Everything you need to understand, deploy, and integrate the Internet Identity Card. For end users, developers, security auditors, and integrators.
The four official documents below — User Guide, Technical Specification, Engineering Specification, and Threat Model — are freely available for review, audit, and reference. Their integrity is anchored on the Bitcoin and Ethereum blockchains and on OpenTimestamps. The underlying architecture is disclosed in two open defensive publications on Technical Disclosure Commons (CC BY 4.0).
The generator application (distributed inside the Complete Package), however, is not publicly downloadable. Due to the critical and sensitive nature of identity infrastructure, access to the generator is granted through a controlled onboarding process to ensure security, compliance, and operational alignment.
For demo requests or partnership inquiries, please contact us at demo@internetidentitycard.com.
Step-by-step instructions to create your first card, choose between Quick and Secure modes, share your identity safely, understand SHA-256 page integrity, and answer common questions about Memorable Words, Card Passphrases, and recovery.
Full cryptographic architecture and API reference. Covers AES-256-GCM, Argon2id RFC 9106 (96 MiB, t=4, p=4), PBKDF2 600K iterations for backups, ECDSA P-256, the dual-passphrase architecture, SHA-256 page integrity (Mode A), IIFE module isolation, threat model, and storage format.
System architecture, provenance timeline (2013–2026), defensive publications (TDCommons #10079 and #10167), standards compliance, and version history. Documents NIST, RFC, GDPR alignment and the registration timeline of Https Card Ltd. Reference document for procurement, due diligence, and compliance reviews.
Realistic security analysis: trust assumptions, assets, adversary model (A1–A4), STRIDE analysis, ten concrete attack scenarios, and an honest account of residual risks and out-of-scope threats (compromised devices, generator authenticity, coercion, quantum). Companion to the Technical & Engineering Specifications.
The Complete Package is a single archive containing the four official documents (User Guide, Technical Specification, Engineering Specification, Threat Model), the generator application (~338 KB), the README, and a SHA256SUMS checksum file. Because it includes the generator, this download is provided through the controlled onboarding process described above.
🔒 Request access — demo@internetidentitycard.comOnce granted, you can verify the authenticity of the archive against the published SHA-256 hash and ECDSA P-256 signature.
The cryptographic constructions underlying the Internet Identity Card are disclosed as open prior art on Technical Disclosure Commons (operated by Elsevier), released under the Creative Commons Attribution 4.0 license with explicit patent waivers from the inventor. They are indexed by Google Scholar, Semantic Scholar, and the bepress Digital Commons Network.
Discloses the TOTP-derived symmetric key system, dual-domain PBKDF2 architecture, AES-256-GCM encryption, IIFE module isolation, ECDSA P-256 signatures, and single-file HTML distribution model for offline issuer-mediated access control.
Discloses two new constructions: (i) the SHA-256 page integrity scheme (Mode A) with fail-closed lockdown, and (ii) the dual-passphrase key architecture using Argon2id RFC 9106 (96 MiB, t=4, p=4) for per-export recipient passphrases.
Pick the one that matches your role and what you want to do.
In addition to file verification, you can verify the SHA-256 integrity of every HTML page on this site in real time — directly in your browser, using the W3C Web Crypto API. Nothing is uploaded.