Transmute Verifiable Data Platform: the “fastest lane” in global trade
Announcing significant security and performance upgrades
The Transmute Team is announcing significant performance and security upgrades to our Verifiable Data Platform, following the successful launch of new features such as analog twins and our Neo4J adapter. These enhancements are a direct result of our collaboration with US Customs and Border Protection in the Steel Tech Demo and our platform’s robust performance in the US Department of Homeland Security’s Red Team security assessment. Addressing critical feedback, we have focused on improving performance and security to support enterprise-scale transactions.
What’s New
As of March 2024, the Transmute Verifiable Data Platform has transitioned to using W3C JSON Web Tokens (JWT) secured with JOSE as the primary credential format, in compliance with the technical requirements set by US Customs and Border Protection (US CBP). This shift from Data Integrity Proofs (DIP) to JWT along with other performance improvement changes brings significant improvements to the system.
Haven’t registered yet? Try Verifiable Data Platform For Free.
Implications for Existing Users
If you have been utilizing the Verifiable Data Platform for issuing and exchanging critical trade documents, here’s what you need to know:
- Any trade document credentials issued by you have already been converted to the new JWT-based format. No further action is required for these credentials.
- Credentials issued by other parties that you possess will need to be updated
- Unsupported credentials from presentations cannot be saved to your stored credentials
- Unsupported credentials cannot be included in presentations
Please refer to our guide for details on platform changes: Platform Guide — Credential Data Integrity Proof Deprecation
Rationale Behind the Change
The primary concern with Data Integrity Proofs was the deserialization of untrusted data, which posed a security risk. The conversion from JSON-LD to n-Quads, required for verifying DIP credentials, was not only time-consuming but also vulnerable to denial of service attacks. By adopting JWT, we can verify the sender’s signature before any further data processing, significantly reducing the attack surface.
For more technical details, visit: Security Considerations for VC-JWT
Additionally, the performance of DIP was sub-optimal for large JSON-LD credentials commonly used in supply chain scenarios. The transition to JWT addresses these performance issues, as demonstrated in the graph below:
Selective Disclosure Using Data Integrity Proofs vs SD-JWT
Want more Transmute? We’re always making announcements and sharing more content on our blog — don’t forget to follow us!
