Creating Documents
Certisfy documents are a set of simple label/value pairs. To request a certificate, select the fields you want included and submit a request for a certificate.
When you submit the request, the id and key for the request will be listed on the Certificate Requests tab, you should provide that information to the trust anchor so they can retrieve your request.
After the certificate is issued, you should come back to Certificate Requests tab and click the download button to pull down the certificate, afterwards it will be listed under My Certificates
For most certificate requests, you should mark it as private to protect the information on the certificate. You should also give it an approprate label.
You should also check the Data Labels tab to see if a specific label should be used for a field
Standard Document Labels
While you can use any labels for your document fields, it is important for the labels to be specific for certain types of information and use cases. The field labels below should be used exactly as specified when creating your documents. This list will continue to grow over time.
Key: {{ props.item.encryptionKey }}
Label: {{ props.item.label }}
Date: {{ props.item.createDate }}
Document
Encrypt Message
Decrypt Message
Using stickers to project trustworthiness online
Use the stickers below to project trust online. You can embed these stickers on a Craiglist post for instance or a dating profile to claim facts that are attested to by one of your certificates. A user that views the sticker can use the embed ID in the Certisfy app to verify the associated claim and thus verify information.
If you are selling something on Instagram and want to prove to visitors that you're not a scammer you can include a sticker that for instance proves your physical location, at the very least a visitor would know that you're not a far away scammer.
You can of course verify other types of information that attest to your trustworthiness, it would depend on the context of what you're trying to prove.
SVG
Code
HTML Image
Code
HTML Object (Users can copy/paste embed ID)
Code
Using Certificates
Once you have a certificate, you want to make claims against the facts attested to by the certificate.
This would be like after you've finished a course work and are given a diploma, you take the diploma to look for a job. Most likely the employer will check to confirm that the diploma (ie certificate) is legitimate, perhaps by calling the school. When you make claims, you're enabling this verification for the recipient of your certificate.
In addition to making claims based on the fields in the certified document (ie the certificate), you can add other fields that are not certified fields. The recipient would know which fields are certified and which aren't. Maybe you want to anonymously verify your age while also creating a pseudonym for yourself, the age field will be certified, the pseudonym field will be unverified.
For instance you may have a certificate that has geo location information on it, you can add an additional field that gives the name of a place that matches that geo location. The recipient of your certificate may only need to verify the geo location and will be satisfied even if the name field you add to the stamped document is not verified.
Most claims will need to include an identity component in order for the reciever to be able to trust it. Read the user guide section that says More about certificates to see how and why identity anchor certificates are necessary.
If you have already created an identity anchor certificate, you can use it to associate an anonymous identity to the claim and specify the intended receiver/recipient.
The intended recipient will give you a unique identifier that you'll address the claim to. For claims that will be placed on stickers, the general public will be the recipient so you just need to check the sticker box.
You can find your unique receiver identifier under the profile menu in the top right of the
application toolbar. If you're the one requesting a claim then you should give this to the party
providing the claim.
This identifier is assumed to be stable so you shouldn't change it even
though you can. It allows you to create sticky anonymous identities for other people you interact
with online.
Let's say you're interacting anonymously in a virtual world but you want to establish identities
for the other people you're interacting with, you could ask them to generate claims destined for
your receiver identifier.
You can then store the identity information you get from that verification.
If someone in that virtual world changes their avatar or create a new account, if you interact
with them again and ask for a claim with this same target receiver identifier, the identity
information that results from the claim verification would be the same.
This means even though you may not know the people you're interacting with,
you'll be able to detect them via their sticky cryptographic identities.
Profile
Certificate Profile
Document Profile
Managing Claim Receiver IDs
A claim receiver id is a sort of persona within a given space. For instance your handle on a particular social media service or your personal email address. Some personas are intended to be private/anonymous (your erotical site email address), others are meant to be well known (your personal email address).
What a claim receiver id does is ensure that others you interact with have a sticky cryptographic identity relative to a given claim receiver id.
For instance if while using a given persona in the "metaverse", you have cause to block a particular cryptographic id, you can do so without the other person being able to circumvent your block even if they reappear with a new username/handle.
