A Platform Built on Privacy and Trust

Our architecture is designed from the ground up to protect user privacy while providing businesses with the cryptographic certainty they need. Here's a look under the hood.

1. The User Wallet: Control in the User's Hands

The foundation of Surely is the user's digital wallet. When a user signs up, they go through a robust, one-time identity verification process with their government-issued ID. The verified attributes (like their date of birth) are then encrypted and stored exclusively on their mobile device. We never hold a copy on our servers. This principle of self-sovereign identity means the user is always in control of their data.

2. The Verification Flow: A Secure, Ephemeral Handshake

When a user needs to prove their age, a direct, secure channel is established between their wallet and your website. The QR code initiates a request for a specific proof, not for data. The user's wallet app then generates a one-time, cryptographically signed "Verifiable Presentation" and sends it directly to your system. This proof is ephemeral and contains no personal information—only the confirmation you requested.

[Detailed Flow Diagram: User Scan -> VP Generation -> Polling Update -> Verified]

3. The Decentralized Trust Layer: The "Digital Notary"

How can you trust a proof without talking to us? This is where our decentralized trust layer comes in. Think of it as a global, digital notary's logbook. Trusted identity issuers (like our verification partners) publish their official "digital signatures" to this public ledger.

When you receive a proof, your system can independently check this public logbook to verify that the credential was signed by a legitimate issuer and hasn't been tampered with. This provides cryptographic certainty without creating a central database of users, which is a massive win for security and privacy.

4. Core Architectural Principles

  • Scalability: Our stateless backend architecture is built to handle tens of thousands of concurrent verifications without compromising performance.
  • Security: We rely on open, audited cryptographic standards (W3C Verifiable Credentials and DIDs) to ensure proof is unforgeable.
  • Privacy by Design: The principle of "data minimization" is built into our DNA. We've architected the system so that we, and you, learn the absolute minimum necessary to complete the verification.