Inji Verify offers a seamless credential verification experience through QR code scanning, upload functionality, and Pixel Pass SDK integration for accurate decoding. Utilizing a robust Verification SDK ensures the authenticity and integrity of credentials. The portal displays credentials accurately based on issuer configurations and handles errors effectively. With a user-friendly, responsive interface, real-time verification, and scalable performance, Inji Verify provides an efficient and flexible verification solution.
Here is a comprehensive summary of the features offered by Inji Verify.
QR Code Scanning: Inji Verify allows users to easily scan QR codes using their device's camera, enabling swift verification of credentials.
Upload QR Code: Users can upload QR code images directly to the portal for verification, providing flexibility in the verification process.
Supports various formats like PDFs and images(JPEG, JPG, and PNG) containing QR codes.
Verifying QR Codes Using OpenID4VP Standards (Online Sharing)
Streamlined Credential Sharing: Inji Verify utilizes OpenID4VP standards, embedding a URL in the QR code for online credential sharing, reducing the need for embedding dense Verifiable Credentials (VCs).
Efficient Scanning: Users can scan the QR code, which directs them to a secure VC storage location like Inji Web or any other platform adhering to OpenID4VP standards.
Secure Authorization Flow: Upon scanning the QR code, Inji Verify initiates an authorization request, securely retrieving and verifying the credential from Inji Web.
Cross-Device Sharing: Supports seamless cross-device credential sharing, simplifying verification and minimizing QR code complexity.
Docker Compose for Easy Installation: Simplifies deployment and setup through Docker Compose, allowing quick and efficient installation.
Pixel Pass Integration: Inji Verify seamlessly integrates with Pixel Pass SDK, ensuring accurate decoding of QR code data for verification purposes.
PixelPass library now supports decoding of CBOR-encoded QR codes, enabling Inji Verify to verify CBOR-encoded QR codes. However, CBOR encoding capability within the PixelPass library is still under development.
Verification SDK: The portal utilizes a robust Verification SDK to validate decoded data, ensuring the authenticity and integrity of the credentials.
Credential Display: Inji Verify retrieves display properties of credentials from the issuer's well-known configuration, ensuring a consistent and accurate representation of credential details.
Valid Credential Display: These credentials are currently active and verified using the Inji Verify Portal.
Invalid Credential Display: These credentials are active but invalid.
Expired Credential Display: These credentials have passed their validity period and are no longer active.
Error Handling: The portal features comprehensive error handling mechanisms, guiding users in case of invalid QR codes, or expired QR codes and decoding failures.
User-friendly Interface: Inji Verify offers an intuitive interface, providing a seamless experience for users to navigate and verify credentials effortlessly. The new version includes a responsive design for mobile devices across various browsers, enhancing the ease of exploring, scanning, and uploading features.
Real-time Verification: Users can verify credentials in real time, ensuring prompt validation and reducing verification delays.
Scalability: Inji Verify is designed to scale efficiently, accommodating growing user demands and ensuring optimal performance under varying load conditions.
For more detailed information on each step and the underlying systems, click here.
The user sends a scan request to the Inji verify portal.
Inji verify portal sends a scan request to the Device camera.
The user will be prompted to ask for Device camera permissions.
The user grants camera permissions.
The user scans the QR code using the device camera, and the QR data is returned to the Inji Verify portal.
Inji Verify passes the QR data to the Pixel Pass SDK.
The Pixel Pass SDK returns the decoded data to Inji Verify.
Inji Verify then passes the decoded data to the Verification SDK for verification.
The status is returned to the Inji Verify portal from the Verification SDK.
Inji Verify retrieves the display properties of the credential from the issuer’s well-known configuration.
Finally, Inji Verify displays the credential details using the fetched display properties.
The pixel-pass library fails to decode the data
Inji verify goes back to the home screen and displays the QR code format not supported error
The user denies the camera permissions and the Camera permissions denied screen appears on the Inji verify portal
OpenID4VP (Online Sharing)
User Scans QR Code:
The user opens the Inji Verify portal and scans the QR code using the provided scanner interface in the portal.
The QR code contains an authorization request with the URL of the Inji Web authorize endpoint and parameters like response_type, presentation_definition, and the resource URL from Durian.
