Government Infrastructure

KeyShare Digital ID Platform.

Credential issuance. Verification. Trust governance. Workflow orchestration. Sovereign deployment. Offline-first.

Request a Government Briefing See the Government Solution
Full lifecycleIssuance → Revocation
3Credential Formats
< 2 secOffline Verification
3Deployment Topologies
Overview Architecture Services Lifecycle Offline Deployment APIs SDKs Security Standards Specs Resources FAQ

Not a technical evaluator? Start here.

The Digital ID Platform is the technology foundation behind the KeyShare for Government solution. This page is for technical teams evaluating the platform's architecture, components, and integration model. For the business case — sovereign ownership, offline-first verification, workflow-driven ecosystems, and deployment partnerships — visit the Government Solution page.

Overview

The sovereign credential infrastructure for national identity ecosystems.

The KeyShare Digital ID Platform is a modular, sovereign-deployable platform for national-scale credential ecosystems. It handles the full credential lifecycle — issuance, presentation, verification, revocation, backup, and recovery — across multiple credential formats, multiple verification modalities, and multiple deployment topologies.

The platform comprises seven core services organized in a three-layer architecture with clear ownership boundaries between the government, the deployment partner, and KeyShare. Open standard interfaces at every layer boundary ensure no vendor lock-in at any level of the stack.

The platform is not a wallet. It is not an issuance engine. It is the complete infrastructure layer that connects issuers, holders, and verifiers within a governed trust framework — and enables any organization to participate through a standard integration model.

Platform Architecture

Three-layer architecture. Clear ownership boundaries.

The platform is structured in three layers, each with distinct ownership, deployment, and auditability characteristics.

APPLICATION LAYER Deployed per-country by deployment partner

Contains

Citizen wallet apps (Android, iOS), Ecosystem Management Portal, Organization Integration Bridge

Deployment

Deployed per-country by deployment partner

Code Availability

Source code provided to government for security audit

SERVICE LAYER Sovereign infrastructure — government servers

Contains

Credential Issuance Engine, Verification Engine, Trust Governance Service, Workflow Engine, Message Routing, Holder Agent Service

Deployment

Within sovereign infrastructure — government's servers or government-controlled cloud

Code Availability

Source code provided to government for security audit

PLATFORM LAYER Sovereign infrastructure

Contains

Cryptographic primitives, HSM integration, secure storage, protocol implementations, Mobile SDKs

Deployment

Within sovereign infrastructure

Code Availability

Compiled binaries with API documentation. Crypto components available for third-party audit under NDA.

Why this layering matters

Clear ownership

The government owns and operates the service and application layers. KeyShare maintains the platform layer.

Independent audit

The government's CISO can scope an audit at the application and service layers without requiring access to cryptographic implementations.

Vendor replaceability

Open standard interfaces between layers mean any layer can be replaced independently without rebuilding the stack.

Core Services

Seven services. One governed ecosystem.

Credential Issuance Engine

Issues verifiable credentials to citizens on behalf of authorized organizations. Multi-format: W3C VC, SD-JWT, mDoc.

Verification Engine

Verifies credential presentations — online or offline. Three modalities: QR, NFC/BLE, barcode. Under 2 seconds offline.

Trust Governance Service

Manages the trust framework — who can issue, who can verify, under what policies, with what attestations.

Workflow Engine

Zero-code extensibility. New credential types and organization interactions without platform code changes.

Holder Agent Service

Manages the citizen's credential wallet — storage, presentation, backup, recovery, and delegated access.

Integration Bridge

Connects external organizations — government agencies, banks, hospitals, universities — to the platform ecosystem.

Message Routing Service

DIDComm v2 encrypted messaging between platform components and between organizations and citizen wallets.

Ecosystem Management Portal

Web-based administration for trust framework management, ecosystem governance, and platform monitoring.

Credential Issuance Engine

Issues verifiable credentials to citizens on behalf of authorized organizations.

