KYC-Age Demo

Deploy an application powered by the Demo Issuer!

Let's now see an example of an application built leveraging the Demo Issuer.

Introduction

The application is divided into two parts:

• Issuer - an organization that runs KYC checks and issues Age Claims to Users (Identities)

• Verifier - an organization that needs to verify the age of its users

The user will be interacting with the Application using their Polygon ID Identity Wallet, (Android - iOS) in particular, a user:

• Receives an Age Claim from the Issuer after having passed the KYC check

• Holds the Claim inside their Wallet

• Generate a zk Proof of being above 22yo and present it to the Verifier.

Here is what the application flow looks like from the user's perspective:

1. Authentication: The user authenticates to the Issuer Application by generating a proof that he/she is indeed the owner of the identifier

2. KYC: The issuer sets up internal processes to KYC the user. (in our case we will skip this part and assume that KYC has been done correctly). For example, it may be an ML technology that automatically extracts users' information by scanning an ID.

3. Claim Issuance: The Issuer issues an Age Claim to the User (using its identifier) according to the result of the KYC process. For example, filling up the birthdayfield of the claim with the date of birth of the user extracted from the ID scanning. The issued claim can be either of type Signature or type Merkle Tree Proof

4. Claim Fetch: The user fetches the claim to their Polygon ID wallet.

5. Verifier: Platform that gates access only to people above 22 years old. It will encapsulate this requirement inside a Query and display it to the user via a QR code.

6. Proof Generation: The user, via their wallet, generates a zk proof based on their Age Claim.

7. Verification: Verifies the ZK proof provided by the user. Starting from the proof the Verifier can tell whether the user is above 22 yo or not without ever accessing their actual date of birth

Prerequisites

The prerequisites necessary to run the Demo Issuer are:

• Golang

• Ngrok

• Make

• Yarn

• npm

• jq

• Have set a confiig file for the Demo Issuer

Getting Started

If you are on Unix based system (Linux/Mac) run:

make -j4

The script executes the following steps:

1. Setup port forwarding (via ngrok) - so the mobile can access the issuer that we are running locally

2. Install issuer client deps

3. Install verifier client deps

4. Run the Issuer backend (which will also be used by the verifier to verify the proof)

5. Run the issuer frontend

6. Run the Verifier frontend

7. Open a browser on the local hosted url of the issuer

If you are on Windows based system or for any reason the one-line makefile doesn't work for you, you can try to run the demo manually with the following steps:

• Run Ngrok:

  Run ngrok http 8001.The output of the command is a public url (something like https://35ed-77-70-94-216.eu.ngrok.io ) Copy it to the public_url field in the config file (demo-issuer/issuer/issuer_config.default.yaml)

• Install frontends dependencies:

  Run the following commands on the root dir of the project: yarn --cwd examples/kycAge/issuerClient and yarn --cwd examples/kycAge/verifierClient

• Run the issuer backed: Inside the issuer folder (/issuer/), run the following command: go run cmd/main.go

• Run the frontends of the issuer and verifier:

  Run the following commands on the root dir of the project: yarn --cwd examples/kycAge/issuerClient dev and yarn --cwd examples/kycAge/verifierClient dev

• Start:

  To interact with the Issuer visit localhost:3001 and to interact with the verifier visit localhost:3002

Demo

We have all the services set up to run the Demo

• Issuer Client -> Running on Port 3001

• Verifier Client -> Running on port 3002

Issuing a Claim

The first step will be receiving a Claim. For that, you have to visit the issuer client by visiting http://localhost:3001 on your browser.

Authentication

You will be introduced to the following screen: there is a QR code. By scanning it, you will authenticate yourself by sharing your identifier with the Issuer.

On your Polygon ID Wallet, there is a button at the bottom connect , click it and scan the QR Code. After clicking on Connect Wallet, your Polygon ID wallet will start generating the authentication process.

During the authentication, the Wallet will communicate with the Issuer by sending a JWZ token that contains a set of information such as its identifier. The authentication is complete: the Issuer can now identify the user by their identifier.

Fetch the Age Claim

Ideally, the issuer should now implement some processes to KYC the user such as scanning their IDs, we are skipping it for the sake of this demo.

After the authentication has been performed, the Issuer Client calls the Demo Issuer Issue Claim endpoint to issue an Age claim to the user. The claim will contain your identifier as well as a unique claim identifier.

By default, the user will be offered a Claim of type Signature.

This Claim can be fetched by the user by clicking "Connect Wallet" and scanning the QR Code

As previously mentioned, the process of attesting the actual date of birth of the user is outside the scope of the demo issuer

Alternatively, the user can be offered the same claim of type Merkle Tree Proof (MTP). In this case, the user has to press publish State.This action will call the Publish Identity State endpoint. After that, the claim can be fetched via QR Code.

You have to wait a confirmation time of 3 blocks before fetching the claim of type MTP, which is equivalent of almost 2 minutes.

Scanning the QR will call the Agent Endpoint of the Demo Issuer. The message contains a request to fetch a particular claim (identified by its unique identifier) and a proof that the sender of the message is the legit receiver of that claim.

The Demo will check that the user's identifier matches the one that previously performed the authentication. If successful, the claim will be added to the wallet.

Verification of Claim

Now let's assume a scenario: there is a (different!) entity that needs its users to be above the age of 22. They trust the KYC process provided by our Issuer and hence consider all the Age Claims issued as reliable.

The verifier client runs on http://localhost:3002 . By visiting it, you will be presented with the following screen.

This QR Code has a Query embedded inside it that says: "You must prove to me that you are above 22 yo!".

In particular, the two different queries target claims of two specific types: Signature and MTP. According to the type of claim you fetched inside your wallet from the previous step, scan the corresponding QR code.

The Polygon ID Wallet can parse this QR Code (and interpret the Query) and generate the required proof locally.

The proof locally generated by the Polygon ID wallet will be sent to the Proof Verifier Backend. Once the proof has been verified, an alert showing verification has succeeded will appear.

After the verification applications can follow whatever business logic they have after this. We are skipping that for now in this demo!