Media Registry

Documentation

Key Management System

The Media Registry's Key Management System provides enterprise-grade cryptographic capabilities for securing digital content ownership, verifying identity, and enabling automated royalty distribution. Built on the Nexartis security infrastructure, this system ensures that all transactions and content registrations maintain the highest levels of integrity and authenticity.

System Overview

The Key Management System enables users to create, manage, and utilize cryptographic keys for signing digital identity documents and transactions within the Voyager Suite ecosystem. These digital signatures provide cryptographic proof of identity and content ownership, forming the foundation of trust in the Media Registry.

Each key pair consists of a public key that can be freely shared and a private key that remains securely encrypted. When a user signs a document or transaction with their private key, anyone can verify the signature using the corresponding public key, confirming the authenticity without compromising security.

The system employs industry-standard encryption techniques and follows best practices for key management, ensuring that private keys remain protected while enabling seamless integration with other Voyager Suite components.

Use Cases

Registry Administration

Registry administrators use the Key Management System to create and manage cryptographic keys that authenticate critical operations within the Media Registry. These keys enable:

  • Signing official identity documents for content, creators, and rights management
  • Authorizing system-level changes to the registry
  • Validating the authenticity of registry operations
  • Establishing trust anchors for the verification chain

By maintaining a secure set of administrative keys, the Media Registry ensures that all operations maintain the highest level of integrity and can be cryptographically verified by all participants in the ecosystem.

Creator Royalty Management

Content creators utilize the Key Management System to establish cryptographic proof of ownership for their registered content. This enables:

  • Securing digital identity documents that prove ownership of registered media
  • Verifying identity for royalty distribution
  • Automating payments based on cryptographically verified play data
  • Self-claiming royalties through authenticated transactions

When integrated with Creator Cubi Cubes, this system allows creators to manage their content portfolio with strong authentication, ensuring that royalty payments are accurately attributed and automatically processed based on verified usage data.

Curator Access Management

Curators leverage the Key Management System to securely access authorized endpoints in the Media Registry. This enables:

  • Authenticated API access to content discovery endpoints
  • Secure content retrieval for show creation
  • Verified play registration when content is broadcast
  • Cryptographic proof of content usage for royalty calculations

Through Home Base and Moon Base integration, curators can seamlessly access registry content while maintaining the cryptographic chain of custody that ensures proper attribution and compensation for creators.

Key Features

Enterprise-Grade Security

Utilizes industry-standard encryption with configurable key strengths and secure key storage with advanced encryption technology, ensuring your digital assets remain protected.

Key Lifecycle Management

Complete management of key creation, rotation, expiration, primary key designation, and backup/recovery, ensuring keys remain secure throughout their lifecycle while maintaining operational continuity.

Client-Side Encryption

Private keys are encrypted locally before storage or transmission, ensuring that unencrypted private keys never leave the client, maintaining the highest level of security.

Seamless Integration

Integrates with digital identity document signing, content registration, and transaction verification across the Voyager Suite ecosystem, providing a unified security infrastructure.

Technical Implementation

Security Architecture

The Key Management System is built on a multi-layered security architecture:

  • Client-Side Encryption Layer: Private keys are encrypted using advanced encryption standards with unique identifiers for each key
  • Password-Based Key Derivation: Master password is never stored, but used to derive encryption keys through secure cryptographic techniques
  • Distributed Storage Layer: Encrypted keys are stored in the Nexartis Distributed Data Store, ensuring high availability and redundancy
  • Session Management: Temporary sessions provide secure access to decrypted keys for signing operations without persistent storage of sensitive data

This architecture ensures that private keys remain protected throughout their lifecycle while enabling seamless integration with signing and verification processes.

Key Generation and Storage

The system generates cryptographic key pairs with configurable strengths:

  1. Key pair is generated using the Nexartis security framework
  2. Public key is stored for verification purposes
  3. Private key is encrypted with a derived key from the master password
  4. Each key has unique metadata including creation date, expiration, usage statistics, and primary status
  5. One key can be designated as the primary signing key for default use in operations
  6. Primary key status can be changed at any time through the key management interface
  7. Encrypted keys are synchronized to the Nexartis Distributed Data Store for redundancy

This approach ensures that keys are securely generated, stored, and accessible when needed for signing operations, while maintaining the highest level of security for private key material.

Identity Document Signing

The system supports comprehensive digital identity management:

  • Creation of verifiable digital identity (DID) documents for various entity types
  • Secure signing of identity documents using cryptographic proof
  • Integration with standardized identity verification protocols
  • Support for different entity relationships within the content ecosystem

This identity management foundation allows for secure attribution, verification, and management of content ownership throughout the digital supply chain.

Signing and Verification

The signing and verification process follows these steps:

  1. User authenticates with their master password to access encrypted private keys
  2. System uses the designated primary key for signing operations by default
  3. System decrypts the private key temporarily in memory for signing operations
  4. Document or transaction is signed using secure cryptographic algorithms
  5. Signature is attached to the document along with the public key identifier
  6. Verification can be performed by anyone with access to the public key

This process ensures that signatures can be created securely and verified openly, maintaining the integrity of the Media Registry's content and transaction records.

Secure Your Content in the Voyager Suite Ecosystem

The Key Management System provides the security foundation for the entire Voyager Suite ecosystem, ensuring that content ownership, identity, and transactions maintain the highest levels of integrity and trust.

Learn More About Voyager Suite
Previous: DIDs, DID Docs & DIDComm Next: Technical Architecture