Credentials That Travel
With the Entity.
Not just for people. Machines carry calibration certificates. AI agents carry capability attestations. Every credential is cryptographically signed, independently verifiable, and checked against live revocation status at the moment of action.
VC Data Model
Credential Types
Selective Disclosure
Central Databases
Credential Scope
One verification framework for every credential type.
Professional licenses, compliance attestations, machine certifications, and AI capability proofs all follow the same issuance, verification, and revocation infrastructure.
Professional Certifications
Licenses, qualifications, and professional accreditations issued as tamper-proof verifiable credentials. Employers and regulators verify instantly without contacting the issuer.
Compliance Attestations
KYC/AML verifications, regulatory approvals, and compliance clearances packaged as portable credentials that travel with the entity across institutional boundaries.
Institutional Authorization
Board resolutions, signing authority, and operational mandates expressed as verifiable credentials with embedded scope constraints and expiration windows.
Machine Certifications
Equipment calibration records, safety certifications, and operational ratings bound to device DIDs. Verified at the moment of operation, not during periodic audits.
AI Agent Capabilities
Model attestations, training provenance, and authorized action scopes issued as credentials. Every autonomous action is gated on live credential status.
Academic & Training Records
Degrees, micro-credentials, and training completions issued as verifiable credentials. Selective disclosure enables sharing only relevant qualifications.
Architecture
Verifiable credential infrastructure without centralized dependency.
From issuance to revocation, every credential operation is cryptographically verifiable, privacy-preserving, and independent of the issuer being online at the moment of verification.
Issuance Engine
Authorized issuers create credentials containing structured claims, cryptographic signatures, and metadata. Supports batch issuance for enterprise and institutional workflows.
Holder Wallet
Credentials stored under exclusive holder control. No central database maintains copies. The holder decides when, where, and what claims to present through selective disclosure.
Verification Engine
Validates cryptographic signatures, checks schema conformance, and queries revocation status in real time. Verification is independent of the issuer being online.
Revocation Registry
Privacy-preserving status lists and cryptographic accumulators enable real-time revocation checks without revealing which credential is being verified.
Schema Registry
Versioned credential schemas define claim structure, data types, and validation rules. Enables interoperability across issuers while maintaining backward compatibility.
Selective Disclosure
BBS+ signatures and zero-knowledge proofs allow holders to reveal only necessary claims. Prove you are over 18 without revealing your birthdate.
Credential Lifecycle
From issuance to revocation in five deterministic stages.
Whether the credential represents a human qualification, a machine certification, or an AI capability attestation, the lifecycle follows the same verifiable path.
Issuance
An authorized issuer creates a credential containing claims about a subject. The credential is cryptographically signed, schema-validated, and bound to the subject's DID.
Storage
The credential is delivered to the holder's wallet under their exclusive control. No copies are stored centrally. The holder maintains full sovereignty over their credentials.
Presentation
When verification is required, the holder presents the credential or a derived proof. Selective disclosure enables sharing only the claims necessary for the interaction.
Verification
The verifier validates the cryptographic signature, checks schema conformance, queries the revocation registry, and confirms the credential meets policy requirements.
Revocation or Expiry
Issuers can revoke credentials by updating the revocation registry. Time-bound credentials expire automatically. Verification always checks live status before acceptance.
Revocation Models
Three approaches to real-time status verification.
Each model balances privacy, performance, and auditability differently. Deployments choose the model that fits their regulatory and operational requirements.
Status List
Credentials reference a position in a bitstring maintained by the issuer. Verifiers check the list without revealing which credential is being verified. Optimized for high-volume deployments.
Cryptographic Accumulator
Membership or non-membership proofs enable privacy-preserving verification without exposing credential identifiers. Ideal for high-sensitivity use cases.
Registry Query
Direct registry lookup for scenarios requiring complete audit trails. The issuer maintains a queryable registry with full revocation history and reason codes.
Where Credentials Matter
Real-world scenarios where credential verification prevents execution failures.
Financial Services
Cross-Border Regulatory Compliance
KYC verifications issued in one jurisdiction are presented as portable credentials in another. Counterparties verify compliance status without re-running checks or sharing raw identity data.
Engineering & Industrial
Equipment Safety Certification
Calibration records, safety ratings, and operational certifications are bound to machine DIDs. Every work order verifies equipment credentials at the moment of dispatch.
Technology & Automation
AI Model Provenance
Training attestations, evaluation results, and authorized action scopes are issued as verifiable credentials bound to agent DIDs. Every inference carries provenance.
Continue exploring the architecture.
The Credential Layer builds on verified identity. See how trust scoring, governance, and settlement consume credential proofs to authorize execution.