Capabilities

  • Multi-format issuance: W3C Verifiable Credentials (v1.1/v2.0), SD-JWT VC, ISO 18013-5 mDoc
  • Protocol: OIDC4VCI (OpenID for Verifiable Credential Issuance)
  • Batch issuance for population-scale programs
  • Credential schema management — define, version, and publish
  • Issuer authorization enforcement via trust chain attestations
  • Supports deferred issuance (credential preparation before citizen enrollment)

Interfaces

  • → Trust Governance Service
  • → Holder Agent Service
  • → Workflow Engine

Verification Engine

Verifies credential presentations from citizens — online or offline.

Capabilities

  • Multi-format verification: W3C VP, SD-JWT presentation, mDoc device retrieval
  • Protocol: OIDC4VP (OpenID for Verifiable Presentations)
  • Three offline modalities: QR scan, NFC/BLE proximity, high-density barcode
  • Offline verification in under 2 seconds — no network round-trip
  • Automated verification terminals (RP Mode): unattended, no human operator
  • Selective disclosure enforcement
  • Revocation status checking (online: real-time; offline: cached status list)

Interfaces

  • → Trust Governance Service
  • → Credential Issuance Engine

Trust Governance Service

Manages the trust framework — who can issue, who can verify, under what policies.

Capabilities

  • Hierarchical trust chains: root authority → intermediate → issuers/verifiers
  • Verifiable accreditations: machine-readable attestations
  • Machine-readable governance policies with automated enforcement
  • Attestation lifecycle management: issue, renew, revoke, suspend
  • Trust framework versioning and migration
  • Based on the EBSI trust chain model, adapted for multi-country deployment

Interfaces

  • → Credential Issuance Engine
  • → Verification Engine
  • → Ecosystem Management Portal

Workflow Engine

Zero-code extensibility — new credential types and organization interactions without platform code changes.

Capabilities

  • Workflow definition: schema + rules + consent steps + format + delivery channel
  • Runtime workflow rendering in the citizen wallet — no wallet update required
  • Event-driven, scheduled, or manual trigger conditions
  • Multi-step workflows with conditional branching
  • Workflow versioning with backward compatibility
  • Organization-defined workflows deployed independently

Interfaces

  • → Credential Issuance Engine
  • → Holder Agent Service
  • → Integration Bridge

Holder Agent Service

Manages the citizen's credential wallet — storage, presentation, backup, recovery, and delegated access.

Capabilities

  • Credential storage with device-level encryption (iOS Keychain / Android Keystore)
  • Selective disclosure: citizen controls which claims to share
  • Consent management: explicit citizen approval before every share
  • Backup and recovery: encrypted cloud backup with citizen-controlled recovery keys
  • Delegated Agent Mode: authorized field agents facilitate operations on behalf of citizens without smartphones
  • Custodian wallet model: institutional credential management for assisted access

Interfaces

  • → Credential Issuance Engine
  • → Verification Engine
  • → Workflow Engine
  • → Mobile SDKs

Organization Integration Bridge

Connects external organizations to the platform ecosystem.

Capabilities

  • Standardized integration specification
  • REST API with webhook callbacks for event-driven integration
  • Pre-built adapters for common systems (civil registries, health info systems, core banking)
  • Organization-scoped configuration: credential types, workflows, data mapping
  • Independent deployment: each organization deploys its own bridge instance
  • No platform changes required when a new organization connects

Interfaces

  • → Workflow Engine
  • → Credential Issuance Engine
  • → Trust Governance Service

Message Routing Service

Routes encrypted messages between platform components and between organizations and citizen wallets.

Capabilities

  • Protocol: DIDComm v2
  • End-to-end encrypted messaging between any two platform participants
  • Store-and-forward for offline participants
  • Message priority and delivery guarantees
  • Supports real-time and asynchronous communication patterns

Interfaces

  • → All services (inter-service)
  • → Holder Agent Service
  • → Integration Bridge

Ecosystem Management Portal ADMINISTRATION

Web-based administration interface for trust framework management, ecosystem governance, and platform monitoring.

Capabilities

  • Organization onboarding: register, issue attestations, assign permissions
  • Credential schema governance: define, version, publish, deprecate
  • Trust framework administration: trust chains, policies, hierarchies
  • Platform monitoring: service health, issuance volumes, verification activity
  • Audit log access: searchable event log for compliance and investigations
  • Role-based access control for platform administrators

Interfaces

  • → Trust Governance Service
  • → Credential Issuance Engine
  • → All services (monitoring)
Credential Lifecycle

Full credential lifecycle. Six stages.