When you switch to a different claim receiver id, then the corresponding cryptographic identities for people you interact with also change.
For the most part, claim receiver ids will be used by third party services (ex: messaging apps) and less so by you the Certisfy user.
You should ensure that when you ask for a claim to be provided to one of your claim receiver ids, that the resulting claim is indeed generated for that id.
Working With Documents
Certificates are certified documents, ie documents that have been verified by a Certisfy partner.
Documents contain information that you want to certify, for instance a document representing your drivers license would contain the information on your dirvers license.
Before you head out to get a certificate, you should first create a document and create a certificate request for that document.
About Stickers
Stickers are a way to project trust online with your Certisfy certificates.
For instance let's say you post an Ad on craigslist, how do you let visitors know you're not a scammer?
You can make a claim, then create a sticker for it, targeting a particular web address (ex: your craigslist post url).
Visitors who see your Ad and the Certisfy sticker can verify certain details about the poster. They don't have to know who you are but you can project trust in any number of ways.
For instance you could have a certificate for your address or just the city your live in, you can then claim certain facts about your location. If a visitor can be certain of your location, at the very least they can be sure you're not an overseas scammer.
You can have other types of certificates that attest to other facts about you that you can embed online to project trustworthiness.
You could even have a certificate that attests to the fact that you're 6'0 tall and post a sticker claiming that fact on your dating profile, visitors to your profile will be able to use Certisfy to verify that claim...imagine that, no more catfishing!!
Create Sticker
Price: $1/month or FREE TRIAL!
My Stickers
Working With Certificates
Certificates are cryptographically certified documents. Before you can create a certificate you should first create a document and make a certificate request in the Certisfy app; then find a Certisfy partner to verify your information and issue you a certificate.
Certificates attest to facts about yourself, similar to how an educational certificate might attest to the fact that you have a certain expertise.
Once you have your trustworthy certificate, you can use it to make claims about the information on the certificate.
Those who receive your claims will use Certisfy to verify your claims.
Certificate bookmarks help you send secret/encrypted messages to others whose certificate you have bookmarked. This is a use case for nerds, if you're not a nerd you can ignore it.
Issuing Certificates
Anyone using the Certisfy app can issue a certificate. Of course for the certificate to be considered trustworthy it needs to be issued by a trust anchor.
The person requesting the certificate will provide the request ID and a key to retrieve the request which contains the document that needs to be certified. In general, trust anchor certificates are used to stamp the document in the request thus turning it into a certified document (ie another certificate).
Trust anchors are expected to apply due diligence before issuing a certificate. For instance if someone ask for a certificate for their drivers license, the trust anchor should review the actual license and verify that the corresponding information is correct.
If someone ask for an address verification certificate, the issuer should ask for proof of residency such as mailed bills or call a rental office to confirm.
If someone ask for a height verification certificate, a trust anchor should whip out a tape ruler and measure that sucka before issuing a certificate.
Trust anchors will charge a fee for this service.
Lookup A Certificate Request
Review Document And Stamp
ID Proofing
Verification Result add_circle_outline remove_circle_outline
Claim Document
This is a claim from a sticker. Before proceeding to verify the information on the sticker, you should first make sure this sticker wasn't stolen by verifying the source information.
The creator of the sticker provided the information below as the only source this sticker should be accepted from. If the information is a website, you should confirm that it is the same page as where you found the sticker.
If it is a profile id (for instance an instagram name), you should confirm that it matches the profile id of the person that gave you the sticker or whose page the sticker was found on.
Valid For Source:
check_circle Verified fields
warning Unverified fields
gpp_good This claim is trustworthy.
It was made on
In general, old claims are less trustworthy.
If you're unsure, ask the person who gave you this claim to make a new one and give it to you, if they can produce a claim newer than the current time then you know they own the certificate.
error This claim is not trustworthy.
person_outline Owner Identity Information
ID is only valid for receiver:
ID based on identity element:
ID proofing strength:
Claim Document
info Sticker
This is a claim from a sticker. Before proceeding to verify the information on the sticker, you should first make sure this sticker wasn't stolen by verifying the source information.
The creator of the sticker provided the information below as the only source this sticker should be accepted from. If the information is a website, you should confirm that it is the same page as where you found the sticker.
