UbID Issuer
Secure Credential Creation
UbID Issuer is the trusted component of the UbID ecosystem responsible for creating and distributing identity credentials. It operates under strict cryptographic and privacy principles, ensuring that private keys remain entirely under user control. The Issuer never stores, accesses, or transmits private keys — they are generated and held locally within the user’s browser.
Security & Privacy by Design
UbID Issuer is built on a zero‑trust architecture.
Private keys are never stored server‑side; instead, they are generated and managed locally through Progressive Web App (PWA) technology. This guarantees that credential issuance happens securely, without compromising user sovereignty.
Key Principles:
Local Key Generation
Keys are created and stored only in the user’s browser.
No Server Storage
UbID Issuer never retains private keys or sensitive identity data.
Cryptographic Integrity
All credential issuance follows standards‑compliant, verifiable cryptographic protocols.
Privacy Compliance
Designed to align with GDPR, ISO/IEC 29100, and emerging digital identity frameworks.
Blockchain Anchoring
The UbID Issuer domain name is cryptographically anchored to a blockchain address, providing immutable traceability and verifiable authenticity of the service endpoint.
How It Works
- User Initiates Credential Request
- The user interacts with UbID Issuer through a secure browser session.
- Local Key Generation
The user’s browser generates a private key locally — never transmitted to the server. - Credential Issuance
UbID Issuer signs and delivers the credential using the public key, ensuring authenticity without accessing private data. - Blockchain Traceability
The Issuer’s domain is anchored to a blockchain address, allowing institutions and users to verify the origin and integrity of the service. - Vault Integration
The credential is stored and managed securely within UbID Vault, maintaining full user control.
Architecture Diagram
UbID Issuer provides credentials, while your browser generates and stores keys locally. The Issuer never sees or stores private keys. Blockchain anchoring ensures verifiable traceability of the Issuer domain.
Blockchain‑Anchored Domain
UbID Issuer’s domain name is cryptographically anchored to a blockchain address. This immutable link provides verifiable proof of origin, ensuring that institutions and users can always confirm the authenticity of the Issuer service endpoint. By combining credential issuance with blockchain traceability, UbID strengthens institutional trust and protects against spoofing or fraudulent endpoints.
Anchored in blockchain. Verified by design.
Institutional Trust & Compliance
UbID Issuer is designed for institutions that require verifiable, privacy‑preserving identity issuance.
It supports interoperability with open standards such as W3C Verifiable Credentials, DIDComm, and OpenID Connect for Verifiable Presentations.
Institutional Benefits:
• Standards‑aligned credential issuance
• Zero exposure of user private keys
• Blockchain‑anchored domain for traceability and auditability
• Seamless integration with UbID Vault and verifier apps
• Transparent compliance mapping for audits and certification
Built on trust: Keys never leave your device.
UbID Issuer embodies the principle of user sovereignty. By ensuring that private keys remain local and by anchoring its domain to a blockchain address, it delivers a secure, compliant, and traceable foundation for digital identity issuance — trusted by institutions, protected for individuals.