TrueSign
Cryptographic Approval Platform

Authorization,
not authentication.

TrueSign replaces one-time passwords with hardware-bound cryptographic approvals, bound to the device, bound to the transaction, bound to the policy.

Request institutional briefing For investors
Patent Filing
USPTO
19/644,477
Docket
DWTP101US-TJC
Priority
Sept 30, 2025
Filed
Apr 10, 2026
Inventor
Charles Cohen
Assignee
Data World 1, LLC
Claims
14 (Method · System · Platform)
The signing act, in three movements

Intent. Hardware-bound signature. Cryptographic receipt.

Each authorization produces a deterministic, hardware-attested artifact. The receipt is independently verifiable and committed to a hash-chained ledger.

CANONICAL INTENTHARDWARE-BOUND SIGNCRYPTOGRAPHIC RECEIPTINTENTSHA-256(intent)HSMEd25519σ = Sign(sk, h)RECEIPT
01, The problem

OTP proves who clicked. It does not prove what was authorized.

One-time passwords and traditional second-factor authentication confirm presence on a session. They do not bind a code to a recipient, an amount, a counterparty, a policy condition, or a coercion signal.

Failure mode

Phishing

OTP codes are reusable secrets transmitted out-of-band. A convincingly crafted page captures the code and replays it within the validity window.

Failure mode

SIM-swap

Telecom-account takeover redirects SMS OTP to attacker-controlled SIMs. The carrier becomes the weakest link in the bank’s authentication chain.

Failure mode

Authorized push payment fraud

OTP confirms a session, never a recipient or amount. Coerced or socially engineered users authorize the wrong transaction; OTP records prove only that they did.

02, The approach

Authorization, signed by hardware. Bound to the action.

A canonical intent message describes the exact action under approval. The user’s device signs it inside a Trusted Execution Environment with a non-exportable private key. The platform verifies, applies policy, and issues a cryptographic receipt.

01

Authorization Request

Enterprise backend submits action parameters to the TrueSign API Gateway.

02

Canonical Intent Message

Platform constructs a deterministic encoding: subject, amount, context, policy_id, expiry, nonce.

03

Cryptographic Signing

Client device displays the human-readable action; the secure execution environment signs the canonical message with the non-exportable private key.

04

Verification & Policy

Platform verifies signature against the registered public key, then evaluates policy: thresholds, roles, risk, geofencing, time-locks.

05

Decision & Receipt

Allow / deny returned with a cryptographic receipt (JWS or COSE). Every decision is written to the immutable audit ledger.

{
 "intent_id": "ti_01HZK4G7…",
 "subject": "user:9f1c…4e",
 "device": "att:tee:5b3a…",
 "amount": { "value": "2,500,000.00", "ccy": "EUR" },
 "recipient": "acct:DE89:…:7841",
 "policy_id": "wire.tier3.dual_control",
 "context": { "channel": "swift", "geo": "DE" },
 "nonce": "8f3c…b201",
 "issued_at": "2026-05-11T09:14:22Z",
 "expires_at": "2026-05-11T09:16:22Z"
}
Read the platform overview →
03, Industries

Built for regulated authorization workflows.

Banking

Wire, treasury, and admin authorization across Tier-1 institutions.

Learn more →

Government & Federal

NIST AAL3 by protocol design; FedRAMP Moderate implementation in progress.

Learn more →

Defense

Hardware-bound mission-critical action approval; post-quantum-ready.

Learn more →

Insurance

Non-repudiable claims approval with adjuster cryptographic binding.

Learn more →

Fintech

PSD2 / PSD3 SCA that ships in days, not quarters. SDK-grade.

Learn more →
04, Credibility
Patent

USPTO 19/644,477

Cryptographic Intent-Bound Authentication System for Action Authorization. 14 claims; three independent (Method, System, Authorization Platform). Sole inventor: Charles Cohen.

Patent & IP position →
Regulatory alignment

By design, not configuration.

  • , PSD2 / PSD3 SCA
  • , FFIEC
  • , NIST SP 800-63B AAL3
  • , NIST SP 800-207
  • , FedRAMP Moderate
  • , CMMC 2.0
  • , MAS TRM
  • , RBI Master Direction
  • , APRA CPS 234
Compliance & regulatory →
Founder

Charles Cohen

Sole inventor, USPTO 19/644,477. Thirty years of sovereign-scale infrastructure and fintech execution. Former CCO Strategy & Development at SkyPower Global; founder & CEO TransCash.

About the founder →
“OTP proves who clicked. It does not prove what was authorized. That gap is not a bug in OTP. It is OTP’s definition. TrueSign closes the gap by signing the action itself.”
, Charles Cohen, founder & inventor
Institutional engagement

Request institutional briefing.

NDA-gated technical deep-dive available within five business days. Briefings are conducted by Charles Cohen with security architecture, compliance, and procurement leadership.

Direct
charlesc@dataworldone.com
Phone
+1 310-753-2558
Office
8383 Wilshire Blvd, Suite 323, Beverly Hills, CA 90210
Institutional Briefing Request

Institutional briefing request

Briefings are conducted by Charles Cohen with security architecture, compliance, and procurement leadership at qualifying institutions. Five-business-day response SLA.

Institutional email; free-email domains flagged for manual review.

Optional · 1000 characters maximum.

Submitting transmits your information to Data World 1, LLC for the purpose of evaluating an institutional briefing. Handled per the Privacy Notice.