Messaging
Secure messaging functionality is central to the future of distributed digital trust. Communication is part of the foundation of the internet, and historically, establishing digital connections with others has always required an intermediary “connection broker,” like Google, WhatsApp, an email provider, or a phone carrier. By leveraging the power of DIDs as well as the power of JOSE (opens in a new tab) specifications, it is possible to establish secure connections simply as a by-product of two or more parties exchanging DIDs.
The foundational basis of this secure messaging architecture is called JSON Web Message (JWM) (opens in a new tab). JWM is a draft standard for universal secure messaging; it belongs to the JOSE family of specifications alongside JSON Web Encryption (JWE) (opens in a new tab) and JSON Web Signature (JWS) (opens in a new tab).
DIDComm (opens in a new tab) provides the core messaging protocols that create a secure tunnel between DIDs. In its simplest form, it’s a secure communication layer built on top of the information contained in DID Documents. DIDComm messages are based on the structure of JSON Web Messages. The basic structure of the message specifies the type, id, and other attributes common to all messages. Using these standards allows each party in a distributed ecosystem to exercise control, practice full transparency, and participate in trustworthy communication.
To learn more about our approach to messaging, read our blog, JWM: a new standard for secure messaging (opens in a new tab).
Usage
MATTR VII provides secure messaging capabilities and allows customers to create, sign, and verify messages using DIDs.
All messages sent via MATTR VII require the message payload to be encrypted, thus ensuring messages held at rest cannot be inspected by MATTR or any party (such as a legal enforcing entity) that requests access to those messages. This is to keep the total privacy of end-users in-mind. End-to-end encryption is a default level privacy that we uphold on the MATTR VII platform.
In order to send a message, you will require the subject DID of the recipient. In production environments you must have a secure way to obtain it:
- Use DID Auth for any new interactions.
- Ask the user to share their wallet DID (MATTR Showcase wallet or MATTR GO users can do this by navigating to Settings > Advanced > Public DID).
- Request an existing credential as part of a presentation verification workflow, and extract the DID from that interaction.
This is particularly effective when it comes to authenticating end-users. For example, the mobile wallet app can send a JWS with a signature that is generated from the Subject DID on the mobile app. Any party receiving that message can use the platform to verify the JWS, thereby proving that the Mobile Wallet App has access to the private key of the Subject DID. This kind of information is incredibly useful in establishing trust between parties before continuing with an interaction.
MATTR Showcase Wallet
End users of the MATTR Showcase Wallet and MATTR GO Wallet are able to enable notifications. This will create a message inbox on a dedicated wallet backend.
As DIDs are created in the wallet they are registered against the inbox so messages can be routed to the mobile app using a push notification service. Push notifications are delivered to the wallet as encrypted payloads and therefore cannot be read until the wallet is unlocked.