Skip to content


Basic terms to understand in the universe of moving pieces.


A mobile app provided by Unbox (but unbranded to become XYZ).

The app allows end users to do the following:

  • Log in anonymously (a bit like Google Authenticator but extended to include additional functionalities).

  • Back up private key

  • Generate identities and sub-identities

  • Access a wallet of cards (called microenvironments, see below) representing identity, access, membership, or anything else that can be represented by a card.

Note: XYZ is currently mandatory for every login scenario we provide (even if technically developers could roll their own engine).


An end-user's collection of cards (identity, VIP access, funding, whatever) from any vendors or otherwise entities (from coffee shops to government offices).

These cards get collected one by one inside the end user's XYZ mobile app (provided by Unbox). They can represent anything you can currently represent with a physical card, and many more representations we haven't even conceived of yet:

  • Identity (like any ID, but anonymized)

  • Access (like a pass card)

  • Membership badge (somewhere between identity and access)

  • Loyalty/Rewards card (given for performing some kinds of actions such as recycling or buying 10 coffees)

  • Payment card (debit, credit, or anything else you could program for funding purposes)

  • Collectibles card (baseball, hockey, or any other collectibles)

  • Ownership or authenticity certificates

  • Any kind of vouchers (store savings, IOUs, promisory notes, gift cards)

  • Any other card-like token branded by a developer and programmable with any rules they want (and displayed as part of the end-user\'s collection of such cards/microenvironments)

  • Any combination of the above functionalities combined into a single "card"


Any vendor or developer or entity that provides a microenvironment to an end-user via the XYZ app. Anonymous login is just one of the functionalities which the Funder can outsource to XYZ.


An application (browser or mobile app) that is linked to XYZ, and is allowed to do the following: * Trigger user authentication (e.g. via a Login button) * Receive an access token from the XYZ authorization server.

The client is created by a developer for a company or governmental entity, and allows the end user to anonymously authenticate with the client with the help of the XYZ mobile app.

End user

This is the human that uses the client application to authenticate with the Funder.

For the purposes of anonymous login functionality, it is the person who clicks the Login button on the Funder's website or mobile app, and who is then taken to XYZ to give consent to the scope requested by the Funder. In the process of giving consent, the user is authenticated anonymously and gets logged in to the Funder's app or website.


Who the end user presents themselves as to the Funder.

In most cases, it is unnecessary for the end-user to provide their real identity to a Funder in order for the interaction to take place to the satisfaction of both parties. For example, a person can use different nicknames or email addresses on different online portals.

As a result, as long as the bearer of an identity presents said identity to the Funder correctly, all the requirements for a successful exchange are satisfied. Unbox Studio

Unbox's product that allows developers to build and sign transactions, create identities, etc. For logging in untracked users, this is where the developer can implement a login button and obtain a piece of code to paste into their site to create a functional login sequence for their end-users.