Cryptographic Identity Infrastructure

Security is a Physics Problem.
Not a Trust Problem.

Identity Layer removes the credential database from your threat surface. Device-bound keys, split-knowledge key derivation, forward-only audit. No stored secrets, no breach liability, no central repository.

Architecture overview ↓ Licensing tiers →
Ed25519 auth AES-256-GCM HKDF derivation No identity storage Offline analog vault TEE / Secure Enclave
IDENTITY STANDARD DEVICE KEY ANALOG VAULT APP LAYER VERIF- IER Ed25519 AES-256 HKDF AUDIT
€1.09B GDPR fines 2023 DLA Piper GDPR Survey 2024
83% Breaches involve credentials Verizon DBIR 2023
0 Central identity databases Identity Layer - by design
100+ Active identities in production Five reference deployments
The structural problem

Credential storage is the breach target

Every major breach of the last decade traces back to a centralised credential database. The architecture we deploy eliminates that surface by design.

€1.09B

Total GDPR fines issued across the EU in 2023. The majority trace to inadequate data protection and credential exposure.

DLA Piper GDPR Fines Survey 2024
83%

Of data breaches involve compromised, weak, or reused credentials stored in centralised systems.

Verizon DBIR 2023
$4.45M

Average cost of a data breach in 2023. Identity-related incidents consistently rank among the most expensive categories.

IBM Cost of a Data Breach 2023
287d

Average time to identify and contain a breach. Centralised credential stores extend both detection and containment windows.

IBM / Ponemon Institute 2023

A credential database that does not exist cannot be stolen. Identity Layer reduces operational costs, breach surface, and liability by eliminating centralised credential management at the infrastructure level. Compliance with GDPR Article 25, eIDAS 2.0, MiFID II, and NIS2 becomes architectural, not a policy layer applied over an insecure foundation.

Regulatory alignment
GDPR Art. 25 eIDAS 2.0 MiFID II NIS2
Identity Suite

A layered infrastructure, not a product

Identity Layer is the baseline architecture of the Identity infrastructure suite. Each layer is independently licensable and integrates with minimal surface by design.

Foundation
Identity Layer
Baseline identity infrastructure layer. Ed25519 challenge/response, device-bound keys, stateless authentication, no credential database. The trust primitive is uniform across execution contexts: mobile, desktop, IoT, NFC.
Contextual isolation
Identity High Security (Identity HS)
Cryptographic isolation per product, instance, or environment. Separate key hierarchies and elevated trust boundaries for regulated or high-sensitivity deployments.
Integration
Identity Middleware
Application-layer integration surface, minimal by design. Your product remains your product. The middleware removes the credential liability surface without restructuring your stack.
Production evidence
Reference Deployments
Five production deployments across distinct verticals. Cleared on Google Play and the Microsoft Store. Over 100 active identities in operation.
Vertical products
Mujo / Parta Labels / Parta Research / RENTRI / Flow
Production applications built on the Identity infrastructure. They are proof of the architecture. They are not the product being licensed.
Core mechanisms
Split-knowledge key derivation
The full key never exists at rest. Device fragment and server fragment recombine in volatile memory only. A breach yields partial material with no utility.
Device-bound identity
Private keys generated and stored on-device, non-exportable. Tied to Secure Enclave or TEE when available. Identity cannot be migrated without controlled re-enrollment.
Offline analog vault
Printable QR master key enables recovery without cloud escrow or identity databases. Operates in air-gapped environments. Carrier-agnostic: QR, PDF, printed artifact.
Forward-only audit
Audit capabilities operate on metadata under controlled legal activation. Message content and identity remain structurally unavailable, not administratively withheld.
Encrypted portable payloads
AES-256-GCM encrypted payloads readable only by a verified identity. DEK protected by a KEK derived from the identity relationship. Carrier circulates without revealing content.
IoT physical integration
The same challenge/response trust primitive extends to ESP32, RP2040, and NTAG424 DNA NFC badges with onboard AES-128 and non-exportable keys.
GDPR
Privacy-by-architecture. No personal data storage.
eIDAS 2.0
Infrastructure independence and jurisdictional control by design.
MiFID II
Audit without content disclosure. Verifiable metadata only.
NIS2
Eliminates centralised breach surface. Reduces notification exposure.
Reference deployments

Not a prototype. Not a Proof of Concept.

