Mechanism
Identity layering, as disclosed, is the arrangement of three structurally independent identity substrates that can be compositionally bound under policy. The three substrates are device identity, governed by the device-derived hash mechanism described in the filed platform applications; agent identity, governed by the memory-native identity mechanism in which each semantic agent's identity is established and maintained through the continuity of its governed state fields across its lifecycle; and biological identity, governed by the trust-slope continuity mechanism. Each substrate addresses a distinct identity domain: hardware, software agent, and human biological entity. All three share the same architectural principle: identity is established and maintained through continuity validation rather than through static credential presentation.
The layering is not a hierarchy in which one substrate inherits authority from another. The three substrates are interoperable but structurally independent. A biological identity does not depend on any particular device identity for its validity: a human user may interact through different devices while maintaining biological identity continuity. A device identity does not depend on any particular biological identity: a device may operate autonomously or be used by different authorized individuals. An agent identity does not depend on either device or biological identity for its internal coherence: the agent's memory-native identity is maintained through the continuity of its own governed state regardless of which device hosts it or which human interacts with it.
Layering arises when a policy requires that a particular action be authorized by a combination of substrates: for example, a biological identity presenting through a device with an attested device identity, interacting with an agent whose agent identity has been continuously validated. This compositional binding is policy-governed rather than architecturally mandated, enabling deployment configurations that range from fully anonymous device-only access to high-assurance multi-substrate identity verification.
The Common Trust-Slope Interface
The interoperability of the three identity substrates is achieved through a common trust-slope interface. Each substrate produces trust-slope data in a structurally compatible format: a temporally ordered sequence of non-invertible hashes, each evaluated for continuity with its predecessors, each carrying a graded confidence assessment rather than a binary match determination. Because every substrate speaks the same continuity vocabulary, the substrates can be evaluated together without translating between dissimilar identity models.
The common interface enables cross-substrate policy evaluation. A policy may require biological identity confidence above a specified threshold before permitting an agent to execute a high-consequence action, or may degrade device trust if the biological identity presenting through the device exhibits anomalous discontinuity. The cross-substrate interface does not require disclosure of raw identity data between substrates: it operates on trust-slope confidence values and continuity assessments that are derived from but not invertible to the underlying identity signals. One layer can therefore condition on the health of another without ever reading the other's underlying material.
Compositional Binding
Compositional binding is the operation by which the layers are joined for a specific action. A compositional binding evaluation determines whether the action requires single-substrate, dual-substrate, or tri-substrate identity validation, depending on the action's governance requirements. The requirement is set by policy at the point of authorization rather than fixed in the architecture, so the same infrastructure supports both a low-friction single-substrate interaction and a high-assurance interaction that demands all three substrates present and continuously validated.
Binding extends to external credentials. The architecture integrates with external credential systems, including passports, government-issued identification documents, organizational badges, and professional certifications, by verifying that a presented credential corresponds to the biological identity presenting it. Credential binding operates through a binding event in which an external credential is presented simultaneously with a biological signal capture: the event generates a biological hash from the capture and records the association between the biological hash and the credential identifier. Subsequent verification compares the presenting individual's current biological signal against the trust-slope that was bound to the credential, using the standard continuity validation. If continuity fails, the credential verification fails regardless of the credential's own validity. A genuine passport presented by an individual whose biology does not continue the bound trust-slope is rejected.
The Layered Privacy Architecture
Layering also describes how privacy protection is constructed within the biological substrate as a series of structural layers rather than as a single policy check. The privacy architecture is layered across three levels. The stable sketching mechanism provides structural non-invertibility at the representation level: the stable sketch is produced through dimensional reduction, projection, and band-based quantization that discard information that cannot be recovered, so the sketch carries enough information for continuity validation but not enough to reconstruct the biological signal. The domain separation mechanism provides structural unlinkability at the identifier level: a domain separation tag produces a structurally different biological hash for each context, so two hashes derived from identical biological signals but generated in different domains are computationally indistinguishable from hashes derived from different individuals. The governance controls provide policy-enforced restrictions at the operational level.
