Human ID
  • Introduction
    • Private Credentials
    • The Issue of Regulatory Compliance & Non-Consensual Data Sharing
    • Need Support?
  • For Users
    • FAQs
    • Verifying Identity with Human ID
    • Verifying ePassport
    • Using Human ID with NEAR
    • Getting Refunded
  • For Developers
    • Integrating Human ID
    • Custom Sybil Resistance
    • API Reference
    • Dry Runs
    • Sign Protocol Attestations
    • Verax Attestations
    • Off-Chain Proofs
    • Clean Hands Attestations
  • For Node Operators
    • Run an Observer
  • Architecture
    • Overview
    • Flow of Data
    • Flow of Data: KYC Proof of Personhood
    • Where Data Is(n't) Stored
    • VOLE-based ZK
    • On-Chain Proofs
    • Clean Hands Architecture
  • How it Works
    • Modularity of the Stack
    • Issuer
    • Credentials
    • Hub
Powered by GitBook
On this page
Export as PDF
  1. Architecture

Flow of Data: KYC Proof of Personhood

PreviousFlow of DataNextWhere Data Is(n't) Stored

Last updated 2 months ago

Human ID's Proof of Personhood via KYC consists of the following components:

  • User agent (UI)

  • Human ID server

  • ID verification provider

  • Verifier

The flow of data is outlined in the following sequence diagram. Please refer to notes for detailed explanations for relevant parts.

Issuance and Proving

Sections 1 and 2 in the sequence diagram constitute issuance. This is where the user's private credentials are issued.

Section 3 is proving, where the user proves facts about their issued credentials.

Notes on handling of user data by IDV Providers

Following data are requested by IDV providers as photo or/and video stream during the verification process.

  • Selfie (photo, video stream)

  • One of the following documents

    • Passport

    • Driver License

    • Identity Card

Currently, following IDV providers are supported.

  • a list of compliances (i.e: GDPR)

  • regarding data

  • ControlCase has issued compliance certificate for ISO 27001

SDK privacy policy seems more relevant for usage for ID verification. Its documentation on privacy is sparse compared to the other 2 providers.

  • In article #2, it mentions that any data sent to its server is encrypted, siloed and is never stored with any additional personally identifiable information (PII).

  • In article #6, it provides detailed info on its compliance to GDPR for EU residents.

Notes on client-side encryption of IDV session result

IDV provider returns the session result to user.

With Human Wallet:

The result is encrypted on client-side using a derivative of the PRF.

With other wallets:

The result is encrypted with key derived with hash(userSignature(aConstantMessage)) to generate ciphertext.

Notes on ciphertext and storage of userCredentials

Only the encrypted ciphertext which is non PII is stored in Human ID database as below.

// userCredentialsv2
{
  "_id": {
    "$oid": "676d..."
  },
  "holoUserId": "f111...",
  "encryptedGovIdCreds": {
    "ciphertext": "0x...",
    "iv": "0x...",
    "_id": {
      "$oid": "676d..."
    }
  },
  "__v": {
    "$numberInt": "0"
  }
}

Notes on verifier and SBT issuance

Veriff has clearly outlined in its

regarding data collection, retention and deletion

a list of

Onfido has its

a list of

Facetec has two privacy policies ( and )

View to see the data included in user credentials.

The user submits a zero knowledge proof of uniqueness () to the verifier server. The verifier verifies the ZKP, and upon verification, issues a soulbound token to the user. The circuit ID, issuer address, expiry, and actionNullifier, the ZK proof are embedded in the Soul-bound token.

Veriff
Onfido
Facetec
trust center
controls
subprocessors
privacy policy
compliances
collection
processing
security
storage
site
sdk
see the circuit here
Government ID Issuer