HyperID Web3 Public Key Infrastructure (PKI) Service
HyperID provides innovative Web3 Public Key Infrastructure (PKI) Service as a part of its decentralized Web2<>Web3 identity and access management platform.
The PKI service offered by HyperID enables the creation, verification, and revocation of certificates within the Web3 ecosystems, projects, and dApps, utilizing the on-chain wallet address as the certificate's unique identifier. Furthermore, HyperID allows for the inclusion of public metadata and additional information that are linked to the certificate.
HyperID Web3 PKI and Certificate Authority (CA)
There are 3 types of Certificate Authorities (CA) within the platform:
- 1.The Enterprise Certificate Authority (CA) is responsible for managing the certificates of various enterprises like companies, projects, ecosystems, dApps, etc. A company representative can use their HyperID Enterprise account to create or revoke certificates for each application. The private part of the certificate can be stored internally or in the HyperID Authenticator, and the wallet used as a unique identifier can be connected and verified or created automatically through the HyperID wallet integration. The HyperID console enables companies to pass KYB verification for their account and share the KYB pass fact as additional information with the certificate. Optional fields such as Web 2.0 or Web 3.0 domains, email, description, and icon can also be shared with the certificate.In addition to certificate verification, the HyperID API provides applications with the ability to search for certificates using the wallet address, domain, email, or application ID, along with the extra information provided.
- 2.User CA is responsible for managing certificates of HyperID users, enables each user to create or revoke a certificate for any connected or created wallet using their HyperID Account. The private component of the certificate can be stored in the ledger of the HyperID Authenticator, which permits external applications to request signature for certain transactions or documents. Users can pass KYC verification either upon request of applications or independently. The HyperID console allows users to share their KYC status with their country of residence as supplementary information for the certificate. Additionally, there are several optional fields that users can share with the certificate, such as email, description, name, and icon. The HyperID API enables applications to retrieve certificates with user information, including wallet address, email, or UserID, in addition to verifying the user's certificate.
- 3.The management of certificates for HyperID users in a specific service space is handled by Service CA. These certificates can only be utilized by certain applications (services). Additionally, Service CA enables the creation of guest certificates, which are linked to wallets that are not yet fully registered in the system. This means that applications can generate or revoke certificates on behalf of users and handle the private components of the certificates according to their own business logic for each user. The process relies on wallets that are already connected to the user's account, and the application can access additional user information if the user grants consent.The Service CA API offers applications the ability to bind extra information (key-value pairs) to user certificates on behalf of the user.Possible use cases include:
- Protecting the exchange of cross-service data for a particular user with application certificates in HyperID.
- HyperChat application manages user certificates within its own CA space to create encrypted channels between users.
- Applications can ask users to sign documents or transactions using their own certificates through custom MFA requests.