🛠️
Technical Documentation
  • Introduction
    • About Empeiria
  • Empe Blockchain
    • Overview
    • Chain Architecture
      • Auth
      • Authz
      • Bank
      • Distribution
      • Governance
      • Staking
      • IBC
      • DidDoc
      • Vesting
      • Minter
  • EVDI
    • EVDI Architecture
    • Self-Sovereign Identity
      • Technical Foundations
      • Roles in the SSI framework
      • Protocols and Standards
  • User Guide
    • Empe DID Wallet
      • Intro
      • Download and first launch
      • Create or import did
      • Main screen overview
      • How to claim credential from issuer
      • How to use credential with verifier
      • Settings and other options
    • Keplr Wallet and Blockchain Operations
      • How to Connect Keplr Wallet
    • Ping Pub operation
    • Staking Tokens Guide
    • Voting on Governance Proposals Guide
    • Sending Tokens Guide
  • Developer Guide
    • Tutorial: Credential Issuance & Verification
      • Overview
      • Understanding Key Concepts
      • Project Setup
      • Deploying the Issuer
      • Uploading the Credential Schema
      • Issuing Credentials
      • Frontend for Credential Issuance
      • Testing Credential Issuance
      • Deploying the Verifier
      • Setting Up the Verification Flow
      • Creating a Verification Endpoint
      • Creating a Protected Dashboard
      • Testing the Verification Flow
      • Summary & Next Steps
    • One-click deployment
      • Introduction
      • Registration
      • Login
      • Creating an Issuer
      • Issuer Data Description
      • Creating a Verifier
      • Verifier Data Description
    • Verifier
      • Terminology and Concepts
      • Architecture Overview
      • Core Responsibilities
      • Query Language
      • Frontend Integration
      • Client Configuration
      • Security Considerations
      • Error Handling and Troubleshooting
      • Future Enhancements
      • References and Standards
      • FAQ
    • Issuer
      • Terminology and Concepts
      • Architecture Overview
      • Core Responsibilities
      • DID Document Management
      • Schemas Management
      • Issuing Credentials
      • Interacting with Wallets
      • Security Considerations
      • Error Handling and Troubleshooting
      • Future Enhancements
      • References and Standards
      • FAQ
    • Wallet SDK (Coming soon)
    • Introduction to cosmwasm
  • Validator Guide
    • Important links
    • Validators Guide
      • New validator
      • Hardware requirements
      • Required software installation
      • Go installation
      • Install prebuild binary
      • Install binary from source code (option B)
      • Configure a node
      • Cosmovisor setup
      • Sync with state-sync
      • Full state sync from archive snapshot
      • Latest snapshot
      • Run a Validator
      • Migration to v0.2.2
      • Migration to v0.3.0
    • FAQ
  • Appendix
    • Glossary
Powered by GitBook
On this page
  1. Developer Guide
  2. Verifier

Security Considerations

Security is central to the Verifier’s design, ensuring trust and privacy throughout the verification process:

  1. Transport Security: All communication occurs over HTTPS, safeguarding data in transit.

  2. Nonce and State Parameters: Verification requests incorporate unique, time-bound values to prevent replay attacks.

  3. Client Authentication: The clientSecret authenticates the relying party to the Verifier Service. Store it securely and never expose it client-side.

  4. Credential Integrity: The Verifier checks cryptographic signatures and DID Documents, rejecting credentials that fail authenticity or integrity checks.

  5. Minimal Data Exposure: The Verifier only processes essential data. It does not store unnecessary information, preserving privacy.

  6. Monitoring and Logging: Maintain logs and monitor for suspicious activities, such as repeated failed verifications.

  7. Error Handling: Avoid exposing sensitive details in error responses. Provide generic user-facing messages and log technical details internally.

By following these security practices and integrating them into your application’s operations, you maintain a robust, trusted environment for all stakeholders.

PreviousClient ConfigurationNextError Handling and Troubleshooting

Last updated 4 months ago