Offline Verification
technicalFull Name: Offline Credential Verification
Definition
Offline verification is the ability to cryptographically verify EUDI Wallet credentials without either the user's device or the verifier's reader having an active internet connection. This capability is essential for ensuring that digital identity credentials are at least as practical as physical identity documents, which can always be visually inspected regardless of connectivity. Offline verification relies on pre-loaded issuer certificates, self-contained cryptographic proofs within the credential, and proximity communication protocols (NFC, Bluetooth Low Energy) for device-to-device data transfer. The ISO 18013-5 standard and the mDoc credential format are specifically designed to support strong offline verification.
How Offline Verification Works
Offline credential verification works because verifiable credentials are cryptographically self-contained. When an issuer creates a credential, it signs the credential data with its private key. The resulting digital signature, combined with the credential data and the issuer's public key certificate, contains all the information needed for verification. No need to contact the issuer's server at the time of verification.
The verifier's device is pre-provisioned with trusted root certificates and issuer certificates from the EUDI Wallet trust framework. These certificates are downloaded and cached during periods of connectivity (for example, when the verifier's device is in the office or connected to Wi-Fi). The trust framework defines certificate distribution mechanisms and refresh intervals to keep verifier devices current.
During an offline verification, the flow proceeds as follows: the verifier's reader and the user's wallet establish a secure communication channel via NFC or Bluetooth. The verifier requests specific credential attributes. The user consents on their device. The wallet transmits the signed credential data (including selective disclosure of only the requested attributes) over the proximity channel. The verifier validates the issuer's signature against the pre-loaded certificates and verifies the device binding signature proving the presenter holds the credential's private key.
The entire process -- from NFC tap to verification result -- typically completes in 2-5 seconds, comparable to visually inspecting a physical identity document. No internet connectivity is needed by either party at any point during the verification.
Proximity Communication Protocols
Offline verification relies on proximity communication protocols for device-to-device data transfer. The ISO 18013-5 standard defines a multi-step process: NFC is used for the initial "device engagement" -- the user taps their phone against the reader, establishing the connection parameters and exchanging ephemeral encryption keys. Bluetooth Low Energy (BLE) or Wi-Fi Aware then handles the larger data transfer of the credential presentation.
This hybrid approach uses the strengths of each technology. NFC's extremely short range (1-4 cm) provides physical proximity assurance -- both parties must be in close contact, preventing remote eavesdropping on the session establishment. BLE provides sufficient bandwidth for credential data transfer at ranges up to a few meters, giving the user comfort to step back after the initial tap.
Session encryption using ECDH-derived keys ensures that all data transferred between devices is encrypted, even though the communication occurs over wireless channels. An attacker in proximity cannot read the credential data being transferred. The session transcript is bound to the initial NFC exchange, making relay attacks (forwarding the communication to a remote device) detectable through timing and proximity analysis.
QR code-based device engagement serves as a fallback for devices without NFC capability. The verifier displays a QR code containing the session parameters, and the user scans it with their wallet app. While this works, it provides weaker proximity assurance than NFC because QR codes can potentially be photographed from a distance.
Revocation Checking Challenges
The primary limitation of offline verification is the inability to check credential revocation status in real-time. If a credential has been revoked (due to fraud, data changes, or at the user's request), this revocation is recorded on the issuer's status service. Without internet connectivity, the verifier cannot query this service.
To mitigate this, verifiers periodically download and cache credential status lists during periods of connectivity. A status list is a compact bitfield where each bit represents the revocation status of one credential. When verifying offline, the verifier checks the cached status list. The freshness of this cached list determines the maximum revocation detection delay -- if the list was cached 24 hours ago, a credential revoked in the last 24 hours might still pass verification.
The EUDI Wallet Architecture Reference Framework defines maximum acceptable freshness periods for different credential types and verification scenarios. A police traffic stop checking a driving license might accept status information up to 48 hours old, while a high-security identity verification at a border crossing might require status information no older than 4 hours (effectively requiring online connectivity for that scenario).
Some advanced approaches use short-lived credential validity tokens (essentially timestamped attestations that the credential was valid at a recent point in time) that the wallet refreshes periodically when online. During offline verification, the verifier checks both the credential signature and the freshness of the validity token, providing revocation detection within the token's validity window without requiring the verifier to maintain status lists.