Sidecars contain a patented Machine Alias Identity (MAID) credential for each workload. The MAID is a verifiable, rotating identity credential that resides with and is managed by a deployed and initialized Hopr sidecar. It does not rely on automated PKI certificates whose chain of trust end with the certificate authority and not with the workload. A MAID is issued by Hopr to each sidecar/workload when it first operates after deployment. After that, the MAID is rotated within each sidecar at a high frequency, but the rotations are recognized by Hopr and create a chain that Hopr uses to independently verify workload trust at each session. This verification process prevents impersonation attempts (spoofing) by an imposter workload (Adversary in the Middle) and helps ensure that only trusted workloads connect with each other. Sidecars manage MAID rotation and Hopr SaaS manages trust verification. MAID rotation occurs on an interval determined by an organization's security requirements and threat model. This ensures an optimal balance between security and performance.

‍