# Architecture

The defining characteristic of zkPass is the offloading of ZKP computations to a server operating within a Trusted Execution Environment (TEE). Users only need to initiate a service request through the zkpass-client SDK library, which then delegates the heavy computational tasks to the server side.

The zkPass is specifically designed to support privacy-preserving applications. It provides the client libraries and secure middle-layer infrastructure to implement applications that protect the privacy of user data and support a verifiable computation environment. zkPass uses ZKVM (Zero Knowledge Virtual Machine) as the underlying core proof system on which the applications run. In the future, zkPass may also support a new proof system other than Zero Knowledge Proof.

The high-level architecture view of the zkPass is illustrated here:

<figure><img src="https://2052969365-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4jZpZP97P7tNPc6tR9Mf%2Fuploads%2Fm2idJ8frSGLCze5rPBrx%2FBlank%20diagram%20(1).png?alt=media&#x26;token=0e6739a6-0f99-412b-ad3e-99f258d3d555" alt=""><figcaption></figcaption></figure>

Currently, zkPass implements one such zkPass module, the Data Verification Request (DVR). Future releases of zkPass can support other forms of privacy-protecting applications. This guide will focus primarily on two things: the service infrastructure of zkPass and the DVR application.

The next section describes each component of the zkPass.