1
Schema Definition

Organization defines credential schema — data fields, format, validation rules, consent requirements. Published to the trust framework.

Trust Governance · Workflow Engine

2
Issuance

Authorized organization issues credential to citizen via OIDC4VCI. Multi-format: same data, different container depending on use case.

Issuance Engine · Holder Agent

3
Storage

Credential stored in citizen's wallet with device-level encryption. Encrypted cloud backup. Citizen holds the cryptographic keys.

Holder Agent · Mobile SDKs

4
Presentation

Citizen presents credential to verifier with selective disclosure. Three offline modalities: QR, NFC/BLE, barcode. Protocol: OIDC4VP.

Verification Engine · Holder Agent

5
Verification

Verifier checks signature chain, revocation status, policy compliance, issuer authorization. Online: real-time. Offline: sub-2-second.

Verification Engine · Trust Governance

6
Revocation / Suspension

Issuing organization revokes or suspends a credential. Status propagated to verifiers. Online: immediate. Offline: next sync cycle.

Issuance Engine · Holder Agent

Additional lifecycle operations: Credential renewal, backup and recovery (citizen restores to new device), and credential portability (standard export formats for wallet migration).

Offline Architecture

Offline-first — not offline-capable.

Designed for environments where network connectivity is intermittent or absent. Offline operation is a core architectural capability, not a degraded mode.

How offline verification works
1

Trust data pre-loading

When online, the device downloads revocation status lists, issuer public keys, governance policies, and verifier authorization. Cryptographically signed and time-stamped.

2

Autonomous operation

Offline, the device verifies using cached trust data: signature validation, revocation check, issuer authorization, and policy compliance. All local — no network round-trip.

3

Sub-2-second verification

Offline verification completes in under 2 seconds across all three modalities (QR, NFC/BLE, barcode). No server contact required.

4

72-hour tolerance window

Devices operate autonomously for up to 72 hours offline (configurable). Higher-security deployments set shorter windows; low-connectivity environments can extend.

5

Incremental re-sync

When connectivity returns, only changed trust data is downloaded — not the full package. Automatic and transparent to the operator.

Offline capability by component
ComponentOffline Capability
Verification EngineFull — all three modalities work offline
Credential Issuance EngineDeferred — credentials queued, delivered when citizen device is next online
Holder Agent ServiceFull — storage, presentation, and selective disclosure work offline
Trust Governance ServiceCached — trust data pre-loaded; updates applied at next sync
Workflow EngineCached — workflow definitions pre-loaded; new workflows at next sync
Integration BridgeStore-and-forward — events queued and delivered at next sync
Deployment

Three deployment topologies. One platform.

CENTRALIZED
Single Sovereign Data Center

Countries with reliable national infrastructure, single operational team.

Simplest to operate. Single point of administration. All services co-located.

DECENTRALIZED
Regional Data Centers

Large countries with regional governance, distributed operations.

Regional autonomy with central trust governance. Each region operates independently; trust synchronized centrally.

HYBRID
Core + Edge

Countries with urban connectivity but rural gaps.

Issuance and trust governance centralized; verification terminals at edge locations with offline capability.

Shared deployment characteristics

Sovereign infrastructure: Deploys within the government's own servers. KeyShare does not host production.

Container-based: Docker/OCI containers on Kubernetes. Infrastructure-agnostic.

Configuration-driven: Country-specific parameters without code changes.

Government-controlled updates: Review, stage, deploy. No automatic updates to production.

Deployed by certified regional partners

In the Global South and emerging markets, the KeyShare Digital ID Platform is deployed exclusively through certified deployment partners. These partners customize the platform for local regulatory requirements, integrate with national systems, and provide in-country implementation support. KeyShare provides the technology — our partners deliver the solution.

Connect with your regional partner →
Integration & APIs

Any organization connects. No platform changes required.

The ecosystem grows without platform releases. New organizations deploy an Integration Bridge that connects their existing systems.

