Immutable zkEVM Opens Doors to All Developers with Permissionless Deployment -
Learn More
Home
Arrow icon
Blog
Arrow icon
IMX Knowledge Base
9/21/2023

Under the Hood: Immutable Passport

Image description text: Under the Hood: Immutable Passport
Icon with concentric circles
TL;DR

Earlier this year, we launched Immutable Passport, a seamless gaming identity and digital wallet solution designed to make web3 gaming accessible to mainstream players. Since then, we have observed immense interest in Passport from game developers and partners across the Immutable ecosystem.

We know people are eager to understand more about how the product solves some of the highest friction elements of user experience in the blockchain gaming space. In this article, we address the most frequently asked questions around Passport.

How does Immutable Passport increase my game’s conversion rates?

Immutable Passport has a number of key capabilities and features which are specifically designed to reduce friction and provide familiar experiences to players. 

For example:

  1. You will have less drop-off at the top of the funnel due to fast and easy onboarding with passwordless, one-click social logins for new users.
  1. A Passport wallet is automatically generated for users upon login, removing the complexities of wallet creation and wallet linking.
  1. Unity and Unreal SDKs allow your players to interact with web3 mechanics natively within the game without impacting the immersive experience.
  1. Passport allows you to cover the gas on behalf of your players, further reducing friction and complexity in on-chain game transactions. Players can automatically cover for gas in a number of different tokens, reducing friction for players who run out of a gas token.
  1. Passport users will feel safer when transacting in your game knowing it supports Passport and is part of the trusted Immutable ecosystem.

In the future, as the number of Passport users grow, we expect to see further benefits for game studios, such as:

  1. Game discoverability will be a core component of Passport, allowing games to access communities beyond their own and improve user acquisition.
  2. Thanks to the security and UX simplicity, we expect Passport users to be more engaged as compared to non-Passport users.
  3. The following diagram shows the flow of interactions across the key systems to keep the player’s keys and in game assets secure.
  • In the near future, we will introduce the option to secure high value in-game transactions with 2FA and a mobile app, further enhancing security and ensuring the protection of your digital assets.

How does Passport onboard gamers with such low friction?

Passport replaces the high friction of wallets like Metamask by eliminating 12 word keyphrases and replacing it with a simple social and email sign-in. This drastically lowers the UX friction, meaning that Passport is the most effective option to sign up players for user acquisition and pre-release registration. 

How does Passport get rid of the 12 word keyphrases while still keeping your digital assets secure?

  • Passport keeps your private keys safe and secure in a Key Management Service (KMS) secure vault at AWS which is unlocked by your social sign-in (in partnership with Magic).
  • Your private keys are only visible on your device. They are kept secure and encrypted as they travel from the KMS vault to your device. Private keys are only decrypted and made readable on your device.
  • Signing transactions with your keys only occurs on your local device (desktop or mobile). Immutable never sees your private keys.
  • Our powerful smart contract wallet is embedded within Passport, providing an additional level of protection. All transactions are checked by the Immutable Passport Guardian before they are signed by the smart contract wallet. If Malware steals your keys and tries to submit transactions, they will be blocked by Guardian.
  • In the near future, we will introduce the option to secure high value in-game transactions with 2FA and a mobile app, further enhancing security and ensuring the protection of your digital assets.

How does all this work from a technical point of view?

  1. Imagine that one of your players has downloaded your new game.
  2. Having played for a while, they now wish to upgrade some of their assets to a higher level which requires a web3-enabled crafting event. 
  3. The following diagram shows the flow of interactions across the key systems to keep the player’s keys and in game assets secure.

 

Explaining this in more detail using an example of in-game crafting:

1. To  perform a web3 crafting event, players first login with Passport. This provides the game with a unique authorisation token for that player in that game. This login can persist, so the user doesn’t need to perform a login every time they play.

2. Triggered by the player’s action, the game initiates a crafting action via the Immutable SDK. The Immutable SDK passes the player’s login/access token to the Magic Link SDK and requests a transaction signer object.

3. The Magic Link SDK talks to the Magic Link platform which retrieves the encrypted customer keys from a cloud Key Management Service (KMS) to initiate the signer object on the client.


4. The Immutable SDK (running in the game) sends the crafting transaction to the Guardian service within the Immutable Platform.

5. The Guardian service evaluates the transaction risk, providing another point of protection for the player’s digital assets.

6. The player is presented with a Passport UI to confirm the transaction.  This can be done via an in-game UI, web pop-up, or two factor confirmation (in future, for high value in-game transactions).

7. The SDKs on the client device facilitate the first transaction signing.

8. The Immutable Relayer performs a final verification with the Guardian, before co-signing the transaction via the smart contract wallet. 

  • This is an important step as it provides the ultimate protection for the user. If the user’s keys are compromised on the client device (eg. through malware or otherwise) and then a 3rd party tries to initiate transactions directly to the blockchain, they will be unsuccessful without the relayer’s co-signing.

9. The player’s Passport smart contract wallet living on the Immutable zkEVM blockchain, verifies the signatures on the transaction before forwarding the transaction to the target smart contract, in this case, the game’s crafting contract.

10. The game’s asset crafting contract is then called to complete the crafting operation. The player now has the newly crafted item on the blockchain and in their game inventory.

 

The unique combination of social login, client-side signing, user confirmations, Guardian, relayer, and smart contract wallet makes Passport the state-of-the-art web3 identity and wallet solution for games. Passport ensures that players can have full confidence in the security of their assets, while also enabling them to play and trade across games AND marketplaces building on Immutable zkEVM without having to create new wallets.

As the number of gamers on Passport grows, how does that help your studio?

Over the long term, we see the Passport user base being a valuable asset for game studios to be able to harness. Passport users will deeply understand digital asset ownership, and they will clearly recognise the value of games that embrace this new concept. They will see your game as offering them an additional dimension of engagement beyond other games and, for many players, this will be an additional reason to try out your game and become a long term player in your game’s ecosystem.

 

To find out more about Passport and how to integrate it with your game or marketplace, please visit the Passport developer documentation here

Sign-up to the Immutable Developer Hub, and start building your web3 game on easy-mode.

Still need help?
Contact our support team directly
Disclaimer and risk statement:

This ‘How to’ guide is provided for information purposes only and does not constitute investment advice or a recommendation.  While Immutable has taken all reasonable care in preparing this guide, it is provided on an “As is” basis without any representations or warranty, to the maximum extent permitted by applicable law. In no event shall Immutable or any of its affiliates or any of its directors, officers, agents or employees be liable for any loss or damages in connection with the use of this guide. Some of the solutions referred to in this guide are provided by third parties; Immutable takes no responsibility for third party technology and you should refer to the policies, terms and conditions of those third party services before engaging with them.  Dealing in crypto assets can be complex; you should be aware of the risks involved with dealing with crypto assets, including with respect to transferring and bridging assets across different blockchain environments.

IMX Knowledge Base
Join the Immutable Newsletter

Be the first to receive Immutable updates, announcements and more.

$IMX Token Address
The official $IMX token address is: