# How does it work? This section provides a high-level overview of how zkPass works, designed for clarity and ease of understanding. Whether you're a developer, a business owner, or just someone curious about zero-knowledge technology, you'll find this guide an essential starting point. ## **The Essence of zkPass** zkPass serves as a bridge between devices with limited computational capabilities and the robust world of ZKPs. By offloading the heavy lifting of ZKP computations to a secure server, zkPass enables devices of all kinds to participate in privacy-preserving data verification without exposing the actual data. It's a service that maintains confidentiality while allowing certain aspects of the data to be verified, all without the verifier ever seeing the data itself. ## **Participants in the zkPass System**

Three roles are central to the zkPass ecosystem: the **Data Issuer**, the **Data Holder**, and the **Proof Verifier**. The Data Issuer issues the data, the Data Holder is the custodian of their own data, and the Proof Verifier sets conditions on the data and verifies its integrity. Each plays a pivotal role in the delicate dance of data privacy and verification. **The zkPass Workflow** The diagram above illustrates the typical holder-centric [zkPass workflow](/zkpass/getting-started/service-based-proof-system/zkpass-workflows.md). The workflow is centered around the user, as explained below: 1. It starts with the Data Holder requesting a Data Verification Request (DVR) from the Proof Verifier. The DVR contains the query about the user data. The Proof Verifier signs the DVR to ensure authenticity and returns it to the Data Holder. 2. The Data Holder then retrieves the user data from the Data Issuer. This is the user data that is referenced by the DVR query. The Data Issuer also signs user data to ensure authenticity and returns it to the Data Holder. 3. With the DVR and the user data in hand, the Data Holder submits these items to the zkPass Service, initiating a RESTful API call request to generate a cryptographic zkPass Proof. 4. zkPass Service receives the API request and generates the zkPass Proof. It returns the proof to the Data Holder 5. The proof is then sent by the Data Holder to the Proof Verifier for verification. 6. The Proof Verifier verifies the proof and receives the query result which determines if the Data Holder has met the conditions specified in the query. ## **A Secure and Transparent Process** Throughout the entire process, the integrity and confidentiality of data are rigorously maintained. By employing robust encryption and digital signatures, zkPass ensures that the user data and DVR maintain their authenticity and privacy, especially during transit. This unwavering dedication to security is further reinforced by the use of Zero-Knowledge Proofs (ZKP) and the Trusted Execution Environment (TEE). In the TEE, the ZKP computations are carried out, guaranteeing that both the data and the queries performed on it remain secure, confidential, and verifiable. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://gl-docs.gitbook.io/zkpass/getting-started/introduction/how-does-it-work.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.