1. There's a provider that already has your data (it could be the government, a bank, a phone carrier etc). If more than one provider is supported, there's a list of trusted providers somewhere.
2. Whenever a website needs an age check, it asks you to authenticate with one of the trusted providers. The provider gets a challenge (a random string).
3. If you authenticate successfully, the provider uses their public key to provide a cryptographic signature of the challenge. This signed challenge is then transmitted back to the website.
In a more advanced version of this system, the website also provides a boolean expression, like `country_of_residence not in forbidden_countries && (age > 21 || (age > 18 && country_of_residence != "us"))`, and providers promise not to return successful responses for users who don't fulfill the expression criteria.
1. There's a provider that already has your data (it could be the government, a bank, a phone carrier etc). If more than one provider is supported, there's a list of trusted providers somewhere.
2. Whenever a website needs an age check, it asks you to authenticate with one of the trusted providers. The provider gets a challenge (a random string).
3. If you authenticate successfully, the provider uses their public key to provide a cryptographic signature of the challenge. This signed challenge is then transmitted back to the website.
In a more advanced version of this system, the website also provides a boolean expression, like `country_of_residence not in forbidden_countries && (age > 21 || (age > 18 && country_of_residence != "us"))`, and providers promise not to return successful responses for users who don't fulfill the expression criteria.