What You Are Building
You are building a way to make a physical building material carry its own credentials. Not a spreadsheet in a procurement system, not a QR code that dead-ends at a marketing page, but a structured, signed data object that is bound to a specific piece of material and travels with it from manufacture through installation, in-service operation, decommissioning, and re-use.
The people who need this are material producers, construction technologists, building-code and certification bodies, carbon-market participants, and anyone trying to make "cradle-to-cradle" a verifiable claim rather than a slogan. Today, a claim like "this concrete sequestered X kilograms of carbon" or "this panel meets structural rating Y" lives in a document that is separated from the material the moment it leaves the plant. The passport re-binds the claim to the thing.
The architecture described here comes from a filing that discloses structural building materials which also carry energy, thermal, distribution, and carbon properties. This guide focuses on one primitive from that filing: the credentialed lifecycle passport itself, which the filing calls a credentialed admissibility profile plus a lineage chain. That primitive is useful on its own, whether or not you ever build the more exotic energy-storing substrate.
Why the Obvious Approaches Fall Short
The usual approach is a document-and-database split. The material gets a batch number. Test reports, environmental product declarations, and certificates live in a document management system keyed to that batch. This works until the material is cut, poured, mixed with a second batch, repaired, or reclaimed years later by someone with no access to the original database. The binding between the physical material and its claims is by reference only, and references rot.
A second approach is a serialized tag: RFID, NFC, or a printed code. This solves physical binding for discrete, trackable units, but a tag by itself is just a pointer. It does not say what the material is admitted to do, who attested each property, or how independent claims combine. Two authorities can sign conflicting statements about the same material and the tag has no way to represent, let alone resolve, the conflict.
A third approach is a single monolithic certificate covering the whole material. The structural gap here is that real building materials have many independent properties, each certified by a different competent authority on a different schedule. A structural engineer signs the load rating. A fire marshal signs fire performance. An environmental-credit authority signs the carbon claim. Folding these into one document forces them to move and expire together, when in reality one can change while the others hold.
None of these is a straw man; each is genuinely used and genuinely useful in its lane. The gap they share is that the material's credentials are not first-class, not composable, and not persistent across the material's real lifecycle of cutting, mixing, repair, and reclamation.
The Architecture
The disclosed approach treats the passport as two coupled structures: a credentialed admissibility profile that says what the material is admitted to do right now, and a lineage chain that records how it got there.
The admissibility profile is a set of independent property surfaces. As disclosed, the profile is a structured data object declaring one or more property surfaces, each surface declaring property-specific parameters and admission conditions for one property category. The filing enumerates surfaces including structural, thermal, energy storage, fire-performance, sound-transmission, vapor-permeability, environmental, and carbon-sequestration, among others. The key architectural move is that each surface is independently credentialed. A structural engineering authority signs the structural surface; a fire-code authority signs the fire-performance surface; an environmental-credit authority signs the carbon surface. Each surface admits or fails on its own terms.
Every surface is bound by a cryptographic signature of a credentialing authority. The profile is bound to the identity of the specific material, element, or assembly through one or more signatures of authorities the architecture recognizes as competent within a declared scope. The filing describes a signature block that binds the whole profile to the element's identity, and describes multiple authorities (manufacturer, building-code, utility, carbon-credit, independent testing) each signing what falls in their scope. This is what makes it a passport rather than a label: the claims are attributable and verifiable, not merely printed.
Composition rules say how surfaces combine. Because surfaces are independent, you need a defined way to reason about them together. The filing discloses a composition-rule architecture: a registry of signed, versioned composition-rule artifacts, each declaring a scope, a composition logic, a version vector for deterministic conflict resolution, a conflict-resolution policy (latest-signed-rule, declared-precedence-table, or authority-rank-resolution), and an authority signature. A worked example from the filing: a fire-event rule that reduces the energy-storage surface to zero when the fire-performance surface declares a fire event. Composition is where the passport stops being a pile of certificates and becomes a coherent, evaluable object.
The lineage chain records the lifecycle as signed events. The filing describes a lineage chain covering pre-installation credentialing, in-service operation, end-of-storage-life, end-of-structural-life decommissioning, recycling-grade re-credentialing, and re-installation. Each transition is a credentialed event signed by an appropriate authority. Crucially, the filing describes continuous re-credentialing during service life: mortar repointing, surface-coating refresh, drywall replacement, topping-slab augmentation. Each material flow is itself a signed event, and the composite profile is re-evaluated against the cumulative history rather than only at original installation. The disclosed "metabolic-lifetime" framing is that the material's credentialed identity persists across these flows while the flows are recorded transitions.
Claims can migrate with the material. The filing describes carbon-credit attestations that migrate with the substrate across material flows and across structural lifetimes, each migration a signed transaction recorded in lineage. This is the cradle-to-cradle payoff: when material is reclaimed and re-credentialed at a recycled grade by a recycler authority, the passport follows it into its next life rather than being discarded with the demolition debris.
Identity is how the passport stays bound to physical matter. The filing describes several identity classes: a tag-bonded class (RFID, NFC, optical tag bonded during manufacturing), a physical-fingerprint class (an identity derived from a hash of observable physical characteristics such as an impedance or texture signature, signed by the manufacturer authority), and a per-batch-with-subdivision class (material shares a batch identity at manufacture, later subdivided into per-element identities by credentialed attestation). This matters because building materials get cut and subdivided; the identity scheme has to survive that.
How to Approach the Build
You implement this yourself. The steps below are the order the architecture suggests, not a package you install.
1. Model the admissibility profile as independent surfaces. Start with a schema where each property surface is its own signed object carrying its parameters, its admission conditions, and its authority signature. Do not collapse them into one certificate. An illustrative sketch, faithful to the disclosed structure and clearly not production code:
Profile {
material_identity: <bound identity ref>
surfaces: [
{ kind: "structural", params: {...}, admit_if: {...}, signature: <structural authority> },
{ kind: "fire", params: {...}, admit_if: {...}, signature: <fire authority> },
{ kind: "carbon", params: {...}, admit_if: {...}, signature: <credit authority> }
]
}
2. Pick an identity scheme that survives subdivision. Decide up front whether your material is discrete (favoring a bonded tag), continuous and cut on site (favoring physical-fingerprint or per-batch-with-subdivision), or a mix. The identity binding is the anchor for every signature; if it breaks when the material is cut, the passport breaks with it.
3. Define the credentialing authorities and their scopes. Enumerate who is competent to sign what. Each authority signs only within a declared scope. This is an ordinary public-key-signature and trust-scoping problem, comparable to how PKI binds a signing key to a declared role; use established signature primitives rather than inventing crypto. The filing binds signatures via a keyless-identity-through-continuity scheme disclosed in a related application, but the design point that matters here is per-surface, per-authority attribution.
4. Build the composition-rule registry. Store rules as signed, versioned artifacts, each with an explicit conflict-resolution policy. Evaluate the composite profile by loading the applicable rules and applying their logic to the current surface states. Make conflict resolution deterministic (the filing's version vector plus a declared policy), so two evaluators reach the same verdict.
5. Make the lineage chain append-only and event-signed. Every lifecycle transition and every in-service material flow appends a signed event. Re-evaluate the composite profile against the cumulative chain, not just the install-time snapshot. Treat repair, refresh, and augmentation as first-class events, not exceptions.
6. Handle end-of-life and re-credentialing as transitions, not terminations. Model decommissioning as a signed event that produces a recovery attestation, and model recycled re-use as re-credentialing at a recovered grade by a recycler authority. If you want migrating claims (such as carbon), implement them as signed transactions that move the attestation to the material's next identity and record the move.
Tradeoffs to weigh as you go: independent surfaces buy you accuracy and independent expiry at the cost of a composition layer you must maintain. Physical-fingerprint identity avoids tag hardware but needs a reliable, hard-to-forge physical signal. An append-only lineage chain gives auditability but forces you to design retention, access control, and privacy deliberately.
What This Does Not Give You
This is an architecture, not a drop-in library. There is no package to install and nothing here "just works." You design the schemas, choose and integrate the signature and identity primitives, build the registry and evaluator, and operate the authorities. Everything above describes how the pieces fit, not a runnable system.
Nothing here is benchmarked, validated, or productized. The filing is a provisional disclosure of an architecture. It states no proven performance for the passport mechanism, and neither does this guide. Any numeric ranges in the underlying filing (for example, material or storage parameters) are disclosed and projected values, not measured results from a shipped product, and this passport guide deliberately makes no performance claims at all.
The passport does not make your material any better; it makes your material's claims attributable and portable. It does not replace the competent authorities; it depends on them, and it is only as trustworthy as the authorities that sign into it and the identity binding to physical matter. It also does not, by itself, solve governance questions such as who may become an authority, how revocation works, or how disputes between authorities are adjudicated. Those are policy and integration problems you own. The architecture assumes a working signature scheme and a durable material-to-identity binding; where either is weak, the passport is weak.
Disclosure Scope
The approach described in this guide is disclosed in U.S. Provisional Application No. 64/050,895. This guide is educational: it explains an architecture a skilled reader can implement, and it is not a product, a warranty, a benchmark, or an offer of software. The underlying materials science and physical effects referenced for context are pre-existing and not claimed here as new discoveries; the subject of the filing is the architecture and combination, in particular the Credentialed Surfaces inventive step by which independently credentialed property surfaces, composition rules, and a lineage chain travel with a building material across its lifecycle. Any implementation, validation, and fitness-for-purpose are the reader's own engineering responsibility.