Inji Verify Constructs Authorization Request:
Inji Verify appends the necessary parameters to the authorization request:
client_id: Identifies the verifier (Inji Verify).
redirect_uri: Specifies where the user should be redirected after the authorization process.
GET Request to Inji Web Authorization Endpoint:
Inji Verify makes a secure GET call to the authorize endpoint of Inji Web, sending the constructed authorization request.
Verification of Verifier (Inji Verify) by Inji Web:
Inji Web checks its internal configuration for trusted verifiers. It verifies the client_id sent by Inji Verify to ensure it is authorized to request access to the VC stored in Durian.
Retrieving the VC from Inji Web:
Upon successful verification, Inji Web retrieves the Verifiable Credential (VC) from the Durian storage (or any specified secure VC storage).
Inji Web generates a vp_token containing the VC in JSON format and redirects the user back to Inji Verify with the vp_token as part of the response.
Inji Verify Receives and Verifies VC:
Inji Verify receives the vp_token containing the VC.
It performs a thorough verification of the received VC by checking:
The validity of the VC against the issuer's key (issuer key verification).
The integrity of the credential ensures it has not been tampered with.
Displaying the Verified Credential:
After successful verification, Inji Verify showcases the verified credential in the user interface.
Completion of Verification:
The user is presented with the verified credential, confirming successful online sharing and validation using OpenID4VP standards.
Embedded VC data in QR code
The user uploads a file with a QR Code.
Inji Verify passes the QR data to the Pixel Pass SDK.
The Pixel Pass SDK returns the decoded data to Inji Verify.
Inji Verify then passes the decoded data to the Verification SDK for verification.
The status is returned to the Inji Verify portal from the Verification SDK.
Inji Verify retrieves the display properties of the credential from the issuer’s well-known configuration.
Finally, Inji Verify displays the credential details using the fetched display properties.
However, if Pixel Pass fails to decode the data:
Inji Verify navigates back to the home screen and displays the "QR code format not supported" error.
OpenID4VP (Online Sharing)
User Uploads QR Code:
The user opens the Inji Verify portal and uploads a QR code file using the upload functionality in the portal.
QR Code Details:
The uploaded QR code contains an authorization request with the URL of the Inji Web authorize endpoint and parameters like response_type, presentation_definition, and the resource URL from Durian.
Inji Verify Constructs Authorization Request:
Inji Verify appends the necessary parameters to the authorization request:
client_id: Identifies the verifier (Inji Verify).
redirect_uri: Specifies where the user should be redirected after the authorization process.
GET Request to Inji Web Authorization Endpoint:
Inji Verify makes a secure GET call to the authorize endpoint of Inji Web, sending the constructed authorization request.
Verification of Verifier (Inji Verify) by Inji Web:
Inji Web checks its internal configuration for trusted verifiers. It verifies the client_id sent by Inji Verify to ensure it is authorized to request access to the VC stored in Durian.
Retrieving the VC from Inji Web:
Upon successful verification, Inji Web retrieves the Verifiable Credential (VC) from Durian storage (or any specified secure VC storage).
Inji Web generates a vp_token containing the VC in JSON format and redirects the user back to Inji Verify with the vp_token as part of the response.
Inji Verify Receives and Verifies VC:
Inji Verify receives the vp_token containing the VC.
It performs a thorough verification of the received VC by checking:
The validity of the VC against the issuer's key (issuer key verification).
The integrity of the credential, ensuring it has not been tampered with.
Displaying the Verified Credential:
After successful verification, Inji Verify showcases the verified credential in the user interface.
Completion of Verification:
The user is presented with the verified credential, confirming successful online sharing and validation using OpenID4VP standards.
The Pixel Pass library now supports decoding CBOR QR codes and can provide details of verifiable credential (VC) data.
Inji Verify can now handle the display of expired credentials, in addition to valid and invalid credential displays, using the same verification and display processes.
Note: To understand the Inji Verify components in detail please refer to the topic Components under Technical Overview section.
Inji Verify is a powerful tool for validating and verifying credentials through QR codes. Users can scan QR codes using smartphones or computers, retrieving credential information quickly. Advanced algorithms and the pixel pass library ensure QR code authenticity, providing real-time verification and instant feedback.