If it is a profile id (for instance an instagram name), you should confirm that it matches the profile id of the person that gave you the sticker or whose page the sticker was found on.
Verify Source:
check_circle Verified fields
warning Unverified fields
gpp_good This claim is trustworthy.
It was made on
In general, old claims are less trustworthy.
If you're unsure, ask the person who gave you this claim to make a new one and give it to you, if they can produce a claim newer than the current time then you know they own the certificate.
error This claim is not trustworthy.
person_outline Owner Identity Information
ID is only valid for receiver:
ID based on identity element:
This certificate was used to make this claim.
Issue Date:
Expiration Date:
{{docVerificationContext.certChainVerification.chain[0].status_message}}
This certificate issued the previous certificate.
Issue Date:
Expiration Date:
{{cert.status_message}}
{{cert.authority_status_message}}
Reading Claim Verifications
You verify claims that are attested to by certificates. Claims can be stickers, in that case they are shareable claims. Claims can also be given directly to you by the claimant.
If a sticker claim you're verifying is from a web post or an app, the first thing you want to confirm is that the claim was in fact issued for that web page or app. Claims could be public and can be copied and re-presented by anyone, for instances all claims associated with a sticker are public and can be copied by anyone.
Sticker claims are like youtube videos, when they are shareable they can be put on any web page or app. For instance, how can you be sure that the sticker you saw on a Craigslist post or an app is valid for that specific post and wasn't stolen from another post?
You should first confirm the Valid For Source target information (a url, unique user-id..etc) which would be the first item on the verification result. If you're not able to match the Valid For Source information, for instance if the url or user-id on the sticker doesn't match the page the sticker itself is placed on , then you know it was stolen.
When reading claim verifications, the date also matters. The older the claim, the less trusthworthy you should consider it to be.
If the claim is not a sticker, it will show anonymous identity information, if someone gives you a claim directly as opposed to a sticker, you should always make sure they generate the claim for one of your claim receiver ids (ex: associated with a social media handle) and you should confirm that in the verification result.
Verify A Claim
Find A Certificate Issuer
Can't find any partners near you? Let us know!!
{{ props.item.address }}
{{ props.item.website }}
{{ props.item.distance?props.item.distance+" miles":"" }}
How to use Certisfy
The 4 steps below cover the actions you can perform with Certisfy. Steps 1 & 2 show how to acquire trustworthy certificates, 3 & 4 show how to use certificates. The user guide describes how to perform these actions.
These actions taken together will allow you to use Certisfy to project trust and verify information online.
1. Request a certificate.
2. Find Certificate Issuer.
Once you have your certificates, you can use them to make claims. You can also verify information using claims given to you by other people. That's it, this is what Certisfy is about!
3. Make a claim.
4. Verify a claim.
How to use Certisfy
The 4 steps below cover the actions you can perform with Certisfy. Steps 1 & 2 show how to acquire trustworthy certificates, 3 & 4 show how to use certificates. The user guide describes how to perform these actions.
These actions taken together will allow you to use Certisfy to project trust and verify information online.
1. Request a certificate.
2. Issue a certificate.
3. Make a claim.
4. Verify a claim.
1. How to request a certificate.
The first step for creating a certificate is to create a document. A document is a piece of information , it can represent anything. You can have as many documents as you need. In fact a certificate is just a certified document.
Because certificates are publicly accessible to anyone, in most cases you'll want to keep the information on the certificate private.
For instance you may want a certificate for just your date of birth or age without revealing the other information on your drivers licenses, in that case you simply create a document that has only your date of birth or age and have a certificate issued for that, seperate from the more sensitive information (your address for instance) on the rest of your license.
Below is an example of a document.
You should also select the appropriate identity anchor certificate that your new certificate would be linked to. Read the More about certificates user guide section to learn about this field.
Once you have the document, you can make a certificate request. This request will be saved and can be pulled by the person that will be asked to issue the certificate.
When you click the REQUEST CERTIFICATE button above, a new request will be created. You can view all requests associated with a document by looking at the CERTIFICATE REQUESTS tab.
When a new request is created, an id and a key is created for it. You'll need to give this information to the person issuing the certificate so they can get access to your request.
