Verification Model

How Trust is Established

• Issuer identity is anchored to trusted DID keys.
• QR token signatures are validated with RSA-PSS (PS256 profile).
• Credential ID integrity is cross-checked between URL and token payload.
• Optional payload digest binding guards against QR payload tampering.
• Validity window checks enforce QR freshness using generated timestamp.

These checks are performed locally in-browser before the result screen is rendered.