Secure and Versatile Folder

The User Data can be envisioned as a digital personal folder, where you securely store confidential information like driver's licenses, birth certificates, diplomas, and others. This system represents a flexible and secure way to manage a variety of data, inspired by W3C's Verifiable Credentials but extending beyond to accommodate diverse document types, irrespective of their format. Unlike the complex W3C format, we are using the ubiquitous and versatile JSON Web Token as the folder. Thus the User Data is essentially formatted as a JSON Web Token.

Authenticity and Trust

The items stored within your User Data, akin to the confidential information in your personal folder in this analogy, generally originate from external entities referred to as Data Issuers. These are typically authorities or institutions issuing official documents. To ensure the authenticity of the document added to your folder, the Data Issuer stamps it, similar to placing an official seal on the physical folder. This digital stamping on the folder is effectively implemented using JSON Web Signature (JWS), serving as a digital seal that verifies the genuineness and trustworthiness of your data.

Schema-Agnostic Design and JSON Format

zkPass's 'schema-agnostic' design enables the storage of various types of data without the need to follow a specific layout or format. Whether it's an official certificate or an informal note, as long as it’s in the universally understandable JSON format, it can be included in your folder. This approach ensures that your personal folder is not only flexible but also coherent and user-friendly.

Confidential Verification and Sharing

When sharing or verifying your personal document contained in the User Data, confidentiality and security are paramount. The zkPass Query Host facilitates the verification of your document without compromising their integrity, similar to a secure viewing room where confidentiality is maintained at all times. This setup offers you a digital personal folder that is organized, accessible, and fortified with robust security, ensuring peace of mind in managing sensitive data.

For a more detailed explanation of the User Data, please refer to the Developer's Guide.

Data Verification Request (DVR) is like a question that the Proof Verifier asks the Data Holder or the user. This "question" is usually about some specific information a user has stored on the user data. For example, the Proof Verifier might ask, "Is this user over 21 years old?" or "Is this user married?"

The concept of DVR is pivotal in grasping the zkPass workflow. Essentially, the flow of zkPass kicks off with the Proof Verifier creating a DVR.

Structure of a DVR

Each DVR has two main parts:

1. Metadata (The Envelope of the DVR) Think of the metadata as the envelope that holds the DVR. Some of the core metadata are:

   • DVR ID This is like a tracking number for the request. It helps to know which question you're dealing with. This information is mainly used by the zkPass Service.

   • User Data URL The URL to retrieve the user data referenced by the DVR Query variables. The Proof Verifier uses this information to tell the Data Holder where to download the user data content. A Data Issuer typically hosts the URL site. Note that this information is optional. The absence of this information means that the way to determine where to get the user data is embedded in the application business logic of the Data Holder.

   • Public Key This public key verifies that the user's data hasn't been tampered with.

2. Query (The Actual Question) The real heart of the DVR is the query. This is the actual question or condition you want to check against the user's data. In zkPass, you write this query using a unique format called zkPass JSON Query Language. The query uses the concept of variables to reference elements that exist in the user data and compare the variable values with specific constant literals.

[
  {
    assign: {
      loan_application: {
        and: [
          { "==": [{ dvar: "bcaDocID" }, "DOC897923CP"] },
          { "~==": [{ dvar: "personalInfo.firstName" }, "Ramana"] },
          { "~==": [{ dvar: "personalInfo.lastName" }, "Maharshi"] },
          {
            "~==": [{ dvar: "personalInfo.driverLicenseNumber" }, "DL77108108"],
          },
          {
            ">=": [{ dvar: "financialInfo.creditRatings.pefindo" }, 650],
          },
          {
            ">=": [
              { dvar: "financialInfo.accounts.savings.balance" },
              55000000,
            ],
          },
        ],
      },
    },
  },
  { output: { result: { lvar: "loan_application" } } },
]

In this example query, variable "personalInfo.firstName" references the JSON element "firstName" whose parent element is "personalInfo". This element exists in the user data.

For a more in-depth explanation of the DVR, please refer to the Developer's Guide.

Imagine zkPass Proof as a special kind of digital token created by the zkPass Service. It's like a detailed report that contains several important parts, all designed to keep your data safe and verify important information without revealing any secrets.

The Core Elements of zkPass Proof

• Zero-Knowledge Proof This is the heart of the proof. It's a clever piece of the ZKP technology that checks if certain things are true about your data without actually seeing the data itself. It works in a super secure space called the Trusted Execution Environment, ensuring everything is done correctly and privately.

• Query Result After the zkPass Service checks your data, it gives a result. This is what we call the Query Output. It's safe to share this part because the Zero-Knowledge Proof makes sure it’s accurate and hasn't been tampered with.

• DVR Metadata Think of this as the detailed label on your report. It includes the time the proof was made, a unique ID for your Data Verification Request, and other useful information that helps in checking and verifying the integrity of the DVR information used by the zkPass Service when generating the zkPass Proof. The metadata validation is performed by the Proof Verifier.

Safety and Trustworthiness

The entire zkPass Proof is sealed by the zkPass Service, kind of like putting it in a tamper-proof envelope. This ensures that the proof is genuine and hasn’t been altered, adding an extra layer of security.

Protecting Your Data Privacy

What’s really great about zkPass Proof is that it lets someone verify information about your data without ever accessing the actual data. This means your sensitive information stays private, but you can still prove certain things about it. It’s a powerful tool, especially when you need to keep your data under strict privacy control.

Clear and Honest Query Checks

zkPass Proof isn't just about keeping things confidential. It also makes sure that the queries or checks done on your data are transparent and honest. The proof acts like an unchangeable record, confirming that the query was done exactly as it should be, following all the rules and conditions set out.

The concepts of User Data, Data Verification Request (DVR), and zkPass Proof are central to understanding how zkPass works. The diagram below illustrates the relationship among the three:

The user data and the DVR, which contains the query, are inputs to the zkPass Service, which are needed to create the zkPass proof object.