Compliance with Regulatory Rules on User Data
Information about storage, use, and protection of user data
Privacy regulations, such as GDPR, require service providers to take steps to protect user data and mitigate the risk of a data breach, as well as provide users with the ability to revoke a service provider's access to their personal data.
HyperID provides a comprehensive solution for service providers to meet regulatory rules and enhance users safety.
First, it allows service providers to authenticate users without managing passwords or any other similar data. From the other side, HyperID empowers users to retain full control over their personal information, including their encryption keys. Users have the ability to revoke, delete, or deny service provider's access to their data at any time.
In advance, HyperID achieves privacy and security of user data through a unique approach to data encryption. Service providers only store encrypted data, while HyperID manages the encryption keys in a distributed manner by utilizing HyperSphere Multi-Party Computations (MPC) Nodes. This ensures that the encrypted data is separated from the encryption keys, and users have complete control over accessing the encryption keys with the ability to revoke access at any time. MPC technology usage eliminates the risk of a single point of failure and enhances the security of the encryption process.
.png?alt=media&token=cc787eb9-ea93-432e-a93d-256ec076a970)
Protecting data inside service provider storage
Users grant service providers permission to access their encryption key shadows, and confirm access for each specific use case through a HyperID MFA application. The encryption key is reconstructed on-site immediately before usage and is neither transmitted via transport protocol nor stored in any data storage, preventing any interception or theft of the key.
HyperID uses the same approach to secure user devices by encrypting data. For example, this can be used to encrypt the wallet's private key or seed phrase, if they are stored on user's device.
Protecting data on user's device
Users must authorize in both the service provider and HyperID to obtain key shadows directly on user's device for reconstructing encryption key.
Neither HyperID nor the service provider has access to the full key or the ability to reconstruct it. Each party only possesses its own key shadow.
When the authorized user needs to access the data, the encryption key is reconstructed to decrypt the data directly before use on user's device. After use, the data and key are immediately forgotten. In the case of a wallet, the wallet key must be reconstructed only before signing the transaction.