API surface
APIPurposeAuthentication
Credential APIIssue, revoke, suspend, query credential statusOrganization attestation token
Workflow APIDefine, deploy, version, and trigger workflowsOrganization attestation token
Presentation APIRequest credential presentations from holdersVerifier attestation token
Trust APIQuery trust chain, validate attestations, check policiesPlatform-scoped token
Admin APIEcosystem management, onboarding, schema managementAdmin token (Portal)
Integration timeline (typical)
ScopeTimelinePrerequisites
Single credential type, single org2–4 weeksAttestation issued, bridge deployed
Multiple credential types, single org4–8 weeksSchemas approved, workflows tested
Ecosystem rollout (10+ orgs)3–6 monthsTrust framework defined, partner training complete
Mobile SDKs

Native SDKs for Android and iOS.

Build country-branded wallet applications without implementing cryptographic protocols from scratch.

SDK modules
ModuleFunctionRequired?
Credential ManagerStore, retrieve, present, and manage credentialsRequired
Presentation EngineOIDC4VP flows, selective disclosure, consentRequired
Offline EngineCache trust data, perform offline verification, manage syncRequired
Biometric ModuleOn-device biometric auth. ISO 30107-3 liveness. No biometric data leaves device.Optional
NFC/BLE ModuleProximity-based credential presentation and verificationOptional
QR ModuleQR-based credential presentation and verificationRequired
Delegated AgentAuthorized agents facilitate operations for citizens without devicesOptional
Push ModuleNotifications and workflow interactions from organizationsOptional
Android
  • Language: Kotlin
  • Minimum OS: Android 8.0 (API 26)
  • Storage: Android Keystore (hardware-backed)
  • Biometric: BiometricPrompt API
iOS
  • Language: Swift
  • Minimum OS: iOS 15.0
  • Storage: iOS Keychain (Secure Enclave)
  • Biometric: LocalAuthentication / LAContext

Reference wallet: Full source code provided. Partners customize UI, branding, language, and onboarding. Credential handling logic stays with the SDK to ensure cryptographic correctness.

Security

Security architecture for citizen-scale data.

Data flow and minimization
Data CategoryWhere It LivesWhere It Does Not Live
Citizen credentialsCitizen's device (encrypted, hardware-backed) + encrypted cloud backup (citizen-controlled keys)Platform servers do not store credentials after issuance
Biometric templatesCitizen's device only — one-way hash, never transmittedNo central biometric database exists
Presentation dataEphemeral — exists only during the verification sessionVerifiers do not retain data beyond the session
Trust dataTrust Governance Service (authoritative) + cached on devices
Organization dataOrganization's own systems, accessed via Integration BridgePlatform does not store organization source data
Key management
  • HSM integration for all platform-level cryptographic operations
  • Citizen keys generated and stored in device secure element (hardware-backed)
  • Key hierarchy: platform root keys (HSM) → service signing → organization signing → citizen keys
  • Root key ceremony performed under government supervision
  • Non-exportable keys at every level — keys never exist outside secure hardware unencrypted
  • Key rotation supported at all levels with defined migration procedures
Compliance alignment
FrameworkAlignmentNotes
ISO 27001Architecturally alignedCertification per-deployment
NIST CSFArchitecturally alignedFramework mapping available
GDPRArchitecturally alignedPrivacy by design, data minimization, consent management
eIDAS 2.0 / EUDIReady architectureCredential formats and protocols aligned

Code auditability: Application and service layer source code provided for government security audit with each release.

Penetration testing: Isolated staging environments provisioned for independent security assessment.

Zero-trust design: Zero-trust principles in platform architecture with comprehensive audit trail.

Vulnerability disclosure: Responsible reporting program for security researchers and government audit teams.

Standards & Protocols

Standards at every layer.

8 protocol and format standards + 3 framework alignments.

CategoryStandardVersionSupport
Credential FormatsW3C Verifiable Credentialsv1.1, v2.0Issuance + verification
SD-JWT VCIETF draftIssuance + verification + selective disclosure
ISO 18013-5 (mDoc)2021Issuance + verification (mobile documents)
Issuance ProtocolOIDC4VCIOpenID FoundationCredential issuance flow
Presentation ProtocolOIDC4VPOpenID FoundationCredential presentation flow
MessagingDIDComm v2DIFInter-service and citizen communication
AuthenticationFIDO2FIDO AllianceCitizen auth + device binding
BiometricsISO 30107-32017 + 2023Liveness detection
RegulatoryeIDAS 2.0 / EUDIEUArchitecture ready
AccessibilityWCAG 2.1 Level AAW3CCitizen-facing applications
Trust FrameworkEBSI trust chain modelEuropean CommissionTrust governance basis
Technical Specifications

Technical specifications.

