Beyond Screens: Investigating Identity Proofing for the Metaverse Through Cross-Device Flows

This paper presents a secure identity proofing flow for metaverse-based applications, enabling the validation of authoritative identity evidence (such as electronic passports and identity cards) to support sensitive or legally binding operations performed through virtual reality (VR) headsets. These use cases, common in business environments, require users' credentials to be strongly linked to verified real-world identities, ensuring compliance with regulatory standards. The solution involves a cross-device flow where users first verify their identity on a mobile device by presenting valid identity evidence. This verified identity is then transferred to the VR headset, where users can register and activate credentials for future authentication. Beyond providing key security considerations and defining a taxonomy of possible attacks, we discuss how our design choices enhance the security of the flow.