Mechanism
The system implements a pseudonymous, dynamic-hash-based protocol for securing device identity, session continuity, and communication path validation across decentralized infrastructure. Rather than relying on static identifiers such as IP addresses or MAC addresses, each device is represented by a volatile dynamic hash generated from an intrinsic device identifier and a short-lived, local salt. This composite is processed by a hash generator, producing a pseudonymous handle that evolves over time, protecting against correlation, fingerprinting, or unauthorized tracking.
The dynamic hash is not published globally. Instead, it is stored on a private anchor group designated for a given user, which acts as the only custodian of persistent device metadata. Only the location of the user's anchor or anchors is recorded in the public index, allowing the broader network to route communication toward the user without exposing device-level details.
Resolution Through the Private Anchor
Device-level resolution is delegated to the user's private anchor. When a message is sent to an alias such as user@elizabeth, the network resolves the alias to the user's private anchor. The private anchor then performs internal resolution using the latest dynamic hash to locate the target device on its local network, enabling end-to-end delivery without ever exposing static identifiers. Because only the user's private anchor indexes device hashes, no public infrastructure is required to mediate device resolution or visibility.
This separation of duties is what lets the system support secure device discovery without revealing device topology. The public index carries only the reference to the private anchor location, while the private anchor carries the device metadata. As described for FIG. 5, a user device generates a dynamic hash by combining its unique device identifier and a volatile salt via a hash generator, and that hash is stored locally on the user's private anchor; the public index simply references the location of the private anchor, allowing external clients to initiate contact without gaining access to the underlying device metadata.
Ephemeral Keys and Expiring Session Paths
This architecture preserves session security while maintaining privacy. Devices authenticate to each other using ephemeral keys tied to their current dynamic hash, with each communication path established as a short-lived session. Once the interaction concludes, both the hash and the session path expire, preventing reuse or passive monitoring over time. Because volatile device identifiers regenerate upon each new communication session, the model mitigates cross-session tracking and device fingerprinting while remaining compatible with session continuity.
The summary of the disclosure frames the underlying operation as authenticating endpoint devices based on ephemeral cryptographic hashes validated against anchor-bound records. Authentication is therefore a property of the device's current hash as validated by the custodial anchor, not a property of a stored long-lived credential.
Decentralized Revocation
Anchors may maintain decentralized revocation registries for compromised device hashes. When a device is flagged, the revocation state is propagated anonymously via anchor gossip or routing overlays, allowing intermediary nodes to suppress further resolution or authentication attempts from revoked identifiers. When a device is suspected of compromise or theft, the corresponding anchor policy registry may flag the associated hash lineage. This revocation status is cryptographically signed and disseminated to nearby nodes and anchors, which enforce authentication blocks without exposing device identity or user metadata.
Multi-Device Aliasing and Handoff
The system supports multi-device aliasing, enabling a single user alias to resolve to multiple dynamic device hashes. Anchors track session states across registered devices, allowing seamless authentication handoff without disrupting active communications or degrading session security. A user alias can therefore span several devices, with the private anchor coordinating which device hash is current for a given session and preserving the security context across a handoff between devices.
Entropy Threshold and Proof of Possession
Anchor policies may define a dynamic minimum entropy or trust threshold required for alias resolution. If an ephemeral device hash fails to meet the entropy floor, or if the associated trust level degrades below acceptable policy bounds, the anchor may suspend resolution attempts until sufficient validation is restored. Admission to resolution is thereby made conditional on the freshness and quality of the presented hash rather than on a one-time enrollment.
To prevent exposure of raw device traits, anchors may implement anonymous proof-of-possession protocols. These mechanisms verify device legitimacy through cryptographic challenge-response or zero-knowledge attestations, allowing validation without revealing device fingerprints. Validation therefore confirms legitimacy while preserving the pseudonymity that the dynamic hash is designed to protect.
Distinction From Static Identifiers
Conventional device authentication relies on static identifiers such as IP addresses or MAC addresses, or on persistent enrolled credentials. These approaches treat identity as a stable, published property of the device, exposing the device to correlation, fingerprinting, and long-term tracking. The mechanism disclosed here instead represents each device by a volatile dynamic hash that evolves over time, holds device metadata only on the user's private anchor, and publishes only the anchor's location. Together, these components form a privacy-preserving, dynamically refreshed authentication mechanism that supports secure, pseudonymous interaction across a decentralized network while preserving compatibility with session continuity, multi-device use, and secure routing.
Disclosure Scope
This article describes the pseudonymous device authentication mechanism disclosed in U.S. Application No. 19/326,036, comprising the volatile dynamic hash generated from an intrinsic device identifier and a short-lived local salt by a hash generator, the storage of that hash on the user's private anchor group as sole custodian of persistent device metadata, the recording of only the anchor location in the public index, the resolution from a user alias to the private anchor and then internally to the current device hash, the ephemeral keys and expiring session paths, the decentralized revocation registries propagated anonymously via anchor gossip or routing overlays with cryptographically signed flagging of a compromised hash lineage, multi-device aliasing with session handoff, the dynamic minimum entropy or trust threshold governing resolution, and the anonymous proof-of-possession protocols using cryptographic challenge-response or zero-knowledge attestations. The scope is not limited to any particular hash construction, salt source, or anchor governance arrangement, provided the disclosed properties of volatility, anchor-custodied resolution, ephemeral sessions, and pseudonymity are preserved.
