Decentralized Storage

Our solution utilizes decentralized storage mechanisms for both on-device credential storage and optional backup & recovery functionalities.

1. On-Device Credential Storage:

The solution prioritizes user control over their credentials. While the private keys used for signing VCs are securely stored within the HRoT, the actual verifiable credentials themselves may be stored locally on the user's device. This allows for:

• Offline Access: Users can access and present their VCs even when they are not connected to the internet.

• Improved User Experience: Faster access to credentials without relying on network connectivity.

Security Considerations:

• Device Security: While convenient, on-device storage requires robust device security measures. Hence, we have implemented strong encryption for stored credentials and potentially password or biometric protection for accessing them in the future.

• Loss of Device: If a user loses their device, the stored credentials might be compromised. This highlights the importance of offering optional backup and recovery mechanisms.

2. Backup and Recovery with Decentralized Storage (Optional):

The solution can optionally integrate with decentralized storage solutions like IPFS (InterPlanetary File System) to provide a secure backup and recovery mechanism for user wallets:

• User Choice: Users can opt-in to back up their credentials (excluding the private keys) to their chosen IPFS node or a user-controlled cloud storage solution.

• Encrypted Backups: The backed-up credentials are encrypted using a PIN that's tied to the user's key pair stored within the HRoT. This ensures access requires both the user's PIN or the specific key pair (lost with the phone).

• Recovery on New Device: If a user loses their device, they can restore their credentials on a new device by accessing the encrypted backups stored on IPFS or their chosen cloud storage.

  • New DID with Continuity: While restoring credentials, a new DID might be generated on the new device. However, this new DID can be linked to the previous DID for continuity within the SSI ecosystem.

Advantages of IPFS for Backup:

• Decentralization and Resilience: Unlike centralized storage providers, IPFS offers a more resilient and censorship-resistant storage solution by distributing data across a network of nodes.

• Data Availability: Backups stored on IPFS are less susceptible to data loss or service disruptions compared to centralized storage solutions.

• User Control: Users retain control over their backup data stored on IPFS, aligning with the core principles of SSI.

Limitations:

• User Responsibility: Users are responsible for managing their encryption PINs and ensuring the security of their chosen cloud storage provider (if not using IPFS).

• Potential Network Connectivity: Restoring credentials from IPFS might require an internet connection to access the decentralized network.

TrustGrid offers a balance between on-device credential storage for convenience and optional decentralized storage for backup & recovery. Users can choose the approach that best suits their needs and risk tolerance. By leveraging HRoT for secure key storage, on-device encryption for credentials, and IPFS for optional backups, our solution aims to empower users with control over their identities while providing robust security mechanisms.