Platform
Deployment modelSovereign — government-operated infrastructure
Container formatDocker/OCI containers, Kubernetes orchestration
Deployment topologiesCentralized, decentralized, hybrid
InfrastructureLinux (Ubuntu 22.04+ or RHEL 8+), Kubernetes 1.26+, PostgreSQL 14+, HSM (PKCS#11)
Offline toleranceUp to 72 hours (configurable)
Availability target99.9% (architecture-designed)
Update modelGovernment-controlled — review, stage, deploy
Release cadenceQuarterly + security patches
API versioningSemantic versioning; N and N-1 supported; 12-month deprecation
Performance targets
MetricTarget
Offline verification latency< 2 seconds (all modalities)
Credential issuance (single)< 5 seconds end-to-end
Batch issuance throughput10,000+ credentials/hour
Trust data sync (incremental)< 30 seconds
Wallet app cold start< 3 seconds
Service availability≥ 99.9%
Developer Resources

Developer resources for deployment partners.

API Reference

OpenAPI (Swagger) specification for all platform APIs.

Partner access
SDK Documentation

Integration guides for Android and iOS SDKs — module-level documentation and code samples.

Partner access
Reference Wallet Source

Full source code for Android and iOS reference wallet applications.

With SDK package
Integration Guide

Step-by-step bridge deployment — from attestation request to first credential issuance.

Partner access
Sandbox Environment

Isolated staging for integration testing — pre-configured trust framework, sample orgs, test credentials.

Per partner
Government Tech Overview

Architecture overview, standards compliance, security posture, deployment options (PDF).

Upon request

For developer documentation access, deployment partners should contact their KeyShare technical liaison or request a partner briefing.

FAQ

Frequently asked questions.

The Government Solution page communicates what the platform does and why it matters. This page explains how: architecture, components, deployment topologies, integration model, and technical specifications. If you're evaluating the business case, start with the solution page. If you're evaluating the architecture, you're in the right place.

Yes. The Mobile SDKs provide credential management, presentation, offline, and biometric modules. Partners build country-branded wallets — customizing UX, branding, language, and user flows while the SDK handles cryptographic and protocol complexity. A reference wallet with full source code is provided as a starting point.

Verification devices cache revocation status lists. When a credential is revoked, updated status is included in the next trust data sync. During the offline tolerance window (up to 72 hours, configurable), a recently revoked credential could still pass verification. Higher-security deployments set shorter windows.

Application and service layer source code — every component that handles citizen data — is provided via secure repository access with each release. The government's security team can review, analyze diffs, and audit all credential-handling logic. Platform layer (crypto primitives) is provided as compiled binaries with API docs; cryptographic components available for third-party audit under NDA.

Organizations deploy an Integration Bridge — a lightweight adapter that connects existing systems to the platform's API. Pre-built adapters available for common systems. No platform changes required. Typical timeline: 2–4 weeks for a single credential type.

Linux servers (Ubuntu 22.04+ or RHEL 8+), Kubernetes 1.26+ for container orchestration, PostgreSQL 14+ for data storage, and a PKCS#11-compatible HSM for cryptographic key management. The platform deploys as Docker/OCI containers.

The Digital ID Platform is purpose-built for sovereign, national-scale credential ecosystems. KeyShare's other verticals use products optimized for their specific domains — hospitality check-in and physical access control. The underlying standards expertise spans all verticals, but the product architectures are distinct.

Quarterly platform releases with security patches as needed. Semantic versioning. API backward compatibility for current and previous major version. Minimum 12-month deprecation notice. The government controls deployment — updates are reviewed, staged, and deployed by the government's team.

Ready for a technical deep dive?

Request a government briefing to discuss architecture, deployment topologies, integration requirements, and security audit scoping. We'll connect you with the right technical team for your region.

Request a Government Briefing See the Government Solution
Download the Government Technical Overview (PDF)