Abstract

This disclosure describes a composite defense-in-depth architecture for distributing, validating, and operating offline self-verifying single-file cryptographic documents, complementary to and extending two prior publications by the present inventor on Technical Disclosure Commons: publication 10079 (12 May 2026, Cryptographic Identity Document System Using TOTP-Derived Symmetric Keys for Offline Issuer-Mediated Access Control) and publication 10167 (19 May 2026, Self-Verifying Single-File Cryptographic Documents with Dual-Passphrase Architecture for Offline Recipient-Mediated Access Control).

The architecture combines six independent fail-closed verification layers spanning three operational scopes — the cryptographic document itself, an optional offline launcher application (a Progressive Web Application, the "Wallet"), and the distribution channel — such that an adversarial action must defeat all six layers simultaneously to compromise the system. The disclosed elements include: (a) multi-marker structural validation, a syntactic ingestion check that requires the simultaneous presence of four heterogeneous structural markers in a candidate file before it is admitted into the launcher's persistent storage; (b) bidirectional filename-identifier verification, a triple-checkpoint mechanism that detects any divergence between a document's embedded canonical identifier and the filename through which it is referenced, with independent enforcement at the launcher (ingestion and open) and at the document (self-check); (c) a non-degrading optional offline launcher pattern, in which an offline Progressive Web Application provides organisational, persistence, and discovery functionality without weakening the cryptographic protections intrinsic to each document — strictly additive, never load-bearing; (d) an access-controlled bundled distribution model with universally-verifiable cryptographic timestamping, in which the document generator and its companion launcher are bundled into a single archive whose authenticity is anchored to public blockchains (Bitcoin, Ethereum) while access to the archive itself remains restricted through a controlled-onboarding process.

The composition is fail-closed at every layer: each layer is individually sufficient to refuse a tampered, spoofed, or impersonated document, and the failure of any single layer does not compromise the overall integrity guarantees. The reference implementation, the IIC Wallet bundled in the IIC Complete Package v8.4.1, is anchored on the Bitcoin and Ethereum blockchains on 7 June 2026 and is independently verifiable on any block explorer without permission, account, or fee. This disclosure is published as defensive prior art under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS