Abstract: A client device is configured to (i) receive, from a credential issuer, a digital credential including (a) an identifier for the credential issuer and (b) credential information indicating an identity of a user associated with the client device, (ii) cause the digital credential to be maintained in storage, (iii) receive, from a credential verifier, an authentication challenge associated with a payment instrument, the authentication challenge including (a) an identifier for the credential verifier and (b) a request for credential information indicating the identity of the user of the payment instrument, where the request is encrypted using a private key of the credential verifier, (iv) use the identifier for the credential verifier to obtain a public key of the credential verifier, (v) use the public key to decrypt the encrypted request, and (vi) based on the decrypted request, transmit an authentication challenge response including the digital credential to the credential verifier.

Abstract: A computing platform is configured to (i) receive, from a user, a request to initiate a payment using a payment instrument, (ii) cause an authentication challenge to be presented to the user, the authentication challenge including a request for credential information indicating an identity of the user of the payment instrument, (iii) receive, from a client device associated with the user, an authentication challenge response including (a) an identifier for a credential issuer that previously verified the identity of the user and (b) credential information indicating the identity of the user, the credential information encrypted using a private key of the credential issuer, (iv) use the identifier for the credential issuer to obtain a public key of the credential issuer, (vii) use the public key to decrypt the credential information, (viii) verify that the credential information indicates the identity of the user of the payment instrument, and (ix) execute the payment.