数字钱包101：数字钱包和可验证凭证的简短解释

Public Disclosure Authorized Introduction In recent years, digital identification (ID) systems are evolving toward decentralized architectures,where trust and verification are shared across multiple actors rather than concentrated in a singleauthority. This shift addresses persistent challenges of data silos, fragmented verification, and limitedcross-border recognition, while responding to growing expectations for privacy, interoperability, anduser control. At the core of this evolution are digital ID wallets and verifiable credentials (VCs), which enableindividuals to securely store and present digital proofs issued by trusted entities. These modular,standards-based ecosystems enhance data portability and trust across sectors and borders andmark a convergence between digital identity, payments, and data sharing, supporting moreseamless, user-centric interactions across the digital economy. Key Concepts Digital Walletis a term for a software container that allows users to receive, hold, and share digitalcredentials in a form that can be easily read and verified by a third party. In some cases, thesecredentials may resemble traditional credentials (e.g., ID cards, plane tickets, educational diplomas)while in other cases they may be digitally native (e.g., payment tokens). Verifiable Credentialsare digital proofs issued to a user by a trusted entity after verification againstan authoritative data source. VCs are digitally signed, making them and the data they containcryptographically verifiable by third parties without needing to contact the issuer. Each VC contains (i) metadata that provides context, provenance, and structure; (ii) claims about thesubject (such as identity attributes); and (iii) cryptographically verifiable digital signature linking it toan authoritative source. Data from one or multiple VCs can be combined by the user into averifiablepresentationto offer a cryptographically verifiable proof of specific attributes on demand.1 Within this ecosystem, three principal actors interact with one another: •Issuer– creates and digitally signs credentials based on verified data from authoritativesources.e.g. a national identification authority, passport authority, or university•Holder– controls and stores credentials in their wallet and decides what to share. e.g. acitizen, a traveler, a business, or a student•Verifier–requests and validates presented credentials using the common trustinfrastructure.e.g. a bank, border police, or employer Supporting these interactions is theauthoritative source of data.Also called authoritative registries,these are the official system of record from which authentic data originates. They provide the trusted information that issuers use to create verifiable credentials. Examples in a given context may includethe national civil registry,passport registry,or registries of diplomas maintained by educationalinstitutions.Together with other sources of trusted information, such as credential schemas,revocation lists, trust service provider directories, and public key registries, these form part of abroader “verifiable data layer” that underpins the creation and verification of identifiers, credentials,and related cryptographic data. Another key enabler of verifiable credentials is having acommon trust frameworkin place, oftenbuilt on aPublic Key Infrastructure (PKI)that provides the cryptographic keys and validationmechanisms allowing verifiers to confirm the authenticity and integrity of credentials issued bydifferent entities.2Some decentralized implementations replace a centralized PKI with distributedtrust models—such as blockchains or decentralized identifiers (DIDs)—where issuers publish theirpublic keys or proofs on a shared ledger, enabling verification without relying on a single trustauthority. Key Benefits Digital ID Wallets and VCs introduce a moreresilient, user-centric, and interoperable approachtodigital identity. By shifting verification closer to the user and reducing dependence on centralizedsystems, they expand the reach and reliability of identity services across diverse contexts, includingthose with limited infrastructure or connectivity. •User empowerment and privacy. Individuals control which data to share, when, and withwhom, supporting privacy-by-design and minimizing data misuse. •Resilience and offline capability. Credentials can be verified without continuous internetaccess, ensuring functionality in remote, fragile or conflict settings.•Multiple formats and accessibility. Verifiable credentials can also be printed as verifiableQR codes, increasing accessibility for people without smartphones.•Reduced dependence on central systems.Verification occurs directly between the holderand verifier, reducing exposure to centralized infrastructure outages, institutional fragility, ordata disruption.•Cross-sector and cross-border interoperability: Built on open global standards, enablingtrusted credential exchange between public and private en