Overview

CertiShop's backend architecture is built to simplify the complexities of issuing and verifying digital certificates while ensuring compliance with global standards like eIDAS and W3C protocols. At its core, the CertiShop backend abstracts the intricacies of Decentralized Identity (DID) protocols, digital wallets, and blockchain transactions, providing organizations with a streamlined, frictionless experience. Here’s a breakdown of how our backend is structured:

1. Abstraction Layer

The foundation of CertiShop's backend is an abstraction layer that sits on top of multiple DID protocols. This layer is responsible for:

• Protocol Agnosticism: It interfaces with various DID protocols (such as walt.id, which we currently use) and ensures compatibility with global standards like W3C Verifiable Credentials, ISO digital driving licenses, and more.

• Simplification: Organizations don’t need to manage the complexity of DID protocols, wallet keys, or blockchain interactions. The abstraction layer handles all of this behind the scenes, allowing organizations to focus on issuing and verifying certificates with ease.

• Flexibility: The abstraction layer is designed to support future integrations with additional DID protocols and standards, ensuring CertiShop remains adaptable as the digital identity ecosystem evolves.

2. DID Protocol Integration

CertiShop currently uses walt.id as the primary DID protocol for issuing and verifying certificates. This protocol provides the following benefits:

• Trust and Security: Certificates issued via CertiShop are backed by strong cryptographic standards that ensure their authenticity and integrity.

• Chain of Trust: The DID protocol ensures that certificates can be verified across different platforms and jurisdictions, maintaining the chain of trust for any verifiable credential.

• Compliance: walt.id enables CertiShop to stay compliant with eIDAS 2 and other global digital identity regulations, ensuring that all certificates are legally binding and verifiable.

3. Wallet and Transaction Management

CertiShop operates as a wallet and transaction manager for both organizations and end users. Our backend handles the following:

• Wallet Operations: CertiShop automates the creation and management of wallets needed to issue and verify digital certificates. Organizations don’t need to manually manage wallet keys, which drastically reduces friction.

• Transaction Management: CertiShop also manages the necessary blockchain transactions associated with issuing and verifying certificates. This includes handling smart contracts to establish Certificate Authorities onchain,issuing certificates, verifying identities, and maintaining the integrity of the issued certificates within the decentralized system.

• User-Friendly: By abstracting wallet and transaction management, CertiShop ensures that users and organizations experience minimal friction when interacting with digital identity technologies.

4. Verifiable Credentials

CertiShop’s backend is designed to issue Verifiable Credentials (VCs) in compliance with W3C standards. These credentials are:

• Tamper-proof: Backed by blockchain-based cryptography, making them impossible to alter without invalidating the certificate.

• Portable: End users can store their credentials in any compliant digital wallet, giving them control over their data while maintaining trust and verifiability.

• Revocable: Organizations can easily revoke or update issued certificates, ensuring that credentials are always current and accurate.

5. Certificate Issuance and Verification Flow

Here’s how the issuance and verification process works:

• Issuance: When an organization issues a certificate through the platform or the API, CertiShop’s backend generates a Verifiable Credential (VC) using the selected DID protocols. The certificate is securely stored and can be accessed by the recipient via email or a digital wallet.

• Verification: WallID certificates come with an embedded QR code and a verification link that allows for instant validation of the certificate. When the QR code is scanned or the link is accessed, the verification route in our API is called, which redirects to the correct protocol. The system then checks the underlying cryptography to confirm the authenticity of the certificate. This ensures that the document is verifiable and tamper-proof, providing secure and trusted verification for all parties involved.