DeepaDataDocs
Get API KeysGitHubConsole

Security & Compliance

Cryptographic Integrity

Every DeepaData artifact is sealed with W3C Data Integrity Proofs, creating mathematically verifiable records that cannot be tampered with after issuance.

W3C Data Integrity Proofs

DeepaData implements the W3C Verifiable Credentials Data Integrity 1.0 specification using the eddsa-jcs-2022 cryptosuite.

Cryptographic Stack

  • Signature Algorithm: Ed25519 (EdDSA over Curve25519)
  • Canonicalization: JSON Canonicalization Scheme (JCS, RFC 8785)
  • Cryptosuite: eddsa-jcs-2022
  • Key Format: did:key multicodec (z6Mk prefix)

.ddna Envelope Structure

When an EDM artifact is issued via /v1/issue, it is wrapped in a .ddna envelope containing the proof block.

{
  "ddna_header": {
    "version": "1.0",
    "format": "ddna",
    "created": "2026-02-24T10:30:00.000Z"
  },
  "edm_payload": {
    "meta": { "id": "...", "version": "0.5.0" },
    "core": { "anchor": "...", "spark": "..." },
    "constellation": { "emotion_primary": "relief" },
    "governance": {
      "jurisdiction": "GDPR",
      "consent_basis": "consent"
    }
    // ... full EDM artifact
  },
  "proof": {
    "type": "DataIntegrityProof",
    "cryptosuite": "eddsa-jcs-2022",
    "created": "2026-02-24T10:30:01.000Z",
    "verificationMethod": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK#key-1",
    "proofPurpose": "assertionMethod",
    "proofValue": "z5vgFc8h2YR3..."
  }
}

Verification Process

When you call /v1/verify, DeepaData performs these checks:

1

Signature Verification

The proof.proofValue is verified against the canonicalized payload using the Ed25519 public key from the DID.

2

Schema Validation

The edm_payload is validated against the EDM v0.5 JSON Schema to ensure structural integrity.

3

Governance Completeness

The governance domain is checked for required fields: jurisdiction, consent_basis, and retention policy.

4

Consent Attestation

If a VitaPass subject ID is present, the consent scope is verified against the VitaPass ledger.

Certification Levels

Verification returns a certification level based on which checks pass.

LevelRequirementsUse Case
fullstandard + non-biometric confirmationRegulated clinical or HR contexts
standardbasic + consent attested + governance completeGeneral consumer applications
basicSignature valid, provenance intactDevelopment, testing

Certificate Registry

Every issued artifact creates a certificate in the DeepaData registry. Certificates provide an independent audit trail and can be retrieved via /v1/certificate/:id.

{
  "certificate": {
    "id": "cert_8f7a3b2c...",
    "issuer_did": "did:key:z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
    "pathway": "delegated",
    "authority": "app:therapy-platform",
    "certification_level": "full",
    "checks": {
      "schema_valid": true,
      "provenance_intact": true,
      "consent_attested": true,
      "governance_complete": true,
      "non_biometric": true
    },
    "issued_at": "2026-02-24T10:30:01.000Z"
  }
}

Related

Issue / Seal API

Create sealed .ddna envelopes

Verify API

Verify envelope integrity