Encrypted storage layer

Once biometric templates and pattern hashes are created, they must be stored securely. Solident uses an encrypted storage layer to ensure that data is permanent, private, and only accessible by the rightful user.

---

"Storage doesn’t make data safe. Encryption does."

---

1. Local Encryption First

• All data is encrypted before it leaves the user’s device.

• Raw biometrics or plain pattern inputs are never stored.

• Encryption uses user-owned keys, generated in the secure enclave.

---

2. Flexible Storage Options

• On-device storage: Encrypted data can remain stored locally for maximum privacy.

• Cloud storage: Users may back up encrypted data to personal or third-party cloud systems.

• Decentralized storage: IPFS, Arweave, or Filecoin can be used for permanent and censorship-resistant storage.

---

3. User-Owned Keys

• Only the user controls the encryption keys.

• Storage providers (cloud or decentralized) never gain access.

• Without the user’s keys, the stored templates and hashes are meaningless.

---

4. Tamper-Resistant Architecture

• Each encrypted file is bound with integrity checks.

• Any attempt to alter or replace the data breaks the cryptographic signature.

• This ensures that what was enrolled is always verifiable later.

---

Security Principles

• Encryption-first: Privacy is guaranteed by design, not by trust in storage providers.

• Portability: Encrypted files can be moved across storage systems without risk.

• Durability with privacy: Permanent storage options don’t compromise security.

---

The encrypted storage layer makes it irrelevant where data is kept: cloud, local, or decentralized. What matters is that only the user can ever unlock it.