the holder to proof controlrequests
โ an array of referenced presentation requests
id
โ reference to an attached presentation request of request-presentation
message (e.g. libindy request)path
โ JsonPath to a requested attribute which represents a public key of a hardware bound key pair - represented as did:keyThe device-binding-challenge
must be attached to the request-presentations~attach
array of the request-presentation
message defined by RFC-0037 and RFC-0454.
The following represents a request-presentation message with an attached libindy presentation request and a corresponding device-binding-challenge.
Present Proof v1
Present Proof v2
The following response must be generated by the holder of the VC.
Description of attributes:
proofs
โ an array of proofs for different hardware keys which must match the requests
array from the device-binding-challenge
id
โ reference to presentation of VC with an embeded hardware bound keypath
โ JsonPath to raw value of hardware bound public key within the attached presentation of the VC represented as did:keyjws
โ Nonce from device-binding-challenge signed with the corresponding private key as a Json Web Signature objectThe device-binding-response
must be attached to the presentations~attach
array of the presentation
message defined by RFC-0037 and RFC-0454.
The following represents a presentation message with an attached libindy presentation and a corresponding device-binding-response.
Present Proof v1
Present Proof v2
To fully support the present-proof-v2 protocol the format of the device-binding-challenge
must be defined within the formats
array of the request-presentation
and the presentation
message.
Presentation Format | Format Value | Link to Attachment Format | Comment |
---|---|---|---|
Device Binding Challenge | dif/device-binding@v0.1 |
device-binding-challenge | Used to proof control of a hardware bound key |
Tbd
The rationale behind this proposal is to formalize the way a holder wallet can proof the control of a (hardware-bound) key.
This proposal tries to extend existing protocols to reduce the implementation effort for existing solutions. It might be reasonable to include this only in a new version of the present proof protocol (e.g. present-proof v3).
device-binding-challenge
object?The following lists the implementations (if any) of this RFC. Please do a pull request to add your implementation. If the implementation is open source, include a link to the repo or to the implementation within the repo. Please be consistent in the "Name" field so that a mechanical processing of the RFCs can generate a list of all RFCs supported by an Aries implementation.
Implementation Notes may need to include a link to test results.
Name / Link | Implementation Notes |
---|---|