Skip to main content

Supported Standards and Technologies

ETSI Documents

ETSI standards in this document link to the published version index. Select the latest version for current requirements. For the latest tracking of standards and technical specifications for the EUDI Wallet ecosystem, see EUDI Wallet Standards and Technical Specifications.

Issuing Credentials

Components: Procivis One Desk Issuer

Credential formats

Issue all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.

Cryptographic detail
ETSI coverage

We support configuring and issuing attestations as described in:

including PID, QEAA via CSC API, Pub-EAA, and EAA.

Supported QTSP: Sign8

Issuance Protocol

Use OpenID4VCI 1.0 to issue attestations.

ETSI coverage

We support issuing attestations via standard EUDI issuance interfaces as described in:

Credential lifecycle and revocation

Manage issued credentials through suspension, revocation, and refresh. Supported revocation methods: Bitstring Status List v1.0, Token Status List, Certificate Revocation List.

ETSI coverage

We support creating and managing status lists for suspension and revocation, and triggering refresh lifecycle events via standard EUDI protocols as described in:

Trust infrastructure

Consume trusted lists to verify the authenticity of ecosystem participants during issuance.

ETSI coverage

We support using Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem as described in:

We support using EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services as described in:

WUA & WIA

Verify Wallet Unit Attestations (WUA) and Wallet Instance Attestations (WIA) of wallets.

ETSI coverage

We support verifying WUA and WIA during issuance as described in:

Identifiers and signing keys

Sign issued credentials using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh). For QEAA issuance, qualified electronic seals are supported via Sign8 (CSC API).

Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.

Supported key storage for signing:

  • Azure Key Vault (HSM)
  • Internal encrypted database

Verifying Credentials

Components: Procivis One Desk Verifier & Procivis One Verifier App

Credential formats

Request and verify all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.

Cryptographic detail
StandardRepresentationProof/signature types
IETF SD-JWT VCSD-JWT
ISO/IEC 18013-5:2021mdoc
W3C Data Integrity Proofs (embedded)JSON-LD in Compacted Document Form
W3C VC-JOSE-COSE (enveloping)

Backwards compatibility: Procivis One supports verification of proofs using VCDM 1.1.

ETSI coverage

We support verifying all attestations described in:

including PID, QEAA via CSC API, Pub-EAA, and EAA.

Verification protocols

Request credential presentations online or in proximity.

Supported protocols

Remote (can be done from anywhere)

Proximity (requires physical presence)

ETSI coverage

We support requesting and verifying attestations via standard EUDI interfaces in remote and proximity scenarios as described in:

Access and Registration Certificates

Present Access and Registration Certificates to wallets during authentication.

ETSI coverage

We support presenting AC and RC via standard EUDI interfaces as described in:

Trust infrastructure

Consume trusted lists to verify the authenticity of ecosystem participants during verification.

ETSI coverage

We support using Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem as described in:

We support using EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services as described in:

Identifiers and signing keys

Sign requests using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh).

Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.

Supported key storage:

  • Azure Key Vault (HSM)
  • Internal encrypted database

Wallets

Components:

Wallet Provider

Provide and manage wallet units via management APIs, including Wallet Unit Attestations (WUA), Wallet Instance Attestations (WIA) using platform-native mechanisms (Secure Enclave on iOS, Android Keystore), unit revocation, and user authentication and messaging.

ETSI coverage

We support being a Wallet Provider of EUDI wallets as described in:

Credential formats

Receive and hold attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.

Cryptographic detail
ETSI coverage

Receive and hold SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3

Receive and hold ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3

Issuance and presentation protocols

Receive attestations via OpenID4VCI 1.0. Present attestations online or in proximity.

Supported presentation protocols

Remote (can be done from anywhere)

Proximity (requires physical presence)

ETSI coverage

We support receiving and presenting attestations via standard EUDI interfaces both online and in proximity as described in:

Access and Registration Certificates

Process and verify relying party registration information, including from Access Certificates, Registration Certificates, and National Registry APIs.

ETSI coverage

We support verifying relying party registration information as described in:

Disclosure policies

Process and enforce embedded disclosure policies, including verification of relying party entitlements against issuer-defined policies.

ETSI coverage

We support processing and enforcing issuer-defined disclosure policies as described in:

Wallet Unit Attestation (WUA/WIA)

Present Wallet Unit Attestations (WUA) and Wallet Instance Attestations (WIA) as proof in credential requests, including instance attestation and key attestation.

ETSI coverage

We support WUA and WIA in credential requests as described in:

Attestation lifecycle

Automatic refresh of attestations held in the wallet.

ETSI coverage

We support configurable refresh of held attestations as described in:

Qualified Electronic Signatures

Sign documents using a QES service via wallet-driven PAdES signatures on PDF documents stored on the device.

ETSI coverage

We support wallet-driven PAdES signatures as described in:

Trust infrastructure

Subscribe to trusted lists to verify the authenticity of ecosystem participants.

ETSI coverage

We support using Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem as described in:

We support using EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services as described in:

Identifiers and signing keys

The SDK automatically selects an appropriate key storage layer and generates required key pairs based on issuer requirements. Storage priority and key algorithm selection are configurable, and manual override is supported. DID creation is also supported where needed.

Supported DID methods: did:key, did:web, did:jwk, did:webvh.

Supported key storage:

  • Secure Enclave (iOS) and Android Keystore (TEE or Strongbox)
  • Remote Secure Element (iOS and Android) using Ubiqu
  • Internal encrypted database

Business Wallet

Procivis One supports Business Wallet use cases within the EUDI ecosystem, combining wallet and issuance capabilities in a single unit. ETSI standards coverage will be added as specifications are finalized.

Wallet-Relying Party Registration

Components: Wallet-Relying Party Registry

WRP registration

Register wallet-relying parties (WRP) and publish registration information via public APIs.

ETSI coverage

We support registering WRPs and publishing registration information as described in:

Access and Registration Certificate Issuance

Issue Access Certificates (AC) and Registration Certificates (RC) to wallet-relying parties including retrieval of registration information from public Registry APIs.

ETSI coverage

We support issuing AC and RC to registered WRPs as described in:

Trust List Publishing

Components: Trust List Publisher

ETSI LoTE

Publish Lists of Trusted Entities (LoTE) for consumption by issuers, wallets, and verifiers in the EUDI ecosystem.

ETSI coverage

We support publishing and managing LoTE as described in: