Security Model

ZK ONE is designed with a multi-layered security architecture that protects identity data, verification flows, and user autonomy at every stage.

┌───────────────────────────┐
│         Client UI         │
│(Next.js + Shadcn Frontend)│
└───────────────┬───────────┘
                │
                ▼
┌───────────────────────────┐
│ Local Security Layer      │
│ - Hashing                 │
│ - zk-proof generation     │
│ - Encryption (optional)   │
└───────────────┬───────────┘
                │
                ▼
┌───────────────────────────┐
│ Smart Contract Layer      │
│ (Lisk L2 Verification)    │
│ - Hash storage            │
│ - Proof verification      │
│ - Access control          │
└───────────────┬───────────┘
                │
                ▼
┌───────────────────────────┐
│ Decentralized Data Layer  │
│ - Immutable records       │
│ - On-chain logs           │
└───────────────────────────┘

Omega ensures that sensitive information is never exposed, even during verification.

Uses zk-proofs to validate identity or data
Verifiers learn only the result, not the content
No plaintext documents ever leave the client

client → zk-proof → smart contract → verification result

Immutable Data Layer

All hashes and verification metadata are stored on the Lisk Layer 2 network.

Tamper-proof data
Immutable audit trail
Guaranteed data integrity

Immutable fields include:

identityHash
dataHash
verificationTimestamp

Access Control Framework

Every sensitive resource is protected by a granular access system.

Mechanism

resource → permissions → authorized addresses

Capabilities

Grant / revoke access dynamically
Per-document permissions
Revocable at any time

Example resources: passport, driversLicense, financialRecord

User Sovereignty

Omega follows a user-first ownership model:

No centralized storage
No admin override
Users control:
- what they upload
- who can verify
- how long access lasts

You own your data. Omega only verifies it.

Security Prompts & UX Safeguards

Integrated UX guardrails protect users from high-risk mistakes.

2FA prompts
Warnings before granting access
Secure connection checks
Privacy tips built into the flow

Client-Side Protection

All sensitive operations run locally:

Document hashing
zk-proof generation
Encryption (when applicable)

No sensitive data is transmitted to the server or stored off-chain.

PreviousCore Futures NextAPI

Last updated 2 months ago

Good night

hashtagImmutable Data Layer

hashtagAccess Control Framework

hashtagMechanism

hashtagCapabilities

hashtagUser Sovereignty

hashtagSecurity Prompts & UX Safeguards

hashtagClient-Side Protection