The portal displays valid credentials securely, including detailed information such as name, DOB, gender, expiration date, and associated claims, in a user-friendly interface. Inji Verify employs encryption techniques to protect sensitive information and prevent tampering.
Compatible with desktops, mobile devices, and laptops, Inji Verify includes a mobile responsive version with back camera capability. While tablet responsiveness is under development, users can access Inji Verify from anywhere with an internet connection.
The below given are the list of features for the Inji Verify Portal:
QR Code Scanning:
Inji Verify enables users to scan QR codes embedded in documents or digital certificates.
The built-in scanning feature allows for quick and convenient retrieval of credential information.
Users can scan QR codes using their smartphone's back camera and computers with a front camera capability.
QR Code Upload:
Users can upload images containing QR codes directly to Inji Verify for verification.
Provides an alternative to scanning, enabling access to and verification of credentials from uploaded documents.
Supports various formats like PDFs and images(JPEG, JPG, and PNG) containing QR codes.
Utilizes PixelPass library to automatically decode uploaded QR codes for accurate credential retrieval.
Streamlined Credential Sharing:
Inji Verify leverages OpenID4VP standards to simplify the process of verifying the verifiable credentials (VCs). Instead of embedding the entire credential within the QR code and with the OpenIDVP online sharing feature the QR code is embedded with a URL that points to a secure storage location like Inji Web or any platform adhering to OpenID4VP standards. This reduces the size and complexity of the QR code, making it easier to scan and share across devices, while still ensuring secure credential verification.
Docker Compose for Easy Installation:
Inji Verify offers a streamlined installation process by supporting Docker Compose. This containerization tool allows users to quickly set up and deploy the application without complex configuration steps.
Validation and Verification:
Upon scanning a QR code or uploading the QR Code, Inji Verify validates the authenticity of the credential data.
Advanced algorithms and cryptographic methods ensure that the QR code has not been tampered with and consumes pixel pass library v0.1.6.
Real-time verification provides instant feedback on the validity of the credential, giving users confidence in its authenticity.
PixelPass library now supports decoding of CBOR-encoded QR codes, enabling Inji Verify to verify CBOR-encoded QR codes. However, CBOR encoding capability within the PixelPass library is still under development.
Credential Display:
Valid credentials retrieved through QR code scanning or uploading QR codes are displayed securely within the Inji Verify portal.
Users can view detailed information about the credential, including name, DOB, gender, expiration date, and any associated claims.
The user-friendly interface facilitates a clear and concise data representation of the credential data for easy verification.
Cross-Platform Compatibility:
Compatible with a wide range of devices and operating systems, including desktops, mobile devices, and laptops.
A mobile responsive version with back camera capability is now available.
Responsive design ensures optimal performance and usability across different screen sizes and resolutions.
Tablet responsiveness tested on specific devices; still under development.
Accessible from anywhere with an internet connection for convenient on-the-go verification.
Scan Feature QR Code Compatibility:
QR code versions supported for the scan feature range from v22 and below with consistent performance.
Versions from v23 to v27 show inconsistent results due to varying data bytes based on the use case for verifiable credentials embedded into the QR code.
Versions above v27 are not supported for the scan feature. If you have a QR code version above v27, please use the upload feature to upload the document or QR code for verification.
Camera Resolution Requirement:
The device's front, back, or web camera resolution must exceed 12 megapixels.
Resolutions below this range result in inconsistent QR code scanning.
Cameras should be used in well-lit environments without filters, ensuring proper alignment for optimal scanning.
Upload Feature QR Code Compatibility:
QR code versions supported for the upload feature range from v32 and below.
Inji Verify provides a reliable solution for validating and verifying verifiable credentials via QR codes. Its user-friendly interface, robust features, and cross-platform compatibility allow users to confidently verify credentials anytime, anywhere.
Important: We are in the process of updating screenshots and content in the End User Guide to reflect our new branding. These updates will be available soon, thank you for your patience!
This document serves as a concise guide for end users, providing comprehensive step-by-step information on the features and functionalities offered by Inji Verify.