After a certificate is issued for the request, you can download the certificate by clicking the
Fetch Certificate
2. How to issue a certificate.
To issue a certificate, the issuer should obtain the id and key for the request from the person requesting the certificate.
A certificate can be either self-issued or issued by (ie stamped) another certificate. Most certificates will be issued (ie stamped) by another certificate.
For instance a cryptographic drivers license certificate could be issued (ie stamped) by a police officer's certificate and the police officer's own certificate would have been issued by the department's certificate (a self-issued certificate).
As noted above, you can use any of your existing certificates to issue additional certificates.
ID Proofing
If a certificate request is linked to an id certificate, you'll have to request a claim from the identity certificate that includes the actual id information on the certificate. In other words, beyond the basic identity element (driver's license number, passport number..etc), an id certificate should also include basic PII. In order to issue a trustworthy certificate, issuer should review the claim containing the identity element and associated PII before issuing a certificate linked to it.
The goal of this id review is to prevent the requester of the certificate from acquiring a certificate then passing it to someone else to use with a different id certificate. There is no prescribed procedure for reviewing an id certificate since...it is already a certificate and has been verified.
You should really just make sure the information on the id certificate claim makes sense for the context of the new certificate request. For instance if someone in New York is requesting a certificate and gives you an Id certificate claim that shows that the corresponding id certificate was issued to someone with a California driver's license,it may be a cause for further scrutiny. Check for bio-info mismatch, such as the id certificate claims the gender is male but the requester is female, check for things like ethnicity mismatch.
The id claim should be issued for one of your issuer claim receiver ids and you should ensure that it is verified before accepting it. You can create multiple issuer claim receiver ids and rotate between them when challenging for id claims. You should make sure the id claim is current and is generated more or less at the time the certificate is being issued.
Even when someone hands you a fresh and valid claim from an id certificate, it is no proof that they really own the certificate, even when they're standing right in front of you! They could be relaying id information directly from the owner of the id certificate without being in possession of the certificate and its associated private key (aka secret seal), ie the person standing in front of you could simply be a mule, fronting with someone elses id claim. A mule could be controlled via a compromised Certisfy client on their device for instance or the device itself could be compromised.
Basic ID Proofing
One way to combat the potential mule problem is to directly relay the information on the id claim back to the requester (ie a potential mule). The idea is to prevent what we call anonymous peer conspiracy, ie two (or more) people who are anonymous to eachother conspiring to improperly procure and subsequently misuse certificates. By ensuring that at least one party/peer knows id information of the other, you break the anonymity and introduce risk for one or both parties depending on what the issued certificate is subsequently used for.
So when someone hands you a claim from an id certificate in order to procure a new certificate, relay the information back to them to make sure they become aware of it. You could read it back to them, send a receipt via email or text...etc.
Strong ID Proofing
An even more aggressive form of breaking anonymous peer conspiracy is via STRONG id proofing when making a certificate request. For now STRONG id proofing is optional but might become a requirement in the future.
With STRONG id proofing, the person making the certificate request (ie the actual intended recipient of the the issued certificate) is temporarily required to expose (ie stake) their ID certificate (and associated private key) to the risk of exfiltration by any potential mule they may be using to acquire a certificate. The potential mule could even be law enforcement setting up a honeypot trap.
A honeypot trap can also extract Id claims when using Basic ID Proofing with just the identity certificate claim used for proofing. Id claims have identity certificate information so they are almost as bad in terms of identity information exfiltration.
While issuing a certificate, if the requester provides an ID honeypot trap code, just accept it and trap the ID, no questions asked.
3. How to make claims.
To make a claim against facts on a certificate, simply open the certificate and select the fields you wish to make claims against.
You may also add additional fields that have not been verified, and of course the recipient would know that those fields are unverified.
In order for a claim to be trustworthy, it must be tied to an identity anchor certificate. An identity anchor certificate should be the first certificate you acquire in order to use Certify to make trustworthy claims. To learn about what is required for an identity anchor certificate, read the guide section that says More about certificates.
You should also specify the recipient of the claim, they'll give you their unique identifier to use for making claims meant for them. If the claim will be used on a sticker, then the recipient would be the general public so you don't need to specify a receiver, just check the box that says it is for a sticker.
