Layer 1 — Live now (v3)
Core Cryptographic Receipt
ECDSA P-256 signatures
Canonical JSON hashing
GPS co-presence (12m)
90s time window
Client-side Web Crypto
Cloudflare Worker backend
Embeddable widget
Age-limited verification
Score at this layer — max 20 pts (20/100)
🔐 Signatures (×2 each)
6 pts
🔗 Hash integrity (×1)
4 pts
🧲 Cross-session binding (×1)
4 pts
📍 Co-presence GPS+time (×2)
5 pts
↓
Layer 2 — v4 — LIVE (April 2026)
Trust Score & Identity Layer
Weighted verification score
Receipt history depth
Device consistency tracking
Multiple receipts = higher trust
Location hotspot novelty scoring
WebAuthn biometric gate (optional, off by default)
Privacy mode — redacted GPS receipt
Settings panel — configurable tolerances
Score at this layer — max 50 pts (50/100) — trust history + biometric gate LIVE
🔗 Hash integrity (×1)
4 pts
🧲 Cross-session binding (×1)
4 pts
📋 Receipt history depth (×1) NEW
2 pts
🌍 Location diversity (×1) NEW
2 pts
📱 Device consistency (×1) NEW
2 pts
↓
Layer 3 — v5 — Hardware-Backed Signing — LIVE (May 2026)
Hardware-Backed Keys & Visual Witness — Stolen Phone Proof
All features in this layer are off by default. User enables individually in Settings. Never prompted during handshake. Never required to complete a scan.
v5.0 hardware-backed signing deployed and verified clean on three browser × OS combinations (Edge + Chrome on Windows 11 with Hello/TPM, plus Chrome on Pixel 8 Pro / Android). Mutual face capture is planned for v5.x.
🔒 Secure Enclave / TEE / Hello TPM — v5.0 LIVE
Keys in Secure Enclave (Apple) / TEE (Android) / Hello TPM (Windows)
Private key never extractable — replaces localStorage
Coexists with v4 localStorage keys; user opts in via Settings
Stolen device = keys unusable without biometric unlock
Verified on Edge + Chrome (Windows) + Chrome (Android)
📸 Face Capture — Mutual Witness System (v5.x — planned)
At scan: camera captures other party's face + QR
A witnesses B's face — B witnesses A's face
Face hash signed into each party's payload
Cross-witnessed — neither photographs themselves
Photo stays on device — only hash in receipt
No dual camera needed — back camera at scan time
QR in frame ties photo to this specific handshake
User enables in Settings — never a surprise popup
Score at this layer — max 70 pts (70/100) when v5 active — +20 over v4 layer-2 ceiling. PROTOCOL.md §13.9 is canonical.
🔒 Enclave-backed key NEW
5 pts
👆 Biometric unlock NEW
5 pts
📸 A witnessed B's face NEW
5 pts
📸 B witnessed A's face NEW
5 pts
💡 100% maximum score only needed for extraordinary verification — legal proceedings, high-security access, government use cases. Everyday use: base receipt is more than sufficient.
↓
Layer 4 — v6 — Trust network
Web of Real-World Relationships
Transitive trust chains
Social graph from receipts
Degrees of separation
"Trusted by X people you know"
Community vouching
Trust score decay over time
Sybil resistance via graph depth
Score at this layer — max 65 pts (65/100) (+8 new)
🔐 Signatures + integrity + binding
14 pts
📋 History + diversity + device
6 pts
🔒 Enclave + bio-metric + face (v5)
8 pts
🤝 Transitive trust score (×2) NEW
4 pts
👥 Community vouching (×1) NEW
2 pts
🕸️ Graph depth / Sybil resist (×1) NEW
2 pts
↓
Layer 5 — v6 — Blockchain anchoring
Permanent Tamper-Evident Record
Receipt hash on-chain
No PII on blockchain
Ethereum / Polygon / IPFS
Verifiable without IRLid server
W3C Verifiable Credentials
DID (Decentralised Identity)
Smart contract gating
DAO membership proof
Score at this layer — max 80 pts (80/100) (+6 new)
All previous checks
42 pts
⛓️ On-chain anchor verified (×2) NEW
4 pts
🪪 W3C credential validity (×1) NEW
2 pts
↓
Layer 6 — v6 — IoT & Humanitarian
Machine-to-Human & Drone Delivery
Drone QR handshake
Aid delivery proof
No operator needed on-site
Works offline, syncs later
NGO audit trail
IoT device as party A
Field worker verification
Anti-corruption receipts
Score at this layer — max 90 pts (90/100) (+6 new)
All previous checks
48 pts
🤖 Device/hardware attestation (×2) NEW
4 pts
📦 Delivery confirmation (×1) NEW
2 pts
↓
Layer 7 — v7 — Zero knowledge (long term)
Prove Presence Without Revealing Identity
ZK proof of receipt ownership
Prove you have N receipts
No GPS revealed to verifier
Anonymous credential system
Privacy-preserving trust
zk-SNARKs / Circom
Score at this layer — max 100 pts (100/100) — the ceiling
All previous checks
54 pts
🔏 ZK proof validity (×3) NEW
6 pts
🕵️ Privacy credential (×1) NEW
2 pts
Where the protocol gets deployed — parallel deployments, one shared cryptographic core
Surface 1 — LIVE
Consumer
Two phones, two scans, one cryptographic receipt. The default deployment — no install, no account, no biometrics by default. Anyone with a browser is on this surface.
index.html
accept.html
scan.html
receipt.html
check.html (third-party verify)
Surface 2 — TEST ENV
Org Portal — Unified Check-in
Branded event QR + role-gated dashboard for venues, conferences, workplaces. Doorman flow with manual-acceptance disclaimer; cryptographic identity loop enabling "scan once, recognised forever". Currently in test environment; staff auth + step-up signing on saves still in flight.
OrgCheckin.html
org.html (legacy)
Role-gated dashboard
Cryptographic identity loop
Identity rebind / recovery
Surface 3 — LIVE
Embeddable Widget — reCAPTCHA-style
Any website can drop in a single <iframe> and use a physical meeting as a verification gate. One postMessage listener, no SDK, no API key, no dependency on IRLid's servers staying up. The receipt is a self-verifying signed object — the parent page can verify it independently or trust the embedded widget's verification.
widget.html
demo-login.html
postMessage API
No SDK required
Surface 4 — PARTNERSHIP-GATED
Humanitarian Last-Mile
Drone-delivered aid + local recipient handshake. Proof of delivery in places without addresses, beyond reliable connectivity. Partnership with ASE Tech / Wisdom Aidenogie for sub-Saharan Africa deployment. Retroreflective QR research validated as a live engineering field; the protocol can carry the proof while the courier moves on.
pitch-humanitarian.html
Drone QR handshake
Retroreflective QR (researched)
Offline-first, sync later
NGO audit trail
Surface 5 — V6+ DESIGN
Multi-Party Custody
Chain-of-custody receipts for handovers — drop-offs, prison transfers, school pickup chains, package handoffs. Each link signed by the previous holder; if the chain breaks, it ends at a known last-known-signature point rather than dissolving into ambiguity. Anti-fragile by design.
PROTOCOL.md §10.4 (queued)
Chain-of-custody receipts
Known-break-point semantics
Anti-fragile by design
These surfaces share the same protocol core. A v3-era receipt verifies the same way whether it comes from a consumer handshake at a coffee shop, a drone-delivered parcel in a rural courtyard, or a custody handover at a prison gate. Future protocol versions (above) extend what's cryptographically possible; application surfaces (here) extend where the protocol meets the world.