Step 1: Initiate Scan Request:
Begin by accessing the Inji Verify portal and selecting the tab “Scan the QR Code” where the Scan QR code section will come up and click on the “Scan” button to initiate the scanning process.
Desktop View
Mobile View
Step 2: Camera Permissions:
When the scan is initiated, you will be prompted to grant the necessary camera permissions for the Inji Verify portal. Please click the "Allow" button to give the portal access to your device's camera.
Desktop View
Mobile View
Step 3: Scan QR Code:
Position the device's camera in front of the QR code you wish to scan.
Capture the QR code by aligning it within the frame displayed on your device's screen.
Once the QR code is captured, the data is sent to the Inji Verify portal for processing.
Decoding and Verification:
The QR data is passed to the Pixel Pass library for decoding.
Pixel Pass returns the decoded data to Inji Verify for further processing.
Inji Verify then verifies the decoded data using the Verification SDK.
Desktop View
Mobile View
Step 4: Display Credential Details:
After successful verification, Inji Verify retrieves the display properties of the credential from the issuer's configuration.
The credential details are displayed on the portal's interface using the fetched display properties.
Desktop View
Mobile View
Step 1: Upload QR Code:
Begin by accessing the Inji Verify portal and selecting the tab “Upload QR Code” where the Upload QR code section will come up and click on the “Upload” button to initiate the process.
Desktop View
Mobile View
Click on the “Upload” button on the “Upload QR Code” Page as you select the option to upload a file containing the QR code or credential document you wish to verify from your device's file explorer. Click on the file to proceed.
Inji Verify passes the QR data from the uploaded file to the Pixel Pass library for processing.
Decoding and Verification:
The QR data is passed to the Pixel Pass SDK for decoding.
Pixel Pass returns the decoded data to Inji Verify for further processing.
Inji Verify then verifies the decoded data using the Verification SDK.
Desktop View
Mobile View
Step 2: Display Credential Details:
Upon successful verification, Inji Verify retrieves the display properties of the credential and presents the details on the portal's interface.
Desktop View
Mobile View
Scenario 1: If Pixel Pass encounters difficulties in decoding the data or encounters an unsupported QR code format, Inji Verify returns to the home screen.
An error message stating "QR code format not supported" is displayed to the user.
Desktop View
Scenario 2: If the QR code size or file size exceeds the permissible limit where the maximum size is 5MB, Inji Verify returns to the home screen.
An error message stating "File size not supported. The file should be between 10Kb and 5 MB."
Desktop View
Scenario 3: If the QR code is unreadable or blurry then Inji Verify returns to the home screen.
An error message stating"No multi-format readers were able to read the QR code."
Desktop View
Scenario 4: If the user fails to scan the QR code within the 60-second timeframe then Inji Verify returns to the home screen.
An error message stating "The scan session has expired due to inactivity. Please initiate a new scan."
Desktop View
Scenario 5: When a PDF containing VC is uploaded and the QR Code is not valid, then the following error message is displayed- ‘Something went wrong with your request. Please check and try again.’
Scenario 6: If there is no internet connectivity, the following error message is displayed while using Inji Verify - ‘No Internet Connection! Oops! We can’t seem to connect. Check your internet connection and try again'
Scenario 7: When the request in the application url is invalid, the error message displayed- ‘The requested resource is invalid’.
Scenario 8: When the server is done, then the error message displayed is- ‘The service is currently unavailable. Please try again later’.
The “Home” Screen is not available now so you will be able to see the “Upload QR Code” Page instead.
The Verify Credentials Page will showcase two main features of Inji Verify that is “Upload QR Code” and “Scan the QR Code”.
Desktop View
The Help section includes three sub-sections or sub-menus:
Contact Us: This directs you to our MOSIP Community where you can write to us with any queries related to Inji Verify or general inquiries.
Documentation: This directs you to the Inji Verify documentation page for detailed information about Inji Verify.
FAQ: This section is still under development.
Desktop View
Valid Credentials
These credentials are currently active and verified using the Inji Verify Portal.
Desktop View
Invalid Credentials:
These credentials are currently active but invalid.
Desktop View
Expired Credentials
These credentials have passed their validity period and are no longer active.
Desktop View