How to stamp a document.
Stamping documents is another way to use a certificate. Mainly it applies to using your certificate to stamp other documents. In fact the act of issuing a certificate is actually an act of stamping the document the certificate is based on, in order to turn it into a certified document (ie a certificate).
Stamping documents is different from but related to making claims against facts on a certificate. The difference is that the document you stamp isn't verified by another party, any trust placed on the stamped document is based on the trust embodied by the certificate used to apply the stamp and thus based on the trust embodied by the owner of that certificate.
When a certificate is requested (step 1.), the owner of the certificate also gets a secret seal. This secret seal will be used to stamp documents issued by the owner of the issued certificate.
The secret seal is managed by Certisfy so you as the user never use it directly.
Remember, we mentioned earlier that certificates are just documents but they are a bit special from other documents. There are three key things that are special about certified documents (ie certificates).
-
As mentioned previously, certified documents have a seal associated with them. The owner of the certificate can use the seal to stamp other documents. This is like being a judge or a doctor, in addition to a certificate you have on a wall that states your qualification, you also get a unique secret seal that you can use to stamp documents.
For instance you can think of a doctor as having a seal to issue prescriptions. Anyone can read medical documents and even learn how to perform a medical procedure but if you're not a board certified doctor, you in effect don't have the seal needed to stamp prescription documents.
-
The second special thing about certificates is that in addition to the information they contain (like your name), they also possess the information needed to verify stamps created with their associated seal.
If someone gives you a freshly stamped document and showed you their certificate, you'll be able to compare the stamp on the certificate to the new stamp on the document to determine if they were stamped by the same seal. You don't need to see the seal itself you just need to be able to examine the stamped impressions. Certisfy helps you perform this action cryptographically.
-
A third special thing about certified documents (ie certificates) is that it is assumed that the information on them has been verified by the certificate issuer. In other words if a police officer issues a cryptographic drivers license certificate to you and you present that certificate to someone, they can assume that the information on it (your drivers license information) was verified before the certificate was issued.
To summarize, certificates and their associated seals are used hand-in-hand by using the seal to generate stamped documents. Whenever you present a certificate to someone, they'll ask you to proove that you're the owner of the certificate by producing a freshly stamped document using the certificate's secret seal.
Remember, certificates are public and anyone can have them and try to use them, the way to prevent misuse is to demand that someone stamps a document using the associated secret seal. If they don't possess the secret seal, they won't be able to generate a valid stamp.
There are a lot of use cases for this ability to stamp documents.
-
For instance a journalist could stamp an article (or the link to the article) and publish the stamped article, anyone reading the article could verify the stamp and know that the article is authentic, ie it is not fake news.
-
Or let's say a celebrity wants to use their certificate to give you a cryptographic autograph. They'll stamp a document with your name or perhaps an SVG image of themself. The cryptographic stamp would be proof that the autograph is legitimate.
Having the celebrity stamp the autograph only proves that it is a legitimate autograph but it doesn't prove that it was issued to you. To be able to prove that it was issued to you, you'll first have to stamp the autograph before the given celebrity applies their own stamp over it.
In the future if you wanted to prove that the autograph was issued to you, you just need to create a newly stamped copy. Certisfy will be able to verify that the original stamp and the freshly stamped copy where stamped by the same secret seal, thus proving that the autograph was truely issued to you.
To stamp a document, simply click the Stamp Document button and select the certificate you want to use to stamp the document.
Remember, a certificate itself is just a document (a slightly special type) that has been stamped by a secret seal. The person/entity whose seal is used to stamp the certificate is called the issuer(ex a police officer).
In the case of a self-issued certificate, Certisfy uses the associated secret seal to stamp it, as opposed to using the seal of some other trusted entity (ie issuer, ex a police officer).
A quick rule of thumb to remember is that not all stamped documents are certificates but all certificates are stamped documents.
4. How to verify claims.
There is a simple way to check claims with Certisfy, just pasted them into the verification form or use a sticker code.
A lot of the time claims will not need to be checked by you directly but rather they'll be checked by a service that accepts Certisfy certificates.
