GameShift allows developers to provision blockchain wallets for their users, allowing them to individually manage their GameShift-created game assets. Each wallet consists of a public key for receiving tokens, and a private key for signing transactions, such as for token transfers and marketplace activities. If the private key is lost, the tokens in the wallet will be frozen from transactions.

Traditionally, users were advised to copy down their private keys and store them in a safe place. This led to the creation of companies dedicated to managing private keys on behalf of users, effectively holding user digital assets in custody. Generally speaking, taking custody of user digital assets requires resources and infrastructure that non-specialized companies have.

Newer non-custodial wallets use cryptographic key management architectures that achieve user self-custody while retaining the provider’s ability to recover lost keys. GameShift optimizes with a self-custodial wallet model approach that puts the user in charge of their digital assets, while eliminating the challenging user experience of traditional self-custodial wallets.

GameShift Wallet Architecture

GameShift uses MetaKeep to provide safe non-custodial wallets to users while saving them from the risks and complexity of managing their own keys. MetaKeep uses industry standard high-security physical devices(known as hardware security modules) dedicated to storing user private keys. The hardware security modules aggressively guard private keys, and are specifically designed to never export a user’s private key. This means that GameShift and MetaKeep never see the user’s private keys. Therefore, all transactions that must be signed for acceptance must be sent into, and signed within, the hardware module.

In order to ensure the wallet is non-custodial, the end user for each GameShift/MetaKeep provisioned wallet must sign each transaction. This condition is enforced by the hardware module itself, which generates a challenge requiring third-party user authentication outside of GameShift and MetaKeep. Currently, this secondary form of authentication utilizes codes sent to the user’s email address.

When you register a user with GameShift, a unique cryptographic private key is generated and stored within the hardware security module, locked to the user’s email address. The user doesn’t see anything during the registration process and is not provided with the private key. If you have multiple games on GameShift, each game must register the user individually.

MetaKeep holds multiple pending patents on its wallet implementation.

Wallet User Experience

Multiple GameShift activities require the user to be present for a transaction approval operation, allowing the transaction to be signed on a secure hardware device with the user’s private key. These activities are identifiable by the API endpoints returning a consent URL.

All operations requiring user consent must direct the user to the consent URL. This URL will instantiate a modal on the user’s client device requesting user transaction approval. Periodically, this flow will also require that the user enter a one-time passcode (OTP) emailed to them at the address used to register the wallet. Once the user approves the transaction, the hardware module will cryptographically sign the transaction and broadcast it on-chain, all without exposing the private key to anyone.

img img