Secure identity without passwords, keys, or certificates.

Every authentication system ever built has had something to steal. Until now.

Every authentication system ever built treats identity as a secret you hold and present: a password, a private key, a certificate, or a biometric template stored in a database. Prove you hold the secret, and you are who you claim to be. That model has one fatal flaw: the secret can be stolen. The database can be breached. The key can be harvested today and decrypted later once quantum computing matures. Making the secret harder to steal doesn't fix the architecture. It just raises the cost of the breach.

Adaptive Query defeats that model by deriving identity from continuity of behavior, not a credential. There is nothing to issue, nothing to store, and nothing to steal. And unlike behavioral biometrics, nothing to fake. Mimicking someone's behavior in the moment is not the same as possessing their cryptographically committed history of continuity, which was never held in one place to begin with. Identity accumulates over time from structural patterns that are computable and verifiable but not transferable, not copyable, and not discrete enough to take. There is no database to breach, no key to harvest, no template to forge. It is post-quantum not because the cryptography was upgraded, but because there is no key for a quantum computer to break.

The next decade of security will require keyless identity. Adaptive Query is that architecture.

This isn't theoretical

A working prototype implements the core protocol in the browser, with no server-side identity logic, no credential store, and no trusted third party. Two parties exchange messages over a public relay. Neither holds a password, a certificate, or a key in any conventional sense. Identity is derived from a shared pairwise secret and a chain of HMAC steps, each incorporating an unpredictability contribution and a volatile salt. The resulting hash chain can only be reconstructed by a party who holds the secret and has witnessed the chain advance. There is nothing to issue. There is nothing to steal.

The prototype also implements cover traffic: messages that advance the identity chain on the same rule path as real messages, at randomized intervals between 15 and 45 seconds. An observer watching the relay sees a continuous stream of indistinguishable ciphertext. The real message is structurally identical to the noise. Traffic analysis cannot tell communication from silence.

Recovery is built in. The protocol emits checkpoint anchors every ten epochs. If a party misses intermediate steps by going offline, switching networks, or closing a tab, they recover continuity from the last verified checkpoint without resetting the identity relationship. A local lease system prevents the sender chain from forking across two open windows.

What the prototype does not yet demonstrate: hardware-backed root anchors, multi-device continuity migration, or revocation. Those are engineering problems, not architectural ones. The primitive is demonstrated. The rest is scope.

What the examiner said

In February 2026, the International Searching Authority completed its examination of PCT/US2025/057270. The Written Opinion found all 21 claims novel, inventive, and industrially applicable. Every claim passed on every criterion.

The examiner reviewed four prior art references covering the field: filings from Infineon Technologies, Syccure, and Shanghai Cloud Sword Information Technology, as well as an academic paper on hardware-bound firmware security. For each reference, the examiner identified precisely what it teaches and where it falls short. None of them, individually or in combination, was found to teach or fairly suggest the architecture claimed here.

The examiner's analysis centered on claim 1: a memory-native two-stage authentication method in which a dynamic agent hash chain governs identity continuity, incorporating unpredictability contributions and volatile salts, with trust-slope reconstruction and policy-bounded continuity validation at the recipient. Prior art does not reach this configuration. Claims 2 through 15 depend from claim 1 and were found to meet the criteria for the same reasons. Claim 16, covering agent mutation entanglement, was evaluated separately and likewise found novel and inventive.

PCT/US2025/057270 · Priority: Nov 30, 2024 · Written Opinion: Feb 24, 2026