Bonafide is an open specification for user-sovereign encrypted data vaults — passwordless authentication, per-quantum encryption, and privacy by architecture. Not a product. A protocol.
Bonafide inverts the data model. Institutions store encrypted tokens. You hold the keys. Access requires your personal authorization, verified through a decentralized trust network.
No passwords, no tokens, nothing to steal. Your identity derives from you — device-native authentication in the secure element. Same person, any device, same key hierarchy. Your root never leaves the device.
Every atomic data unit encrypted with user keys (identity-derived), institutional keys, and ephemeral session keys. Key enclave enables rotation without re-encryption.
Third-party validators confirm operation legitimacy via zero-knowledge proofs. No validator sees data content. No single point of trust compromise.
Each vault is an autonomous, encrypted node in a trust graph. Recovery is promotion of a new node through multi-institutional confirmation — not restoring a backup.
Institutions never hold real names, emails, or phone numbers. Identity verification flows through proxy channels and a distributed web of trust with tiered attestation.
Maintain multiple cryptographically unlinkable identities from the same root. Decoy personas with auto-generated plausible data provide protection under coercion.
Bonafide is a specification, not a product. Any compliant system can implement it. The architecture is built on proven cryptographic primitives and designed for database-native deployment across relational, document, key-value, and graph stores.
# Bonafide Branch Policy lease: term_days: 30 auto_renew: true on_expire: "revoke" data: pii: security_level: 8 user_visible: true on_revoke: "purge(90)" # 90-day grace transactions: security_level: 6 on_revoke: "retain" retention_days: 2555 # 7 years transfer: require_user_accept: true default_on_silence: "reject"
Bonafide gives institutions a clear, auditable framework for data governance — lease-based access, machine-executable policies, and cryptographic proof of compliance.
No more persistent keys. Institutions hold time-bounded, auto-renewable leases. Access is always finite, always auditable, always revocable. The protocol handles renewal seamlessly.
Branch policies are typed attributes, not legal prose. Define retention, security levels, and revocation behavior in a format that software and hardware can enforce in real time.
Acquisitions, mergers, and migrations follow a protocol-level transfer flow. Users are notified, policies are compared, and consent is explicit. No silent data handoffs.
Bonafide is sector-agnostic. The same architecture protects financial data, health records, identity credentials, and personal communications.
Banks store encrypted vault tokens, never cleartext account data. Lease-based access with machine-enforceable policies. Close your account and your data follows you — the bank's access expires automatically.
Patients own their medical records cryptographically. Providers access data through time-bounded, purpose-scoped sessions. No centralized health data honeypots.
Privacy-preserving credential presentation for immigration, employment verification, and cross-border travel. Selective disclosure without revealing full identity.
Vault personas provide cryptographically unlinkable identities. Duress protection deploys convincing decoy data under coercion. Content neutrality by specification.
The Bonafide specification, reference documentation, and whitepaper are published openly. We believe privacy infrastructure must be auditable to be trustworthy.
Bonafide is developed in partnership with university research programs and backed by government-funded security initiatives. The specification and its open-source hardware security reference design are being advanced through collaborative research with leading U.S. and European electrical engineering and computer science departments — producing peer-reviewed publications, formally verified implementations, and a pipeline of next-generation security engineers.