SVX Documentation
HomepageAPISDK
Current
Current
  • Docs
  • Concepts
    • Digital Identity and Why It's Important
    • Digital Wallets
    • Ecosystems
    • Information Security
    • Personal Data & Attributes
    • Privacy- and Security-by-design
    • Secure Data Storage
    • Selective Disclosure / ZKP
    • Tokens and Tokenisation
    • Verifiable Credentials
    • Terminology
  • Platform
    • Secure Value Exchange
    • Authorisation, Tenant & Organisation Manager (ATOM)
    • Credential Service
    • Decentralised Identifiers (DIDs)
    • Keys
    • Tenants, Organisations, and End-Users
    • Vault
      • Enterprise Vault
    • Portal
    • Supported Standards
  • Guides
    • Onboarding to SVX
    • API Guides
      • Credentials
        • Credential Schemas
        • Credential Types
        • Issue Credentials
        • Presentation Definitions
        • Presentations
      • DIDs
        • DID Resolver
        • DID Registrar
        • DID Methods
          • did:key
          • did:web
          • did:ebsi
          • did:indy
        • DID Controller Keypair
      • OpenID Connect
        • For Verifiable Presentation
      • Users
        • Inviting End-Users
        • Authenticating End-Users
      • Vault
        • Items and Slots
        • Connections and Sharing
        • Classification Hierarchies
        • Attachments
        • On-sharing & Client Tasks
        • Account Delegation
      • Machine-2-Machine Communication
    • Portal Tutorials
      • Tenant Administrators
        • Onboard to a Tenancy
        • Dashboard and Navigation
        • Manage Tenancy
        • Manage Tenant Administrators
        • Manage Organisations
        • Manage Organisation Administrators
        • Credential Schemas
        • Applications
        • End Users
      • Organisation Administrators
        • Manage Organisation
        • Onboarding and Organisation Setup
        • Dashboard and Navigation
        • Manage Organisation Administrators
        • Credential Templates
        • View Credentials
        • Verification Templates
        • Verification Requests
        • Connections
        • Applications
    • Wallet Tutorials
      • Wallet Set Up
      • Provider Registration
      • Organisation Configuration
      • Credentials
      • Requests
      • Security
      • Wallet Recovery
  • Tools
    • Meeco SDK & CLI
    • Cryppo SDK & CLI
  • Releases
    • 2.1.1
    • 2.1.0
    • 2.0.0
    • 1.4.3
    • 1.4.2
    • 1.4.1
    • 1.4.0
    • 1.3.8
    • 1.3.7
    • 1.3.6
    • 1.3.5
    • 1.3.4
    • 1.3.3
    • 1.3.2
    • 1.3.0
    • 1.2.5
    • 1.2.4
    • 1.2.3
    • 1.2.2
    • 1.2.1
    • 1.2.0
    • 1.1.0
    • 1.0.0
    • Legacy API-of-Me
  • Policies
    • Privacy
    • Developer Policy
Powered by GitBook
On this page
  • Claim
  • Classification
  • Classification Node
  • Classification Scheme
  • Connection
  • Credential
  • Credential Schema
  • Credential Template
  • Data Encryption Key (DEK)
  • Decentralized Identifier (DID)
  • Derivation Artefact
  • DID Subject
  • Distributed Ledger Technology (DLT)
  • Distributed Public Key Infrastructure (DPKI)
  • Ecosystem
  • End-to-end Encryption (E2E)
  • End-users
  • Ephemeral DID
  • Issuer
  • Item
  • Item Template
  • JSON File Type
  • JSON Web Tokens
  • Key Encryption Key (KEK)
  • Key Exchange
  • Keypair
  • Keystore
  • Organisation
  • Organisation Administrator
  • Passphrase
  • Passphrase Derived Key (PDK)
  • Personally Identifiable Information (PII)
  • Presentation
  • Presentation Definition
  • Presentation Request (PR)
  • Private Key (PrK)
  • Public Key Infrastructure (PKI)
  • Public Key (PuK)
  • Relying Party (RP)
  • Root Certificates
  • Secret Key (also see Private Key)
  • Secure Remote Password (SRP)
  • Security Rights (SRs)
  • Security Rights Token (SRT)
  • Share
  • Slot
  • Software Development Kit (SDK)
  • Signing Key
  • Subject
  • Secure Value Exchange (SVX)
  • (Verification) Submission
  • Tenant
  • Tenant Administrator
  • Tenancy(ies)
  • Uniform resource identifier (URI)
  • Universally unique identifier (UUID)
  • Vault
  • Verifiable Credential
  • Verifiable Data Registry (VDR)
  • Verifiable Presentation
  • Verification Request
  • Verification Template
  • Verifier
  • Verifying Key
  • Wallet
  • Wallet Holder
  • Zero Knowledge Proof(s) (ZKP)
  • Zero Value Knowledge (ZVK)

Was this helpful?

