7 Key Shards
Module Type: Identity & Access Category: Account Recovery & Access Control Purpose: Provides a biometric and cryptographic fallback system to securely regain access to user accounts in the event of lost credentials, compromised devices, or onboarding of trusted hardware.
🧩 Overview
The 7 Key Shards system is the TRN platform’s secure identity fallback and biometric proof mechanism. It supports account initialization, multi-factor access, and seamless yet decentralized recovery. It serves two primary functions:
Ensuring secure access to all user-held platform data and balances
Enabling authorized recovery through threshold-based reauthentication
Every user on the TRN platform is initialized with a 7-shard identity vault, where access requires specific combinations of biometric keys and fallback verifications. These shards are used to decrypt off-chain data (such as post metadata, view history, or embedded semantic indexes) stored via IPFS and tied to the user.
🔐 Core Access Rules
✅ Default Unlock (Normal Login)
Requires 3-of-7 keys:
Face recognition (selfie camera)
Thumbprint or fingerprint scanner
Voice authentication (passphrase check)
These 3 primary biometrics are required on every login unless fallback is used
🔁 Fallback & Recovery
If a user loses access to one or more biometric sources (e.g., broken device), they may trigger recovery mode.
Recovery mode requires:
4-of-7 key majority
At least 1 fallback shard (email, device trust signature, guardian verification)
Dynamic challenge through platform AI to verify semantic behavior (TBD)
🔒 What the Keys Unlock
The 7 shards do not control wallet-level token access (which operates via smart contract permissions). Instead, they:
Unlock the user's ViewIndex and RetrnIndex entries
Decrypt access to personal post metadata and semantic embeddings
Permit access to past subscription keys and country-based content
Enable resynchronization with the TRNUsageOracle for debt tracking
Validate against fraud-check logs in the AI Bot Verifier
Once authenticated, the user’s session is permitted to:
Read and write Merkle drop state
Access and contribute to moderation proofs
Post, view, bless, or burn content again
🧠 Key Types
🧑 FaceID
Facial recognition snapshot
✅ Default Required
👍 Thumbprint
Fingerprint scan
✅ Default Required
🗣️ Voiceprint
Audio pattern + phrase
✅ Default Required
✉️ Email Fallback
Encrypted fallback key via verified email
⚠️ Optional
🔐 Guardian Key
AI-verified fallback with guardian confirmation
⚠️ Optional
📱 Trusted Device
Secure device-based key on verified hardware
⚠️ Optional
🧬 Semantic Pattern
AI profile match from writing or behavior patterns
⚠️ Optional (TBD)
All biometric key data is encrypted and stored off-chain. IPFS hash indexes are assigned per user, and never publicly resolvable without full key reconstruction.
🔁 Recovery Flow
[User loses access to device]
↓
[Initiates 4-of-7 Recovery]
↓
[Fallback email / device / semantic pattern triggered]
↓
[TRN Identity Service re-authenticates + decrypts off-chain IPFS keys]
↓
[User regains platform access, usage continues as normal]🧱 Resets and Transfer
Users may rotate keys at any time by passing 5-of-7 verification
Transfer of account to a new device or trusted session requires full 3-key auth + 1 fallback
⚠️ Security Considerations
A compromised biometric or device alone cannot breach access
Full recovery requires multiple verifiable keys — no backdoors
All fallback systems include audit logs via ModerationLog
AI Bot Verifier may flag identity spoofing during fallback attempts
🗃️ Files & Modules That Interact
TRNUsageOracle
Ensures fruit balance integrity post-recovery
ModerationLog
Flags suspicious recovery attempts
AI Bot Verifier
Assesses behavioral mismatch during key reset
Vault Escrow
Locked balance cannot be withdrawn unless verified
GeoOracle
Country-specific restrictions on recovery pathways
KYC Withdrawal Layer
Blocks KYC re-linking unless 4-of-7 shard match
Last updated