How Civic Anchor works.
Three phases, anchored cryptographically to a live human, with raw biometrics never persisted on our infrastructure. Anchor once; carry your verified identity wherever you need to prove it.
- 01
Enrol
A registered partner node — telco store, bank branch, registered retail outlet, NGO partner office, government office — captures a live biometric and binds it to a sovereign DID. Raw biometric data is hashed and discarded on the capture device; the hash is the only user-identifying material that ever leaves the device.
- 02
Hold
Your DID accumulates verifiable credentials over time — RICA-verified phone, FICA KYC, employer attestations, professional-body credentials, peer attestations. The wallet on your phone is a read-only viewer; we never hold keys you can't reset by re-anchoring on your own biometric.
- 03
Present
Verifiers query a single-use, 60-second nonce; you reveal only what each counterparty needs (FICA-tier identity, RICA-only phone proof, an employer attestation). Every presentation is logged on your side for audit, never aggregated against you across counterparties.
Where this is enforced in code
Enrolment runs the active-liveness capture client-side; partner devices co-sign the first-anchor verifiable credential. Triple-approval verification gates a single platform-signed presentation token to the requesting verifier. Lawful-access intake operates per-jurisdiction under court-order.