Skip to main content

System Overview

GRIPLOCK is architected as a distributed system that provides secure, ephemeral access to the decentralized finance ecosystem. The platform combines NFC-based authentication with integrated payment rails for a complete DeFi gateway.

Architecture Diagram

Component Overview

Mobile App

Handles NFC card reading, PIN collection, and encrypted credential transmission

Signaling Server

Facilitates WebRTC connection establishment and message relay during handshake

Web Dashboard

Displays wallet information, manages sessions, and interacts with Solana blockchain

Technology Stack

LayerTechnologyPurpose
FrontendReact 18 + TypeScriptDashboard user interface
StylingTailwind CSS + Shadcn UICyberpunk-themed design system
RoutingWouterClient-side navigation
StateTanStack Query + ContextData fetching and state management
BackendExpress.js + TypeScriptWebSocket signaling server
Real-timeWebSocket + WebRTCBidirectional communication
CryptographyNoble Curves + Noble HashesEd25519, X25519, HKDF, AES-GCM
BlockchainSolana JSON-RPCMainnet interaction
On/Off-RampMoonpay SDKFiat-to-crypto and crypto-to-fiat
Micropaymentsx402 ProtocolHTTP-native pay-per-use transactions
PrivacyZero Knowledge ProofsPrivacy-preserving verification
StorageFilecoinDecentralized data persistence

Design Principles

1. Zero-Knowledge Architecture

The server never has access to plaintext credentials. All sensitive data is encrypted end-to-end between the mobile app and dashboard using X25519 key exchange. 
Mobile App ──[Encrypted]──► Server ──[Encrypted]──► Dashboard

                              └── Cannot decrypt, only relays

2. Ephemeral Derivation

Private keys are never stored—they’re computed on-demand and immediately discarded after use: 
// Derivation happens in memory, result is used, then cleared
const seed = hkdf(sha256, nfcId + pin, salt, info, 32);
const publicKey = ed25519.getPublicKey(seed);
zeroize(seed); // Immediately cleared

3. Defense in Depth

Multiple security layers protect user assets:
1

Physical Layer

NFC card must be physically present—cannot be cloned or emulated
2

Knowledge Layer

PIN is required and never transmitted or stored
3

Transport Layer

All credentials encrypted with ephemeral X25519 keys
4

Session Layer

Time-limited access with activity-based expiration
5

Storage Layer

Browser storage encrypted with session-derived keys

Communication Model

GRIPLOCK uses a hybrid communication model:

WebSocket (Signaling Phase)

  • Used for initial connection establishment
  • Relays WebRTC offers/answers and ICE candidates
  • Minimal data exposure—only encrypted payloads transit

WebRTC (Data Phase)

  • Peer-to-peer encrypted data channel
  • Direct mobile-to-dashboard communication
  • Server cannot observe data after connection established

Scalability Considerations

AspectApproach
Session ManagementIn-memory Map with cleanup on disconnect
WebSocket ConnectionsStateless relay, minimal server memory
Blockchain QueriesDirect RPC calls, no caching layer
EncryptionClient-side only, no server computation

Next Steps

Data Flow

Detailed walkthrough of credential flow

Components

Deep dive into each system component