Supported Standards and Technologies
ETSI standards in this document link to the published version index. Select the latest version for current requirements. For the latest tracking of standards and technical specifications for the EUDI Wallet ecosystem, see EUDI Wallet Standards and Technical Specifications.
Issuing Credentials
Components: Procivis One Desk Issuer
Credential formats
Issue all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
| ISO/IEC 18013-5:2021 | mdoc | |
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
ETSI coverage
We support configuring and issuing attestations as described in:
including PID, QEAA via CSC API, Pub-EAA, and EAA.
Supported QTSP: Sign8
Issuance Protocol
Use OpenID4VCI 1.0 to issue attestations.
ETSI coverage
We support issuing attestations via standard EUDI issuance interfaces as described in:
Credential lifecycle and revocation
Manage issued credentials through suspension, revocation, and refresh. Supported revocation methods: Bitstring Status List v1.0, Token Status List, Certificate Revocation List.
ETSI coverage
We support creating and managing status lists for suspension and revocation, and triggering refresh lifecycle events via standard EUDI protocols as described in:
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants during issuance.
ETSI coverage
We support using Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem as described in:
We support using EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services as described in:
WUA & WIA
Verify Wallet Unit Attestations (WUA) and Wallet Instance Attestations (WIA) of wallets.
ETSI coverage
We support verifying WUA and WIA during issuance as described in:
Identifiers and signing keys
Sign issued credentials using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh). For QEAA issuance, qualified electronic seals are supported via Sign8 (CSC API).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage for signing:
- Azure Key Vault (HSM)
- Internal encrypted database
Verifying Credentials
Components: Procivis One Desk Verifier & Procivis One Verifier App
Credential formats
Request and verify all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
| ISO/IEC 18013-5:2021 | mdoc | |
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
Backwards compatibility: Procivis One supports verification of proofs using VCDM 1.1.
ETSI coverage
We support verifying all attestations described in:
including PID, QEAA via CSC API, Pub-EAA, and EAA.
Verification protocols
Request credential presentations online or in proximity.
Supported protocols
Remote (can be done from anywhere)
- OpenID4VP v1.0
- ISO/IEC 18013-7 Annex B (online retrieval via OID4VP)
Proximity (requires physical presence)
- ISO/IEC 18013-5: NFC or QR code device engagement, BLE data retrieval
- OpenID4VP over BLE
- OpenID4VP over MQTT (proprietary adaptation of OID4VP over BLE)
ETSI coverage
We support requesting and verifying attestations via standard EUDI interfaces in remote and proximity scenarios as described in:
Access and Registration Certificates
Present Access and Registration Certificates to wallets during authentication.
ETSI coverage
We support presenting AC and RC via standard EUDI interfaces as described in:
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants during verification.
ETSI coverage
We support using Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem as described in:
We support using EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services as described in:
Identifiers and signing keys
Sign requests using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage:
- Azure Key Vault (HSM)
- Internal encrypted database
Wallets
Components:
- Procivis One Wallet App
- Wallet SDK for building wallet applications on iOS, Android, and React Native
- Wallet Provider backend for managing wallet units including lifecycle management and user communications
- Server-based EUDI Business Wallet with multi-tenancy and OpenID Connect integration
Wallet Provider
Provide and manage wallet units via management APIs, including Wallet Unit Attestations (WUA), Wallet Instance Attestations (WIA) using platform-native mechanisms (Secure Enclave on iOS, Android Keystore), unit revocation, and user authentication and messaging.
ETSI coverage
We support being a Wallet Provider of EUDI wallets as described in:
Credential formats
Receive and hold attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
| ISO/IEC 18013-5:2021 | mdoc | |
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
ETSI coverage
Receive and hold SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Receive and hold ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Issuance and presentation protocols
Receive attestations via OpenID4VCI 1.0. Present attestations online or in proximity.
Supported presentation protocols
Remote (can be done from anywhere)
- OpenID4VP v1.0
- ISO/IEC 18013-7 Annex B (online retrieval via OpenID4VP)
Proximity (requires physical presence)
- ISO/IEC 18013-5: NFC or QR code device engagement, BLE data retrieval
- OpenID4VP over BLE
- OpenID4VP over MQTT (proprietary adaptation of OID4VP over BLE)
ETSI coverage
We support receiving and presenting attestations via standard EUDI interfaces both online and in proximity as described in:
Access and Registration Certificates
Process and verify relying party registration information, including from Access Certificates, Registration Certificates, and National Registry APIs.
ETSI coverage
We support verifying relying party registration information as described in:
Disclosure policies
Process and enforce embedded disclosure policies, including verification of relying party entitlements against issuer-defined policies.
ETSI coverage
We support processing and enforcing issuer-defined disclosure policies as described in:
Wallet Unit Attestation (WUA/WIA)
Present Wallet Unit Attestations (WUA) and Wallet Instance Attestations (WIA) as proof in credential requests, including instance attestation and key attestation.
ETSI coverage
We support WUA and WIA in credential requests as described in:
Attestation lifecycle
Automatic refresh of attestations held in the wallet.
ETSI coverage
We support configurable refresh of held attestations as described in:
Qualified Electronic Signatures
Sign documents using a QES service via wallet-driven PAdES signatures on PDF documents stored on the device.
ETSI coverage
We support wallet-driven PAdES signatures as described in:
Trust infrastructure
Subscribe to trusted lists to verify the authenticity of ecosystem participants.
ETSI coverage
We support using Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem as described in:
We support using EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services as described in:
Identifiers and signing keys
The SDK automatically selects an appropriate key storage layer and generates required key pairs based on issuer requirements. Storage priority and key algorithm selection are configurable, and manual override is supported. DID creation is also supported where needed.
Supported DID methods: did:key, did:web, did:jwk, did:webvh.
Supported key storage:
- Secure Enclave (iOS) and Android Keystore (TEE or Strongbox)
- Remote Secure Element (iOS and Android) using Ubiqu
- Internal encrypted database
Business Wallet
Procivis One supports Business Wallet use cases within the EUDI ecosystem, combining wallet and issuance capabilities in a single unit. ETSI standards coverage will be added as specifications are finalized.
Wallet-Relying Party Registration
Components: Wallet-Relying Party Registry
WRP registration
Register wallet-relying parties (WRP) and publish registration information via public APIs.
ETSI coverage
We support registering WRPs and publishing registration information as described in:
Access and Registration Certificate Issuance
Issue Access Certificates (AC) and Registration Certificates (RC) to wallet-relying parties including retrieval of registration information from public Registry APIs.
ETSI coverage
We support issuing AC and RC to registered WRPs as described in:
Trust List Publishing
Components: Trust List Publisher
ETSI LoTE
Publish Lists of Trusted Entities (LoTE) for consumption by issuers, wallets, and verifiers in the EUDI ecosystem.
ETSI coverage
We support publishing and managing LoTE as described in: