Security & Trust
Security by Design.
Not by Policy.
ONEPROOF's architecture enforces security at the protocol level through cryptographic verification, deployment isolation, and strict adherence to ISO 18013-5 and ISO 18013-7. There is no security toggle. It is built into every layer.
Pillar 1: Cryptographic Model
Cryptographic Verification No PII in Transit
ONEPROOF verifies identity by validating cryptographic signatures, not by transmitting or storing Personally Identifiable Information. Verification happens at the protocol layer.
COSE Based Signing at Issuance
Credentials are issued with cryptographic signatures using COSE (CBOR Object Signing and Encryption). Any tampering invalidates the signature.
Signature Verification Only
Verification confirms the signature against the issuing authority's public key. No raw PII is transmitted to an ONEPROOF server during verification.
Selective Disclosure at Protocol Level
Verifiers receive only the fields explicitly requested and consented to by the credential holder. Field level privacy is enforced by the ISO standard, not by policy.
Zero On Device Logging
No credential content is written to device logs or storage during verification. The protocol is designed to leave no data residue on the verifier.
ISO 18013-5 and ISO 18013-7 define the cryptographic model. ONEPROOF implements these standards without extensions independently verifiable no proprietary behavior.
Pillar 2: Deployment Isolation
Your Data Stays Yours
ONEPROOF supports deployment models that eliminate cloud dependencies entirely. For government and defense deployments, no credential data ever traverses a public network.
Pillar 3: Standards Compliance
Standards Compliance as a Security Guarantee
ISO standards are independently specified and internationally reviewed. Adherence to ISO 18013-5 and ISO 18013-7 means security guarantees are not proprietary they are externally verifiable by any party.
Specifies the cryptographic model, data elements, and transport protocols (BLE, NFC) for Mobile Driver Licenses. All ONEPROOF issuance, wallet, and in person verification layers implement this standard fully.
Specifies online presentation of mobile credentials via three normative annexes: Annex A (Device Retrieval), Annex B (OID4VP), and Annex C (Digital Credentials API). ONEPROOF's Server SDK implements all annexes with no proprietary extensions.
Aligns with the W3C and IETF specification for verifiable credential presentation. Enables interoperability with the broader digital identity ecosystem via ISO 18013-7:2025 Annex B.
Strict standards only implementation. No undocumented protocol behavior. Every security guarantee is traceable to a published, internationally reviewed specification.
Standards Aligned. Partner Ready.
Questions About Our Security Architecture?
Our technical team is available to walk through the cryptographic model, deployment isolation options, and compliance documentation.
Talk to Our Security Team