SYSTEM ARCHITECTURE & PROTOCOLS
STATELESS INFRASTRUCTURE FOR ZERO-KNOWLEDGE TRUST
Technical documentation, architectural models and white papers describing Trustvestor’s integration into the eIDAS 2.0 ecosystem.
Explore how our protocols provide Selective Disclosure and mathematical certainty, eliminating the risk of centralized data storage.
The Routing Paradigm: Infrastructure without "Honeypot" Risk
The Status of a Transit Node
Trustvestor’s architecture is designed as a decentralized cryptographic router. Similar to the “White Merovingian” in conceptual network models, we hold the validation keys and manage the transit of trust between the Data Issuer and the Data Verifier, but our system is stateless with respect to the raw data of the Data Subject.
Isolation of attack vectors
We do not aggregate personal data. When an authentic source issues a QEAA/EAA, our infrastructure generates the cryptographic proof (SD-JWT or mDOC) and routes it to the user’s EUDI wallet. Trustvestor does not retain a copy of the attribute itself, reducing the regulatory risk (GDPR) for our customers to an absolute minimum.
Standards and Interoperability
OpenID4VCI & OpenID4VP
Full support for OIDC-based protocols defined by the European Commission.
Guaranteed standardized interface for issuing attestations to EUDI wallets (OpenID4VCI) and their presentation to verifying parties (OpenID4VP) with built-in protection against replay attacks.
SD-JWT & ISO 18013-5 (mDOC)
Support for JSON Web Tokens with Selective Disclosure (SD-JWT), allowing the Subject to hide specific fields from the verifier.
For specific mobile scenarios, we also support the mDOC format with CBOR encoding, according to the ISO standards for mobile certificates.
Cloud QSCD & Evolving Trust Frameworks
While the ARF explicitly requires a Level of Assurance (LoA) of “High” for QEAAs, the final EUCC certification schemes for Cloud Qualified Signature Creation Devices (Cloud QSCD) are still in the process of ratification at the European level. Trustvestor’s infrastructure is “crypto-agile” – designed to integrate these Hardware Security Modules (HSMs) immediately after the publication of the final standards by ENISA.