Abstract

This disclosure describes a cryptographic identity document architecture enabling offline content decryption and issuer-mediated access control through Time-based One-Time Password (TOTP, RFC 6238) derived symmetric keys, without reliance on any server, certificate authority, or pre- shared key material at decryption time. The system combines: (a) dual-domain symmetric key derivation, where two PBKDF2-SHA-256 derived keys (600,000 iterations, NIST SP 800-132 2023) serve respectively for issuer-side storage encryption and recipient-side content decryption; (b) AES-256-GCM authenticated encryption of identity payloads; (c) embedding of an obfuscated TOTP secret in distributed documents using a position-dependent multi-factor XOR transformation that defeats static extraction; (d) IIFE-based JavaScript module isolation preventing runtime introspection of cryptographic primitives via the browser console; and (e) ECDSA P-256 chained signatures with embedded public key for tamper-evident integrity verification independent of any external trust anchor. The disclosed access protocol allows the document issuer to retain exclusive custody of the TOTP secret while transmitting only live six-digit codes on demand to recipients, providing real-time, revocable access control without any registry, server, or revocation list. The architecture supports distribution as single-file self-contained HTML documents, content-addressable deployment through IPFS, and blockchain timestamping for tamper-evident proof of existence at a given date. This disclosure is published as defensive prior art. The architecture was publicly implemented and deployed on the InterPlanetary File System (IPFS) in May 2019 with Bitcoin blockchain timestamping, predating the August 2022 Multi-Factor Key Derivation Function (MFKDF) construction by Nair and Song (arXiv:2208.05586) by more than three years.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS