PEA Process Overview

This page provides a comprehensive outline of the Project Enrollment Authority (PEA) process, detailing each step from receiving chip data to final validation.

The PEA process ensures the proper registration, integration, and validation of projects within the system.

Initial Steps

Receive Chip Data: PEA receives a list of chipIds and an enrollmentId from the manufacturer.

  • Optional Verification: PEA may consult the ManufacturerRegistry to ensure all chips are correctly enrolled by the manufacturer.

  • Sign Chip Keys: PEA signs the public key of each chip using their own private key/public key pair (certificate). This key is termed the projectPublicKey, defined per project.

  • Sign Signature: PEA signs the resulting signature from Step 3 with its matching chip.

  • Store Certificate: PEA stores the certificate in IPFS.

Project Registrar Deployment

  • Deploy ProjectRegistrar: PEA deploys ProjectRegistrar, including:

    Field
    Description

    PEARegistrar Address

    Address of the PEARegistrar.

    ChipRegistry Address

    Address of the ChipRegistry.

  • Sign ProjectRegistrar Address: PEA signs the deployed ProjectRegistrar address with the same key used for all chip signings.

Project Registration

  • Add Project: PEAManager calls addProject on its PEARegistrar using the "owner" address and providing:

    Field
    Description

    Enrollment nameHash

    The nameHash for project enrollment.

    ProjectRegistrar Address

    The address of the ProjectRegistrar.

    Project Public Key

    The project public key used in Step 3.

    merkleRoot

    The Merkle root for the project.

    Transfer Policy

    The policy for transferring ownership.

    Signed Message

    A message of the ProjectRegistrar address signed using the PEA public key.

    URI

    URI pointing to the project's claim data location.

PAL and ChipRegistry Integration

  • Register SubNode: PEARegistrar calls PALRegistry with rootNode, nameHash, and ProjectRegistrar address to create a subNode and set ProjectRegistrar as the owner.

  • Update ProjectRegistrar: PEARegistrar writes the subNode to its rootNode state and pushes the ProjectRegistrar address into its projects array.

  • Add Project Enrollment: PEARegistrar calls addProjectEnrollment on ChipRegistry, passing:

Field
Description

Registrar Address

Address of the Registrar.

PEA's Public Key

The public key of PEA used for certificate signing.

Signed Registrar Address

Registrar address signed using PEA's public key.

Merkle Root

Merkle root for chip claiming (same as in Step 8).

Transfer Policy

Transfer policy for the chip.

URI

URI pointing to the project's claim data location.

Final Validation

Step
Details

Verify PEARegistrar

ChipRegistry checks that the calling address is a PEARegistrar.

Validate Ownership

ChipRegistry verifies that the signed address resolves to the PEA's public key, ensuring the submitted certificates during the claim process are signed by this address.

Store Merkle Root

Save the merkle root to ChipRegistry in the enrollment mapping under the ProjectRegistrar address.

PreviousPhygital Entity Agent (PEA)NextIssuing New Entity

Last updated