Help Center/UID SSO & Cryptography/How does Zero-Knowledge Vault Storage protect B2B guest data?

How does Zero-Knowledge Vault Storage protect B2B guest data?

Last Updated June 8, 2026

To allow external partner services like Trip.Express to store highly sensitive credentials, passes, or tickets into the User's Vault without compromising privacy, we utilize an End-to-End Encrypted (E2EE) Hybrid Cryptography model:

1. Public Key Retrieval

Trip.Express retrieves the user's RSA Public Key associated with their device from UID.one.

2. Hybrid Encryption

A random symmetric key (AES-GCM-256) is generated on the Trip.Express server to encrypt the ticket payload. The symmetric key is then encrypted using the User's RSA-OAEP Public Key.

3. Zero-Knowledge Storage

The encrypted payload and encrypted key are stored on the UID.one coordination server. The server acts as a zero-knowledge data store, unable to read or decrypt the plaintext payload.

4. Client-Side Decryption

The user's device retrieves the payload, decrypts the AES key inside the Secure Enclave / StrongBox hardware HSM, and decrypts the ticket locally.

Was this article helpful?

PMS Rate Broker & Inventory Oracle Integration Guide

Decentralized Distribution Node & Cluster Routing Deployment

Back to Help Center

1. Public Key Retrieval

Trip.Express retrieves the user's RSA Public Key associated with their device from UID.one.

2. Hybrid Encryption

A random symmetric key (AES-GCM-256) is generated on the Trip.Express server to encrypt the ticket payload. The symmetric key is then encrypted using the User's RSA-OAEP Public Key.

3. Zero-Knowledge Storage

The encrypted payload and encrypted key are stored on the UID.one coordination server. The server acts as a zero-knowledge data store, unable to read or decrypt the plaintext payload.

4. Client-Side Decryption

The user's device retrieves the payload, decrypts the AES key inside the Secure Enclave / StrongBox hardware HSM, and decrypts the ticket locally.

How does Zero-Knowledge Vault Storage protect B2B guest data?

1. Public Key Retrieval

2. Hybrid Encryption

3. Zero-Knowledge Storage

4. Client-Side Decryption

Double-Entry Ledger Settlement & Automated Billing Rules

PMS Rate Broker & Inventory Oracle Integration Guide

Decentralized Distribution Node & Cluster Routing Deployment

How does Zero-Knowledge Vault Storage protect B2B guest data?

1. Public Key Retrieval

2. Hybrid Encryption

3. Zero-Knowledge Storage

4. Client-Side Decryption

Double-Entry Ledger Settlement & Automated Billing Rules

PMS Rate Broker & Inventory Oracle Integration Guide

Decentralized Distribution Node & Cluster Routing Deployment