7 Key Shards
Module Type: Identity & Access Category: Account Recovery & Access Control Purpose: Provides a biometric and cryptographic fallback system to securely regain access to user accounts in the event of lost credentials, compromised devices, or onboarding of trusted hardware.
𧩠Overview
The 7 Key Shards system is the TRN platformβs secure identity fallback and biometric proof mechanism. It supports account initialization, multi-factor access, and seamless yet decentralized recovery. It serves two primary functions:
Ensuring secure access to all user-held platform data and balances
Enabling authorized recovery through threshold-based reauthentication
Every user on the TRN platform is initialized with a 7-shard identity vault, where access requires specific combinations of biometric keys and fallback verifications. These shards are used to decrypt off-chain data (such as post metadata, view history, or embedded semantic indexes) stored via IPFS and tied to the user.
π Core Access Rules
β
Default Unlock (Normal Login)
Requires 3-of-7 keys:
Face recognition (selfie camera)
Thumbprint or fingerprint scanner
Voice authentication (passphrase check)
These 3 primary biometrics are required on every login unless fallback is used
π Fallback & Recovery
If a user loses access to one or more biometric sources (e.g., broken device), they may trigger recovery mode.
Recovery mode requires:
4-of-7 key majority
At least 1 fallback shard (email, device trust signature, guardian verification)
Dynamic challenge through platform AI to verify semantic behavior (TBD)
π What the Keys Unlock
The 7 shards do not control wallet-level token access (which operates via smart contract permissions). Instead, they:
Unlock the user's ViewIndex and RetrnIndex entries
Decrypt access to personal post metadata and semantic embeddings
Permit access to past subscription keys and country-based content
Enable resynchronization with the TRNUsageOracle for debt tracking
Validate against fraud-check logs in the AI Bot Verifier
Once authenticated, the userβs session is permitted to:
Read and write Merkle drop state
Access and contribute to moderation proofs
Post, view, bless, or burn content again
π§ Key Types
π§ FaceID
Facial recognition snapshot
β Default Required
π Thumbprint
Fingerprint scan
β Default Required
π£οΈ Voiceprint
Audio pattern + phrase
β Default Required
βοΈ Email Fallback
Encrypted fallback key via verified email
β οΈ Optional
π Guardian Key
AI-verified fallback with guardian confirmation
β οΈ Optional
π± Trusted Device
Secure device-based key on verified hardware
β οΈ Optional
𧬠Semantic Pattern
AI profile match from writing or behavior patterns
β οΈ Optional (TBD)
All biometric key data is encrypted and stored off-chain. IPFS hash indexes are assigned per user, and never publicly resolvable without full key reconstruction.
π Recovery Flow
𧱠Resets and Transfer
Users may rotate keys at any time by passing 5-of-7 verification
Transfer of account to a new device or trusted session requires full 3-key auth + 1 fallback
β οΈ Security Considerations
A compromised biometric or device alone cannot breach access
Full recovery requires multiple verifiable keys β no backdoors
All fallback systems include audit logs via ModerationLog
AI Bot Verifier may flag identity spoofing during fallback attempts
ποΈ Files & Modules That Interact
TRNUsageOracle
Ensures fruit balance integrity post-recovery
ModerationLog
Flags suspicious recovery attempts
AI Bot Verifier
Assesses behavioral mismatch during key reset
Vault Escrow
Locked balance cannot be withdrawn unless verified
GeoOracle
Country-specific restrictions on recovery pathways
KYC Withdrawal Layer
Blocks KYC re-linking unless 4-of-7 shard match
Last updated