[ B ] The invention Patent Pending · USPTO 63/860,921

Technology & patent.

SciPHR's provisional patent describes a system and method for zero-knowledge blockchain identity management using NFT-encapsulated seeds with hardware-enforced encryption and DID authentication. The core idea: put a backup of a wallet's secret somewhere completely public, and still make it openable only by the owner's own hardware, while the ledger itself enforces who may rotate and recover the account.

Scope & status

This page explains what the invention does and why, at a conceptual level. The exact claim language lives in the filing itself, and none of this is legal advice. The filing is provisional ("Patent Pending"). The shipping architecture is V5: a fully self-custodial design where keys are generated and held on the user's device and the master key is backed up as an encrypted envelope, described below.

[ 01 ]What is new

Three ideas that only work together.

Each piece below exists in the world on its own. SciPHR's contribution is the way they combine into a single, coherent identity system, an encrypted secret you can publish, decryption gated by verifiable hardware, and a clean split between "who may ask" and "how it's sealed."

[ 01 ]
NFT-anchored backup envelope
The master key is encrypted into a backup envelope and referenced by an NFT on a public ledger, a tamper-evident provenance anchor (CID + hash) that's free to live in the open because the sciphrtext is useless without the owner's own keys.
[ 02 ]
Device-hardware-gated keys
Keys are generated and held on the user's device, gated by the Secure Enclave and a live biometric. Nothing the operator runs can sign or decrypt, the secret never leaves the phone except as an already-signed transaction.
[ 03 ]
DID auth + native recovery
A W3C decentralized identifier anchors device keys on-chain, while XRPL-native key rotation (SetRegularKey / SignerListSet) enables multi-device access and recovery, without ever sharing a key or handing custody to anyone.

Zero-knowledge to operators

The combination yields a system where the operator, SciPHR, holds no key that can open your backup or sign as you, and the keys are generated and kept on your own device. The master key is reconstructed only on your device, only for the instant of a signature, then wiped. No persistent knowledge of the key exists anywhere in SciPHR's infrastructure.

[ 02 ]The architecture, drawn

The system, in the brand.

The provisional filing includes black-and-white system drawings. Here they are, redrawn to the current V5 architecture, same structure, legible at a glance.

Mobile App React Native · xCIPHR Secure Enclave P-256 gate key iOS Keychain Ed25519 · device-only Backend API Node.js · no keys XRP Ledger settle · XRPL xCIPHR NFT · Taxon 3 • Provenance ref (sciphr:v5) • DID reference • Signer-list recovery Storage (IPFS) backup envelope Recovery SetRegularKey · quorum prepare / broadcast Face ID unlock / sign signed blob pin envelope recovery rules anchors →
Fig. 1, V5 system architecture. Dashed frames denote on-device security hardware; the encrypted backup envelope lives in storage, anchored by the NFT, while recovery rules live on the ledger.
System 01, Custody · on-device key + encrypted backup On-device key Ed25519 · Keychain Backup key AES-256-GCM 3-way wrap SE · iCloud · code Envelope → IPFS NFT anchors sciphr:v5:cid#hash Backup-key home: your device, iCloud, or recovery code · Purpose: a restorable backup, safe in the open System 02, Recovery · XRPL-native re-keying Regular key SetRegularKey Signer list SignerListSet Quorum SciPHR < quorum Re-key account no SciPHR custody A quorum of your signer list re-keys the account on-chain, SciPHR's co-signer sits below quorum and can never act alone.
Fig. 3, The two systems. Watch them animate on How it works ↗
[ 03 ]What the filing covers

The protected concepts.

A conceptual description of the inventive ideas the provisional application sets out.

  • Encrypting a backup of the wallet's master key and anchoring it via a blockchain NFT as a portable, tamper-evident on-chain reference.
  • Sealing that backup so that no key capable of opening it is ever transmitted to, or stored by, the operator alongside the sciphrtext.
  • Confining the ability to open the backup to the owner's own device hardware and a live biometric.
  • Authenticating devices through on-chain DID documents holding hardware-born public keys, distinct from the backup system.
  • Generating and using the wallet keys only on the user's device, reconstructing the master key transiently for the instant of a signature.
  • Enabling key-free multi-device access and recovery through on-chain key rotation, where only a valid on-chain signature, or a signer-list quorum, can modify or re-key the identity.
[ 04 ]Engineering principles

Why we built it this way.

Verifiable by design

The backend holds no key that can sign or decrypt. Security rests on auditable code and the ledger's own signature checks, so anyone can confirm how custody works by reading the code.

Standard & audited

Ed25519, AES-256-GCM, Argon2id, W3C DID, XLS-40, XLS-20: audited, widely-reviewed primitives. SciPHR's contribution is the architecture that combines them, and every cryptographic primitive here is a public standard.

Public by default

Security comes from encryption. The backup envelope lives on public, content-addressed storage because its safety holds even when anyone can find it, since the sciphrtext is useless without the owner's keys.

Separation of powers

Custody lives on your device; recovery lives on the ledger. No single component, and no SciPHR co-signer alone, can both hold a key and move funds.

Standards & compliance posture

The architecture rests on NIST-approved primitives, AES-256-GCM and Ed25519, with Argon2id (per OWASP) for recovery-code derivation, device-bound keys in the iOS Secure Enclave and Keychain, optional Apple Advanced Data Protection for end-to-end-encrypted backup, and GDPR Article 32 technical measures. Custody is described precisely as self-custodial / non-custodial: under the applicable control test, an operator that cannot sign or decrypt holds no custody.

On the record.

TitleZero-Knowledge Blockchain Identity Management Using NFT-Encapsulated Seeds with Hardware-Enforced ECDH Encryption and DID Authentication
Application №63/860,921
TypeUtility · Provisional (35 USC 111(b))
StatusPatent Pending
OfficeUSPTO

The provisional was filed on the original encryption foundation; the shipping V5 architecture realizes the same invention as a fully self-custodial design, an NFT-anchored encrypted backup of a device-held master key, with DID authentication and XRPL-native recovery.

← PreviousHow it works