UniKey Architecture Overview
UniKey is a transport-agnostic authority verification protocol that operates above HTTPS and existing internet infrastructure.
Contents
1. Problem UniKey Solves
Modern internet systems rely on credentials and tokens (passwords, API keys, OAuth tokens) to authorize actions.
If these credentials are stolen, attackers can execute actions at machine speed.
Examples include:
- fraudulent financial transactions
- unauthorized API calls
- automated account abuse
- infrastructure command injection
- AI agents performing unauthorized actions
The internet has secure transport (HTTPS) but lacks a universal way to verify that an action was actually authorized by the correct authority before execution.
UniKey introduces cryptographic authority verification for internet actions.
2. Core Concept: Trust Packets
UniKey introduces a new cryptographic object called a Trust Packet.
A Trust Packet carries proof that an action was authorized by a trusted authority.
Conceptually:
Request + Trust Packet
The Trust Packet includes:
- identity of the authorizing authority
- a cryptographic signature
- a hash binding the authorization to the specific request
- timestamp and replay protection
- optional delegation chain
The receiving system verifies the Trust Packet before executing the action.
3. How Verification Works
Verification is performed by a UniKey verifier.
Verification steps typically include:
- Validate cryptographic signature
- Retrieve authority public key (via DNS)
- Confirm request hash matches the Trust Packet
- Check timestamp and replay protection
- Validate authority chain and policy rules
If verification succeeds, the action is allowed to execute.
4. Where Verification Occurs
UniKey verification can occur at multiple locations in the request path.
Typical enforcement points include:
- network edge gateways (telecom carriers, CDNs, SASE platforms)
- API gateways
- application services
Example flow:
The Trust Packet is normally transported within HTTPS requests.
5. Deployment Models
UniKey supports multiple deployment models.
Enterprise Security
Organizations verify Trust Packets before executing sensitive API calls, automation workflows, or infrastructure commands.
Device-Based Authorization
Devices such as phones or enterprise laptops act as authorization sources and generate Trust Packets.
Cross-Organization Transactions
Independent organizations can safely accept machine-initiated actions when those actions carry verifiable authority.
6. What UniKey Enables
UniKey enables secure automation and machine-driven activity across the internet.
Potential applications include:
- secure enterprise automation
- AI agent transactions
- API security
- device-authorized payments
- infrastructure command authorization
- fraud reduction
UniKey acts as a cryptographic authority layer above HTTPS, verifying that internet actions were explicitly authorized.