-
For instance let's say you want to get a blue checkmark next to your name on twitter. Twitter will ask you to make a claim against a certificate that has your name.
If you give twitter your claim, twitter will be the one who both checks the information on the certificate and verifies the claim using our API.
More About Certificates.
Beyond knowing how to use certificates, there are some additional facts about certificates that are worth knowing about.
Certificate misuse.
Certificates by themself cannot be considered trustworthy by service providers (ex craigslist). Certificates are handed out to people and there's nothing to stop someone from sharing their certificate and encouraging misuse of it. For instance someone could hand a certificate for an adult to a minor and the service provider would have no way of knowing that the user is a minor.
Even worse, it is possible for criminals to exploit this weakness by selling certificates to people who shouldn't be using them.
Your cryptographic face.
A mechanism for dealing with certificate misuse is via identity anchor certificates. An identity anchor certificate is a certificate that is cryptographically linked to some element of the owner's real identity while still enabling the person to remain fully anonymous.
The owner of an identity anchor certificate will remain fully anonymous, however it would be possible to establish a fixed anonymous cryptographic identity for that person that would be impossible to circumvent. We call this characteristic a cryptographic face.
This is similar to being anonymous IRL but your face can be remembered. For instance if you get thrown out of a bar, they may not know your name or anything else about you but if you show up again, they'll probably remember your face and prevent you from going in.
This ability to remember your cryptographic face even though you're anonymous is a mechanism that can be used to mitigate the risk of misuse. If you misuse a certificate tied to your cryptographic face, service providers can remember that face and likely prevent you from using their service. They don't need to know who you are IRL to be able to enforce this.
Currently the elements of your real identity that can be used to establish a cryptographic face are:
You'll need to create a document with one of these elements included and have a certificate issued for that document. The document should use the exact labels noted above.
You'll then be able to use that certificate as an identity anchor certificate to derive anonymous cryptographic identities for various services.
Each service will have a unique anonymous identity per identity anchor certificate. So the anonymous identity you have on say twitter would be completely different from the one you have on facebook and the one you have on craigslist.
Certificates and Privacy.
Certificates can be linked to an anonymous identity, services for which you use certificates will generally demand that your certificates be tied to an anonymous identity certificate.
One important measure required to preserve privacy is to never use the same certificate for anonymous and non-anonymous use cases. While you can mask the information on a certificate, the id of the certificate can be used to track the owner activity if the same certificate is used.
For instance, to anonymously verify your age, you should use a certificate that has your age as of the certificate issue date but not your name. Such a certificate can contain other bits of information that you wish to use anonymously, for instance your city/state location.
Becoming a trust anchor
Using Certisfy, anyone can issue a certificate. However in order to be listed as a trustworthy cerificate issuer (ex as a police department), Certisfy will need to verify your status.
Once you're verified, Certisfy itself will stamp your certificate. This would be very helpful to service providers (ex facebook, twitter, craigslist..etc), they'll simply be able to accept certificates on your trust path (ie stamped by you or a delegate(ex a police officer)) without having to do additional work.
Entities with trustworthy certificates that can then be used to issue other certificates are called trust anchors.
Format of a trust anchor certificate
A trust anchor certificate needs to contain the following information. In other words the document that you use to request a trust anchor certificate should contain the following information before Certisfy can verify and issue you a trust anchor certificate.
Put another way, you first have to make a certificate request and then complete this form.
The document with the informatiom above should not be marked as private when making the certificate request.
The labor-code can be a valid government labor/occupational code that correctly identifies the line of work the issuer entity can be grouped under.
For US entities, that information can be found at the labor department site: https://www.bls.gov/soc/
The maximum-delegates states how many levels of trustworthiness delegation this trust anchor can have. This would be based on the organizational structure of the the trust anchor. For instance a police department has a hierarchy that can be used to determine how many levels of delegation is valid.
If you wont be delegating certificate issuing authority to anyone then the value for
maximum-delegates should be 0. Certisfy will only issue a trust anchor
certificate after verifying that the maximum-delegates value is valid.
Submit A Request
Report a certificate only if it contains invalid info or it has been compromised. Otherwise file your complaint with the service the certificate is used for.
{{ props.item.value }}