Patent & IP

USPTO Application No. 19/644,477.

TrueSign is the commercial implementation of a patent-pending method for cryptographically binding authorization to device, transaction intent, and policy state.

USPTO Application

19/644,477

Docket

DWTP101US-TJC

Priority Date

September 30, 2025

Filing Date

April 10, 2026

Sole Inventor

Charles Cohen

Assignee

Data World 1, LLC

Status

Pending

Subject matter

The application describes systems and methods for cryptographically binding an authorization decision to (i) a hardware-bound private key held in a Secure Enclave, TPM 2.0, or HSM, (ii) a canonical intent message describing the specific transaction under approval, and (iii) a server-side policy state evaluated at sign-time.

The combined construction produces an authorization artifact that is non-replayable, non-substitutable, and non-repudiable across counterparties, addressing the structural gap between session authentication and transaction authorization.

The information on this page reflects publicly disclosable filing metadata. The application is pending and additional details, including counsel correspondence and a redacted claim summary, are made available to qualified counterparties under mutual non-disclosure.

Named independent claims

Three independent claims anchor the application.

The following describes the three independent claims that anchor the application as filed. Dependent claims, claim charts, and prosecution correspondence are made available to qualified counterparties under mutual non-disclosure.

Claim 1

Hardware-bound, transaction-bound authorization method

A method comprising: receiving a canonical intent message describing a specific transaction under approval; binding said intent to a non-exportable private key resident in a hardware security module, secure enclave, or trusted platform module; evaluating, at sign-time, a server-side declarative policy state; and issuing a signed authorization artifact bound to the intent, the device-attested key, and the evaluated policy.

Claim 2

Cryptographic receipt issuance and independent verification

A system for constructing a cryptographic receipt comprising the canonical intent, the authorization signature, a verifier policy hash, and a ledger commitment, structured such that any party in possession of the receipt and the publicly disclosed verifier specification may independently confirm the authorization without recourse to the issuing infrastructure.

Claim 3

Policy-governed dual-control authorization with hash-chained audit

A method for enforcing declarative, versioned, policy-governed dual control over a transaction authorization, wherein the policy state at sign-time is itself bound into the canonical intent and recorded, together with the authorization decision and resulting receipt, into an append-only hash-chained audit ledger supporting external notarization.

Figures

Three structural figures.

The figures below are simplified schematic representations of the construction described in the application. They are provided as institutional reference; the application drawings and detailed specification are made available to qualified counterparties under mutual non-disclosure.

Fig. 1

Authorization construction

Canonical intent, hardware-attested key, and server-evaluated policy state are bound at sign-time into a single signed authorization artifact.

Fig. 2

Cryptographic receipt anatomy

The receipt is constructed such that any holder, in possession of the publicly disclosed verifier specification, may independently confirm the authorization without recourse to the issuing infrastructure.

Fig. 3

Hash-chained audit ledger

Each authorization event commits to an append-only ledger whose blocks reference the prior block by hash. Optional external notarization anchors the chain to a third-party timestamping authority.

Continuation strategy

Four continuation streams.

The application is structured to support four continuation streams addressing post-quantum migration, cross-institutional verification, programmable policy primitives, and embedded device integration.

Continuation A

Post-quantum migration

Hybrid Ed25519 + ML-DSA (Dilithium) signing constructions and CNSA 2.0 alignment for federal and defense deployments.

Continuation B

Cross-institutional verification

Receipt portability and counterparty verification across distinct TrueSign deployments and federated verifier sets.

Continuation C

Programmable policy primitives

Composable policy authoring, simulation, and version pinning for regulated dual-control, segregation of duties, and external compliance hooks.

Continuation D

Embedded device integration

Authorization on constrained, embedded, and operational-technology endpoints with attested provisioning paths.

Claim summary

Categories of claim coverage.

The following describes categories of subject matter addressed by the application. The full claim set, as filed and amended, is available to qualified counterparties under mutual non-disclosure.

Independent system claims

A method and system for cryptographically binding an authorization decision to a hardware-bound private key, a canonical intent message, and server-evaluated policy state at sign-time.

Canonical intent encoding

Deterministic serialization of the transaction under approval, instrument, counterparty, amount, currency, policy context, time bounds, and nonce, producing identical hashes from identical inputs.

Hardware-bound signing

Generation, storage, and use of a non-exportable private key inside Secure Enclave, TPM 2.0, or FIPS-validated HSM, with attested device identity bound into the canonical intent.

Policy-gated authorization

Server-side evaluation of declarative, versioned policy at sign-time, including limits, segregation of duties, dual control, geofencing, time windows, and external compliance hooks.

Cryptographic receipt construction

Issuance of a receipt comprising the canonical intent, signature, verifier policy hash, and ledger commitment, verifiable independently of TrueSign infrastructure.

Immutable audit ledger interaction

Append-only, hash-chained recording of request, signature, decision, and receipt events, with optional external notarization for non-repudiation.

Competitive distinction

Authentication is not authorization.

FIDO2 / WebAuthn, OTP, push 2FA, and adaptive risk engines are mechanisms for authenticating a user, a device, or a session. They establish that the party in front of the system is who they claim to be at a moment in time. They do not, by construction, bind that act of authentication to a specific transaction.

TrueSign operates one layer deeper. The signed artifact attests, in a single deterministic structure, to the identity of the signer, the cryptographic identity of the device, the canonical content of the transaction, and the policy state under which the authorization was granted. The artifact survives the session, the user agent, and the verifier infrastructure that produced it.

This distinction is the basis on which TrueSign is positioned in regulated procurement, and the basis on which the application is drafted.

Reference

Authentication answers who. Authorization answers what, under what authority, with what binding. The distinction is not semantic; it is the difference between a session credential and an enforceable cryptographic receipt.

Competitive matrix

Where TrueSign sits.

Authorization and authentication are distinct controls. The matrix below positions TrueSign against the categories most often confused with it during institutional procurement review.

Approach	Hardware-bound key	Bound to canonical intent	Policy at sign-time	Cryptographic receipt
OTP / SMS	No	No	No	No
Push 2FA / approval prompt	No	Partial	No	No
FIDO2 / WebAuthn	Yes	No	No	No
TrueSign	Yes	Yes	Yes	Yes

Comparison reflects standard deployments of each approach. Vendor-specific extensions vary; the matrix is intended as an institutional reference, not a vendor evaluation.