Architecture Overview
The Stobox DID system is engineered as a blockchain-based identity layer that allows organizations to verify and manage digital identities securely and programmatically. Its architecture is optimized for regulated environments, enabling tokens and applications to enforce compliance directly on-chain.
The architecture combines smart contracts, role-based access control, identity attributes, and event-driven auditability to form a complete decentralized identity infrastructure that integrates seamlessly with the Stobox STV3 Protocol and Stobox 4 platform.
Core Architectural Components
Stobox DID is composed of several key components that work together to ensure identity security, compliance readiness, and operational flexibility.
DID Registry Smart Contract
The DID registry is the main on-chain component responsible for:
creating and managing DIDs
maintaining identity attributes
linking blockchain addresses
recording status changes (active, blocked, revoked)
emitting audit events
This registry forms the authoritative source of identity verification for all Stobox systems.
Attribute Storage & Compliance Layer
Identity attributes determine how an address is permitted to interact within the ecosystem. Attributes can include:
investor category
jurisdiction
accreditation status
sanctions screening
eligibility flags
lockup or restriction tags
verification timestamps and expiration dates
Each attribute is stored and updated on-chain, enabling programmable compliance enforcement.
Address Linking Module
The architecture supports:
linking multiple wallet addresses to one DID
activating or deactivating linked addresses
unlinking compromised or deprecated wallets
This allows individuals and organizations to operate multiple wallets while preserving a single identity profile.
Role-Based Access Control (RBAC)
The DID contract implements strict RBAC to ensure secure and authorized management. Roles include:
Admin Role — full control over DID and attribute operations
Writer Role — permissions to manage attributes and linked addresses
Reader Role — restricted read-only access to DID attributes
External Reader Role — time-limited attribute access for auditors or third parties
RBAC safeguards against unauthorized modifications and ensures traceable control.
Event Logging System
All DID operations generate on-chain events such as:
DIDCreated
DIDUpdated
AddressLinked
AddressDeactivated
AttributeAssigned
AttributeUpdated
AttributeRevoked
These logs create a complete and immutable audit trail — essential for regulatory oversight and compliance reporting.
Architectural Principles
Security
The architecture ensures that:
identity state changes are tightly permissioned
all updates are traceable
wallet compromise does not invalidate identity
administrators can block or revoke identities quickly
By design, the DID contract protects the integrity of identity data while minimizing attack vectors.
Compliance by Design
The architecture embeds compliance logic directly at the identity layer, enabling:
rule enforcement before a transaction occurs
dynamic compliance updates
automated eligibility checking
multi-jurisdictional alignment
This structure eliminates the need for manual or centralized compliance checks.
Privacy Protection
Personal data is never stored on-chain. The DID contract only stores:
identity reference
compliance attributes
wallet status information
Sensitive data remains within verified KYC/KYB systems, aligned with data protection regulations.
Modularity and Extensibility
The system is designed to integrate with:
STV3 programmable assets
enterprise workflows
custodial platforms
compliance tools
third-party verifiers
Attributes and roles can evolve without breaking compatibility.
Interaction with STV3 Programmable Assets
STV3 assets rely on the DID architecture for identity validation at every step:
transfers
redemptions
governance actions
participation rights
investor limits
eligibility requirements
The STV3 validation engine queries DID attributes to determine whether an action is compliant. If the DID is missing, blocked, expired, or fails attributes — the transaction is rejected automatically.
This integration ensures asset-level compliance and standardized identity enforcement across all Stobox ecosystems.
Interaction with Stobox 4 Platform
Stobox 4 serves as the user interface for DID lifecycle management:
onboarding and verification
attribute issuance (KYC/KYB checks)
linking wallets
managing compliance statuses
monitoring investor activity
Stobox 4 acts as the operational layer, while the DID smart contract enforces rules at the protocol level.
Multi-Wallet Identity Architecture
Stobox DID supports sophisticated identity requirements:
one person or entity may use multiple wallets
wallets can be activated or revoked individually
corporate structures can assign wallets to departments or roles
upgrades or replacements of wallets do not require identity re-verification
This is essential for:
institutional custody
enterprise treasury management
multi-role governance
operational segmentation
Auditability and Traceability
The DID architecture includes full event logging for all identity operations, enabling:
regulator audits
financial reporting
AML/KYC evidence tracking
operational transparency
automated reconciliation between departments
Since the audit trail is stored on-chain, it cannot be tampered with, removed, or hidden.
Summary
The Stobox DID architecture provides a secure, scalable, and compliance-ready identity framework that integrates deeply with programmable financial infrastructure. Its design ensures:
strong identity integrity
deterministic compliance enforcement
operational flexibility
audit-grade transparency
seamless integration with asset issuance, trading, and governance
By combining blockchain-based identity management with enterprise-grade security and compliance tools, Stobox DID forms a core foundational layer for regulated tokenization and real-world digital assets.
Last updated
Was this helpful?