Edit on GitHub
  1. Concepts

Terminology

Last updated 1 year ago

Was this helpful?

Claim

Attribute represented as a name-value pair.

Classification

A link between a and a classified entity. , and can have Classifications.

Classification Node

A consists of a tree of Classification Nodes. A Classification Node:

  • belongs to a Classification Scheme

  • has a parent Classification Node, unless it is the root node

  • has property name

  • has property label

  • has property description

  • has property image

Classification Scheme

Connection

Credential

Credential Schema

Credential Template

The defining properties of the resulting Credential. Credential Templates generally include:

  • template name

  • associated credential schema

  • Issuer URL

  • Issuer logo

  • styling information (background and text colour)

Data Encryption Key (DEK)

Decentralized Identifier (DID)

Derivation Artefact

Required in the process of generating or re-generating a Passphrase Derived Key. Derivation Artefacts include:

  • Number of iterations

  • Salt

  • Derived key

DID Subject

The entity identified by a DID and described by a DID Document. DID subjects include:

  • people

  • organizations

  • physical entities

  • digital entities

Distributed Ledger Technology (DLT)

An umbrella term for technologies that provide distributed, append-only storage mechanics based on a consensus algorithm. Blockchain and hashgraph technologies are included under the term DLTs.

Distributed Public Key Infrastructure (DPKI)

Same as PKI, but does not require a centralized authority to provide authenticity.

Ecosystem

A group of organizations, users, and things that interact within a particular environment to achieve a (common) goal.

End-to-end Encryption (E2E)

A system of communication where only the users communicating can read the messages. It prevents data from being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender (via the use of encryption keys), they are stored, encrypted, by the recipient, and are decrypted (read) by the recipient with another set of keys.

End-users

A role within SVX. End-users, including Wallet Holders, partake in the exchange and sharing of data with Issuers and Verifiers. Via the use of Meeco’s Wallet application, they are able to, but not limited to:

  • Register with Tenants

  • Connect with Organizations

  • Import credentials

  • Import and respond to Presentation Requests

Ephemeral DID

DID which is self-contained or generative, does not need to be represented in VDR.

Issuer

A role an entity can perform by asserting claims about one or more subjects, creating a verifiable credential from these claims, and transmitting the verifiable credential to a holder. See reference here.

Item

  • user profile

  • club membership

Item Template

JSON File Type

JSON is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute-value pairs and arrays. It is a common data format with diverse uses in electronic data interchange, including that of web applications with servers.

JSON Web Tokens

JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.

Key Encryption Key (KEK)

Key Exchange

A process where at least two parties exchange cryptographic key(s) with the intention to use it/them for encryption or authentication.

Keypair

A pair of private key(s) and public key(s) that are mathematically linked to each other. Public keys are used to encrypt data, and the private key of the keypair is used to decrypt that data. This is known as asymmetric encryption.

Keystore

Organisation

An entity within SVX. An Organisation belongs to a Tenant and is managed by one or more Organisation Administrators.

Organisation Administrator

A role within SVX. Organisation Administrators are individuals (users) who have administrator access and permissions to operate an Organisation. An Organisation Administrator is responsible for the actions that take place within their Organisation, including:

  • Issuing credentials

  • Verifying credentials

  • Revoking credentials

  • Creating and managing Connections

Passphrase

A string of words that are used to authenticate a user when accessing a digital service or system. Passphrases are considered more secure than passwords as they are harder to decipher.

Passphrase Derived Key (PDK)

A PBKDF2 key. To generate or re-generate this key, a passphrase and derivation artefacts are required. Derivation artefacts include:

  • Number of iterations

  • Salt

  • Derived key length

In the current iteration of our Secret Key authentication and passphrase derivation, the number of keys Number of iterations and Derived key length are static, and the Salt is pulled from the Secret Key.

Personally Identifiable Information (PII)

Identifiers/attributes that may serve to uniquely identify a subject of the information.

Presentation

Presentation Definition

Presentation Request (PR)

Private Key (PrK)

A secret key in asymmetric cryptography used for decrypting ciphertext to plaintext.

