Introduction

Why zkID Login

In the traditional 'Login Mechanism', users enter a password to log in. However, this Login Mode is inefficient and cannot reliably check the user's identity (for example, some website is oriented to zCloak Members, the website should check users' identity in the first place). So we designed zkID Login, which allows the Service Providers to add identity restrictions as they need, authenticating and allowing the user to LOGIN only if the user has a qualified Credential in the zkID Wallet that meets the requirements.

Advantage of zkID Login:

  • It is compatible with Verifiable Credentials issued by different institutions and provides a unified way of use.

  • With zkID Login, the Service Providers do not need to store user information in a centralized way, and only needs to check whether the credential used by users to login are valid.

  • Users could have full control over the information they share. Indeed, they can decide with whom to share, to what extent, every use of credential need user's permission.

  • As long as user allows, the Service Providers can have access to any credential owned by the user. They can obtain information by extracting them from credentials, which are attested by trusted attester. So, these information are more reliable.

Compared with Traditional Login Mechanism:

Tradition Login
zkID Login

Identifier

Account and Password

Verifiable Credential

Source of information

Filled by User manually (not reliable)

Extract from Verifiable Credentials (very reliable)

Storage of information

Stored by Service Providers in a centralized way

Hold by Users

Usage of information

Controlled by Service Providers (don't need User permission)

Controlled by Users themselves (need User permission)

Click here to learn more about some Basic Concepts and API-Reference.

DID Account Management

zkID Wallet helps manage users' DID Accounts (hereinafter called 'account')) in a secure way. User accounts can only be created via mnemonic phrase, but can be restored by mnemonic phrase and DID-Keys File (which is automatically generated after an account is created).

zkID Wallet allows users to own different accounts and to use each account's keys to sign and create a reliable communication channel with others by 'Message Encryption and Decryption'. The DID-Keys File contains several keys which have different functions and are generated under different signature scheme.

DID Accounts Backup

The DID-Keys File and mnemonic phrase should be stored and backed up properly. Losing the DID-Keys File will result in loss of one's identity data permanently.

VC Management

Verifiable Credential (VC) contains the user's detailed information. Once your credential is attested, you can import it into zkID Wallet at any time. The Verifiable Credential is a JSON File, which contains your personal details in plaintext. Users can check the credential details via zkID Wallet and use it to accomplish zkID Login process.

If Verifiable Credential is new to you, we highly recommend you to experience the whole VC Application Process in our Credential Platform. Or follow the guide to participate our latest event to obtain a 'zCloak Membership Credential'

VC Backup

In zkID Wallet, all VCs are protected under Storage Encryption, which means that every use of VC needs decryption. At this stage, to make it easier for users to migrate their VCs to other storage tools, zkID Wallet temporarily export VCs in plaintext.

So, Users MUST store VCs safely to avoid information leakage.

Blockchain Connection

'Users can store verifiable credential in any location, without affecting their verifiability and without the issuer knowing anything about where they are stored or when they are accessed.'

-- Verifiable Credentials Data Model v1.1

With this excellent property of VC, zCloak Network deploys the system on mutiple blockchain networks. Theoretically speaking, no matter which blockchain you are on, as long as you're the owner of Credential (which can be verified through cryptographic methods), you can use that credential on any blockchain you like.

Now, the system is deployed on an unique VDR(Verifiable Data Registry) -- Arweave. Arweave is a distributed, cryptographically verified permanent archive built on a cryptocurrency that aims to provide permanent data storage. It allows users to pay once and store their data permanently on the Arweave network.

It is worth mentioning that, zCloak Network has launched its own DID Method(ZK Method) and VC Protocol. More details about DID and VC Protocol are represent in the next section.

Last updated