Supported standards and technologies
Procivis One is built to enable compliance with different regulations and flexibility with different technologies.
ETSI standards in this document link to the published version index. Select the latest version for current requirements. For the latest tracking of standards and technical specifications for the EUDI Wallet ecosystem, see EUDI Wallet Standards and Technical Specifications.
Issuing credentials
Credential formats
Issue all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
SD-JWT VC
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
ISO mdoc
| Standard | Representation | Proof/signature types |
|---|---|---|
| ISO/IEC 18013-5:2021 | mdoc |
W3C VC
W3C Verifiable Credentials Data Model 2.0 in the following variations:
| Securing mechanism | Representation | Proof/signature types |
|---|---|---|
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
Backwards compatibility: Procivis One supports verification of proofs using VCDM 1.1.
ETSI coverage
Configure and issue SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Configure and issue ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Configure attestations with embedded disclosure policies · ETSI TS 119 472-1 · ETSI TS 119 472-2
Issuance protocol
Issue attestations using OpenID4VCI 1.0.
ETSI coverage
Issue attestations via standard EUDI issuance interfaces · ETSI TS 119 472-1 · ETSI TS 119 472-3
Credential lifecycle and revocation
Manage issued credentials through suspension, revocation, refresh, and update. Supported revocation methods: Bitstring Status List v1.0, Token Status List, Certificate Revocation List.
ETSI coverage
Trigger lifecycle events (refresh, update) via standard EUDI protocols · ETSI TS 119 472-1 · ETSI TS 119 472-3
Create and manage status lists for revocation and suspension · ETSI TS 119 472-1
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants during issuance.
ETSI coverage
Use Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem · ETSI TS 119 602
Use EUDI Trusted Lists and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services · ETSI TS 119 612 · ETSI TS 119 615
Identifiers and signing keys
Sign issued credentials using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage for signing:
- Azure Key Vault (HSM)
- Internal encrypted database
Verifying credentials
Credential formats
Request and verify all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
SD-JWT VC
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
ISO mdoc
| Standard | Representation | Proof/signature types |
|---|---|---|
| ISO/IEC 18013-5:2021 | mdoc |
W3C VC
W3C Verifiable Credentials Data Model 2.0 in the following variations:
| Securing mechanism | Representation | Proof/signature types |
|---|---|---|
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
ETSI coverage
Request and verify SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-2
Request and verify ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-2
Verification protocols
Request credential presentations online or in proximity.
Supported protocols
Remote (can be done from anywhere)
- OpenID4VP v1.0 and Draft 20
- ISO/IEC 18013-7 Annex B (online retrieval via OID4VP)
Proximity (requires physical presence)
- ISO/IEC 18013-5: NFC or QR code device engagement, BLE data retrieval
- OpenID4VP over BLE
- OpenID4VP over MQTT (proprietary adaptation of OID4VP over BLE)
ETSI coverage
Request and verify attestations via standard EUDI presentation interfaces · ETSI TS 119 472-1 · ETSI TS 119 472-2
Request and verify ISO mdoc attestations in proximity verification use cases · ETSI TS 119 472-2
Access and Registration Certificates
Present Access and Registration Certificates to wallets during the authentication process.
ETSI coverage
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants during verification.
ETSI coverage
Use Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem · ETSI TS 119 602
Use EUDI Trusted Lists and Lists of Trusted Lists (LOTL) to verify the authenticity of trust services · ETSI TS 119 612 · ETSI TS 119 615
Identifiers and signing keys
Sign requests using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage:
- Azure Key Vault (HSM)
- Internal encrypted database
Wallets
Procivis One provides a server-based Business Wallet and a wallet SDK for building EUDI-compliant wallet applications on iOS, Android, and React Native. The SDK supports the full wallet unit lifecycle — receiving, holding, and presenting attestations — as well as wallet provider functions for managing units at scale.
Credential formats
Receive and hold attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
SD-JWT VC
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
ISO mdoc
| Standard | Representation | Proof/signature types |
|---|---|---|
| ISO/IEC 18013-5:2021 | mdoc |
W3C VC
W3C Verifiable Credentials Data Model 2.0 in the following variations:
| Securing mechanism | Representation | Proof/signature types |
|---|---|---|
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
ETSI coverage
Receive and hold SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Receive and hold ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Issuance and presentation protocols
Receive attestations via OpenID4VCI 1.0. Present attestations online or in proximity.
Supported presentation protocols
Remote (can be done from anywhere)
- OpenID4VP v1.0 and Draft 20
- ISO/IEC 18013-7 Annex B (online retrieval via OpenID4VP)
Proximity (requires physical presence)
- ISO/IEC 18013-5: NFC or QR code device engagement, BLE data retrieval
- OpenID4VP over BLE
- OpenID4VP over MQTT (proprietary adaptation of OID4VP over BLE)
ETSI coverage
Receive attestations via standard EUDI issuance interfaces · ETSI TS 119 472-1 · ETSI TS 119 472-3
Present SD-JWT VC attestations online · ETSI TS 119 472-1 · ETSI TS 119 472-2
Present ISO mdoc attestations online and in proximity · ETSI TS 119 472-1 · ETSI TS 119 472-2
Access and Registration Certificates
Verify and validate RP Access and Registration Certificates, including from published registration information.
ETSI coverage
Disclosure policies
Process and enforce embedded disclosure policies, including verification of relying party entitlements against issuer-defined policies.
ETSI coverage
Process embedded disclosure policies · ETSI TS 119 472-1 · ETSI TS 119 472-2 · ETSI TS 119 472-3
Verify WRP entitlements against issuer policies · ETSI TS 119 472-3 · ETSI TS 119 475
Wallet Unit Attestation (WUA/WIA)
Present Wallet Unit Attestations (WUA) and Wallet Instance Attestations (WIA) as proof in credential requests, including instance attestation and key attestation.
ETSI coverage
Support WUA and WIA in credential requests · ETSI TS 119 472-3
Attestation lifecycle
Automatic refresh and update of attestations held in the wallet.
ETSI coverage
Configurable refresh and update of held attestations · ETSI TS 119 472-1
Qualified Electronic Signatures
Sign documents using an external QES service via wallet-driven PAdES signatures on PDF documents held on the device.
ETSI coverage
Wallet-driven PAdES signatures · ETSI EN 319 142-1
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants.
ETSI coverage
Use Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem · ETSI TS 119 602
Use EUDI Trusted Lists and Lists of Trusted Lists (LOTL) to verify the authenticity of trust services · ETSI TS 119 612 · ETSI TS 119 615
Identifiers and signing keys
Identify using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage:
- Secure Enclave (iOS) and Android Keystore (TEE or Strongbox)
- Remote Secure Element (iOS and Android) using Ubiqu
- Azure Key Vault (HSM)
- Internal encrypted database
Wallet Provider
Manage wallet units and Wallet Unit Attestations (WUA) via management APIs. App integrity verification is performed during unit registration using platform-native mechanisms (Secure Enclave on iOS, Android Keystore on Android).
Business Wallet
Procivis One supports business wallet use cases within the EUDI ecosystem, combining wallet and issuance capabilities in a single unit. ETSI standards coverage will be added as specifications are finalized.