Public Key Infrastructure (PKI)

Infrastructure distributing cryptographic public keys based on a chain-of-trust, which is built around centralized authorities (entities issuing Root Certificates).

Public Key (PuK)

A public key linked directly to a specific entity, used to encrypt plaintext into ciphertext, which can only be decrypted with the corresponding Private Key.

Relying Party (RP)

An entity that relies upon the subscriber's credentials, typically to process a transaction or grant access to information or a system.

Root Certificates

Secret Key (also see Private Key)

Secure Remote Password (SRP)

Security Rights (SRs)

  • External security rights, which are understood by other components in SVX.

Security Rights Token (SRT)

A token that contains security rights assigned to a user or agent, which can be used as proof that it can perform certain actions.

Share

Slot

  • key_value

  • bool

  • date

  • datetime

  • image

  • url

  • phone_number

  • email

  • password

  • attachment Notice that new types cannot be created; key_value should be the default type used.

Software Development Kit (SDK)

A collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger, and sometimes a software framework.

Signing Key

See Private Key.

Subject

A principal of a Credential. It can be a person, organization, thing, or entity.

Secure Value Exchange (SVX)

(Verification) Submission

A term used within SVX but is identical to Verifiable Presentation.

Tenant

Tenant Administrator

  • Onboarding, managing and governing Organisations.

  • Registering and managing End-users.

Tenancy(ies)

A Tenancy is operated by an enterprise/company, referred to as a Tenant and consists of Organisations, and End-users.

Uniform resource identifier (URI)

A Uniform Resource Identifier is a unique sequence of characters that identifies a logical or physical resource used by web technologies. URIs may be used to identify anything, including real-world objects, such as people and places, concepts, or information resources such as web pages and books.

Universally unique identifier (UUID)

A number assigned to any type of data set or attribute to make it uniquely identifiable.

Vault

Verifiable Credential

(and so on for the remaining terms)

Verifiable Data Registry (VDR)

In the context of decentralised identity, is a place where Decentralised Identifiers (DIDs) can be anchored to.

Verifiable Presentation

Verification Request

See Presentation Request.

Verification Template

The defining properties of the resulting Presentation Request. Verification Templates generally include:

  • template name

  • purpose (reason for requesting the specified Credential(s))

  • Credential Schema(s)

Verification Templates can be used repeatedly to form the basis of many different Presentation Requests.

Verifier

Verifying Key

A well-known key link directly to a specific entity. Used to confirm signatures. Technically, it is a public asymmetric key.

Wallet

Wallet Holder

Zero Knowledge Proof(s) (ZKP)

In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party can prove to another party that a given statement is true while the prover avoids conveying any additional information apart from the fact that the statement is indeed true.

Zero Value Knowledge (ZVK)

A system that has no knowledge (by using end-to-end encryption) of the data value, whilst allowing metadata to be accessible to the service. Metadata might include a data label (such as "street_name"), or classifications (such as "home").

Combinations of are called Classification Schemes.

A persistent channel via which two entities can share information (e.g. , DIDs).

For a comprehensive understanding of "Credential(s)", please refer to the section.

A document that is used to guarantee the structure, and by extension the semantics, of the set of claims comprising a Verifiable Credential. A shared Credential Schema allows all parties to reference data in a known way. See .

Are AES256-GCM keys used to encrypted and decrypt user data. They are stored in the encrypted with the Key Encryption Key. It is possible for a user to have multiple Data Encryption Keys.

that associate a with a allowing trustable interactions associated with that subject. have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, the controller of a can prove control over it without requiring permission from any other party.

A group of related by a topic. Common examples of Items:

flight reservation The Slots in an Item are keyed by their name property and contain only encrypted values. Detailed documentation can be .

A predefined list of empty . Each Item is created by cloning a template and filling in the Slots with data. Detailed documentation can be .

Used to encrypt all other keys (Data Encryption Keys and Keypairs) before they are stored in the . The Key Encryption Key is encrypted with the .

A component within SVX. The Keystore enables users to store and manage their cryptographic keys. This is where the , , and the are stored along with the . All of the stored keys are encrypted with the KEK, except for the KEK itself, which is encrypted with the Passphrase Derived Key. No encryption is done in the Keystore; the Cryppo library aids in creating and using keys. Additional information can be .

Data derived from one or more , issued by one or more , that is shared with a specific . See reference .

Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a . Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where many different types of proofs may satisfy an input requirement. See reference .

