Encrypted Virtual Channel

Learn how HyperID implements Encrypted Virtual Channel
An Encrypted Virtual Channel (EVC) is a type of communication channel that enables secure data transmission between two endpoints in a network.
The EVC is established by encrypting the data using a cryptographic algorithm to ensure that it cannot be intercepted or accessed by unauthorized entities. The encryption ensures that the data remains confidential, and prevents any potential eavesdropping, interception, or tampering of the data being transmitted.
The virtual aspect of the EVC refers to the fact that it is a logical connection between the two endpoints, rather than a physical connection. This allows the two endpoints to communicate securely over any network, whether it is a local area network (LAN), a wide area network (WAN), or even the internet.

EVC in HyperID

To enhance the user's privacy, HyperID establishes an encrypted virtual channel between the SP Frontend (user's device) and HyperID for each authentication session. This virtual channel is protected by encryption, which ensures that sensitive user data can be transferred between HyperID and the user's device without the need to rely on the trustworthiness of the SP Backend.
By encrypting the virtual channel, the SP Backend is prevented from accessing or decrypting any of the sensitive data being transmitted between the HyperID and the SP Frontend.
An important use case for Encrypted Virtual Channels (EVCs) is the utilization of Multi-Party Computation (MPC) for generating encryption keys. In this scenario, the user receives one of the key shadows from HyperID, ensuring that the SP Backend cannot intercept this shadow. This means that only the user's device possesses the necessary key shadows and the ability to reconstruct the encryption key.
Detailed information on how Encrypted Virtual Channels (EVCs) are established is provided in the Authentication chapter.