Each privacy layer is structural rather than procedural. Non-invertibility is a property of the representation, not an assumption about computational difficulty. Unlinkability is a property of the identifier, not a deletion policy. The operational layer adds resolution authorization, audit, and retention controls on top of those structural guarantees. Because the protections are stacked, a relying party that satisfies the operational layer still cannot defeat the unlinkability or non-invertibility layers beneath it.
Capability Binding and Continuous Re-Evaluation
A resolved identity governs access through a policy-governed authorization mechanism that does not grant access on identity alone. Authorization is a function of the resolved biological identity, represented by the trust-slope's cumulative confidence and the assurance level of the most recent validation event; the resource's access policy, which specifies the minimum identity confidence and assurance level required; and any additional contextual conditions, including time of day, location, concurrent device identity, and concurrent agent identity, named in the policy.
Capability binding extends authorization to resource-specific capability grants. A capability is a structured token specifying what actions the authorized individual may perform with respect to a specific resource, under what conditions, and for what duration. Capability tokens are bound to the biological trust-slope such that a capability remains valid only as long as the trust-slope continues to be validated with sufficient confidence. If the trust-slope's confidence degrades, due to failed validation events, excessive sparsity, or detected anomalies, capability tokens bound to that trust-slope are automatically suspended or revoked. Authorization is continuously re-evaluated rather than granted once and assumed indefinitely, which means the binding between a layer and the actions it permits is itself live.
Multi-Identity Authorization Without Data Disclosure
Layering composes across multiple distinct biological identities as well as across substrates. The architecture supports delegation and multi-identity authorization in which multiple identities are authorized to act on a common resource without any party disclosing biological trust-slope data to any other party. Delegation operates through policy-mediated capability transfer rather than through biological identity sharing: the delegating individual's trust-slope authorizes the creation of a derived capability token bound to the delegate's trust-slope, subject to the delegation policy.
Multi-identity authorization enables policies that require authorization from multiple biological identities before a resource action is permitted, for example a two-person requirement for high-consequence actions or a quorum requirement for shared resources. The mechanism evaluates each participating identity's trust-slope independently, without disclosing any individual's trust-slope data to other participants, and the authorization engine evaluates whether the set of independent validations satisfies the policy without requiring a composite biological identity or a shared trust-slope structure. The same independence underlies quorum-based identity recovery, in which a policy-defined number of attesting peers each independently validate against their own trust-slopes and provide signed forward continuity links, re-establishing a recovering individual's trust-slope across a discontinuity while preserving the identity chain.
Distinction from Prior Art
Conventional identity systems treat identity as a single record or a single enrolled template. Federated identity protocols let a subject authenticate to multiple relying parties through one provider, but the asserted identity is monolithic and the relying party receives the same assertion regardless of context. Conventional biometric systems locate identity in a stored template and produce a binary match or non-match, which discards the temporal continuity information that the disclosed architecture relies on and which couples all attached authority to a single account.
The disclosed mechanism differs structurally. It maintains three independent identity substrates, each established through continuity validation rather than static credential presentation, and binds them only when policy demands. The substrates interoperate through a common trust-slope interface that exposes graded confidence rather than a binary determination and never requires one substrate to read another's raw material. Privacy is built as stacked structural layers, non-invertibility at the representation level and unlinkability at the identifier level, beneath the operational governance layer. Authority is bound to live trust-slope confidence, so the composition of layers is continuously re-evaluated rather than asserted once. Authority does not propagate between substrates by adjacency: a layer that fails continuity withdraws the capabilities bound to it without contaminating the others.
Disclosure Scope
This article describes the identity-layering arrangement disclosed in the cognition filing (U.S. Application No. 19/647,395 and its international counterpart): the three structurally independent identity substrates of device, agent, and biological identity; their interoperation through a common trust-slope interface carrying non-invertible hashes and graded confidence; policy-governed compositional binding across single, dual, and tri-substrate requirements and across external credentials; the layered privacy architecture of representation-level non-invertibility, identifier-level domain separation, and operational governance; capability binding to live trust-slope confidence with continuous re-evaluation; and multi-identity, delegation, and quorum-based authorization performed without disclosing trust-slope data between participants. The scope extends to centralized, federated, and distributed deployments and to the range of policy-defined binding requirements admitted by the governance framework, provided the substrates remain continuity-validated and bound only as policy directs rather than by architectural inheritance.