Presentation Requests are transport mechanisms for . Presentation Requests can take multiple shapes, using a variety of protocols and signature schemes not refined in this specification. They are sent by a to a . Defining Presentation Requests is outside the scope of this specification. See reference .

In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed and form the basis of an X.509-based public key infrastructure (PKI). See reference .

In symmetric cryptography, a secret key (or "private key") is a piece of information or a framework used to decrypt and encrypt messages. Each party taking part in a transaction that is intended to be private possesses a common secret key. See reference . The secret key is a component of the authentication flow. The format for version 1 is as follows: {version}-{username}-{salt}. The username is generated by the server, and the salt is a 256-bit randomly generated key, which is base58 encoded and has a hyphen (-) at each 6th character. The salt component is created on the client and stored securely by the user. It is used to generate:

An encryption key with which to encrypt your .

A password that, along with a username, will be used for authentication.

An authentication method that sends proof that a user knows their password without revealing the actual password to the server. Additional information can be found .

The permissions an individual user or a computer application holds to read, write, modify, delete, or otherwise access a computer file; change configurations or settings, or add or remove applications. See reference . Within SVX, one can differentiate between two types of security rights:

Internal security rights, which uses to manage itself.

A Share is created when a user grants access to one of their to another user that they have with. The Item is re-encrypted with a and shared with the recipient of the Share. An Item you have received via a Share can be shared with another user, but you cannot alter any of its Slots. Only the original creator of the Item can update the Share, other than deleting it. Detailed documentation can be found .

A Slot is the smallest data entity in the . An Item is made up of Slots, which are defined by the name property. Each Slot has a name, a label, and a value. Slots are able to be shared after two users have made a with each other. Note that the API does not return the value property but encrypted_value. The API will not allow storing any unencrypted data in either value or encrypted_value. Slot values are always stored in an encrypted form, and only the user can decrypt and read them. Once encrypted and serialized, a Slot value of "BMW" would look something like this: "encrypted_value": "Aes256Gcm.2hDl.LS0tCml2OiAhYmluYXJ5IHwtCiAgQWQwSThDZk5qRnFycmFuMAphdDogIWJpbmFyeSB8LQogIDJXVklzbUxOSWVoOHZIVDB1ZzBtZVE9PQphZDogbm9uQQo=". Slots are typed, but the values cannot be checked to match the given type, as the API does not have decrypted keys for these items. Example Slot types are:

Meeco's proprietary platform. provides customers with the building blocks to deliver trusted networks.

An entity within . A Tenant is operated by Tenant Administrators and is responsible for the governance of its Tenancy participants (including Organisations and End-users).

A role within . Tenant Administrators are individuals (users) who have administrator access and permissions to operate a Tenant. A Tenant Administrator is responsible for the actions that take place within their Tenancy, including:

Meeco’s Vault is where users can store and Share the they create with Connections they establish. A Vault user’s data is end-to-end encrypted and is only accessible by them. Additional information can be found .

A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified. Verifiable credentials can be used to build , which can also be cryptographically verified. The in a credential can be about different . See reference .

A tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Certain types of verifiable presentations might contain data that is synthesized from, but do not contain, the original (for example, zero-knowledge proofs). See reference .

A role an performs by receiving one or more , optionally inside a for processing. Other specifications might refer to this concept as a relying party. See reference .

Software that enables the wallet’s controller (the end-user or Wallet Holder) to generate, store, manage and protect cryptographic keys and . It allows the person to take actions (e.g. accept and present credentials) and setup peer-to-peer communication.

An entity that stores and “owns” . A Wallet Holder’s Credentials are cryptographically signed with the Holder’s signing key in the ‘holder’ section of the .

Verifiable Credentials
reference here
URIs
DID subject
DID document
DIDs
DID
found here
Verifiable Credentials
Issuers
verifier
here
Holder
here
Presentation
Verifier
Holder
here
here
here
here
here
ATOM
SVX
SVX
SVX
verifiable presentations
claims
subjects
here
verifiable credentials
here
entity
Verifiable Credentials
Verifiable Presentation
here
Classification Node
Items
Slots
Templates
Classification Scheme
Classifications
Items
Keystore
Slots
found here
Slots
Keystore
Passphrase Derived Key
found here
Data Encryption Keys
Public/Private Keypairs
Key Encryption Key
Derivation Artefact
(aka Passphrase Derived Key (PDK))
Key Encryption Key (KEK)
Secure Remote Password (SRP)
here
Items
Connected
Data Encryption Key
Vault
Connection
here
Items
Verifiable Credentials
Verifiable Credentials
Verifiable Credential