Digital Signature Mechanism

Tonomy ID integrates a sophisticated digital signature mechanism using fully non-custodial keys. This system accommodates diverse data formats, security protocols, and proof types to cater to a comprehensive spectrum of use cases.

The signature process is subject to the discretion of the application developer, who decides on the following parameters based on the application's specific needs:

  • Request Format: This involves choosing the format of the data requiring a signature, ranging from raw data, W3C verifiable credentials, standard documents (e.g., PDFs), smart contract transactions, to simple messages.

  • Signing Process: This determines the flow and security-usability balance of the signature. Options include in-app signing (generated during Single Sign-On, ideal for games or low-security transactions), multifactor authentication (for higher security, involving additional authentication like PINs or biometrics), and smart NFT technology (for offline or non-phone digital signatures using NFT-smart cards or hardware security wallets).

  • Multi-Factor Authentication: If enabled, users undergo additional steps based on the requested challenges, each offering varying security guarantees. For instance, a PIN challenge provides a "proof of knowledge," whereas a biometric challenge offers a "proof of person."

  • Proof Type: Developers can select from various digital signature proof types. The default is Elliptic Curve Digital Signatures (ECDSA), with options for an eiDAS Qualified Electronic Signature (QES) for EU-recognized signatures or Selective Disclosure Proofs for enhanced data privacy.

Crucially, the private keys used in these digital signatures remain under the user's control, ensuring maximal security and privacy for users and applications.

For further details, please refer to the Digital Signatures section of the Tonomy ID White Paper.

https://www.canva.com/design/DAFnktNOWKU/Ps1zXw3XICaEMiB0R4Ghkg/view

Last updated