Identity Layer is in production across multiple verticals, cleared on Google Play and the Microsoft Store.

MJ
Mujo
Encrypted messaging / Machine-to-machine protocol
Device-bound identity for anonymous pairing. No accounts, no phone numbers. Identity lives only on the device. Ephemeral messaging with P2P signaling. 19 active identities.
mujo.parta.app ↗
PL
Parta Labels
AES-256 encrypted QR label system
Split-knowledge derivation. Master key never leaves the device. Applicable to inventory, chain-of-custody, and document workflows. 38 active identities.
labels.parta.app ↗
PR
Parta Research
Academic collaboration network
Authenticated researcher network without credential exposure. Identity Standard-based social graph. Open beta, Android. 53 active identities.
research.parta.app ↗
ER
Ecosystem RENTRI
Compliance SaaS - Windows
Italian waste management compliance platform. Identity Layer authenticates operators and field devices. Regulated-environment deployment at institutional scale. 4 active identities.
ecosystem.intheeu.com ↗
EC
Ecosystem Companion
Field operator app - Android
Mobile companion for field operators. Device-bound identity for secure field authentication. Cross-platform identity continuity with the RENTRI Windows SaaS.
ecosystem.intheeu.com ↗
+
Identity IoT
Physical access - NFC badges
NTAG424 DNA NFC badges with onboard AES-128, non-exportable keys, dynamic CMAC. ESP32 and RP2040 reference deployments in development for datacenter and physical access verticals.
100+
Active identities across five reference deployments
▶ Google Play - cleared ◆ Microsoft Store - cleared

This investment does not fund speculative R&D. It funds the consolidation, distribution, and certification of something that already works.

Licensing

Three tiers. One architecture.

We license the Identity infrastructure layer to products that need cryptographic identity without becoming custodians of credential secrets.

Tier A
Integration Licensing
Embed Identity Layer into your existing product. Keep your stack, your UX, your infrastructure. Remove the credential liability surface.
  • Identity Layer integration package
  • Identity middleware for your application stack
  • Ed25519 auth, split-knowledge derivation, AES-256-GCM payloads
  • Technical documentation and integration guidance
  • Self-hosted deployment available on request
Inquire →
Tier B
Identity-as-Infrastructure
API access to the Identity layer for platforms that need anonymous authentication without in-house cryptographic R&D.
  • API-based anonymous authentication
  • No identity data storage at the platform level
  • Offline payload support (QR / PDF carriers)
  • Forward-only audit capabilities under controlled legal activation
  • Designed for infrastructure independence and jurisdictional control
Inquire →
Tier C
Vertical Turnkey
Full delivery for regulated environments, including configuration, compliance documentation, and operational handover.
  • Healthcare: role-based access, emergency break-glass, audit
  • Regulated finance: anti account-takeover, signed authorisations
  • Legal and M&A: encrypted channels without content custody
  • Physical access: datacenter, NFC badge integration
  • Identity IoT: ESP32 / RP2040 / NTAG424 DNA deployments
Inquire →
What we are / what we are not
Not an IAM replacement: the missing cryptographic foundation
Not a KYC provider: enables verifiable flows without custody
Not a messaging app: encrypted portable payloads (QR / PDF)
Not blockchain / SSI: device-bound, no distributed ledger required
Request Architecture Brief : licensing@aeonianengineering.com
Get in touch

Licensing and technical inquiry

Commercial licensing inquiries are handled by AEL (Hong Kong). Technical documentation is available on request from WIDE (Italy).

Commercial licensing - APAC & worldwide
ae Aeonian Engineering Limited
Hong Kong - Exclusive worldwide licensee
licensing@aeonianengineering.com

Architecture Brief, NDA, Technical Deep Dive, and Term Sheet are available on request. The document flow is sequential and structured by engagement stage.

Technical documentation - Europe
WIDE di D. Papa
Naples, Italy - IP rights holder and EU backing, since 1999
licensing@simwide.com

IP documentation, architecture references, and European licensing inquiries. Technical integration requests: d.papa@simwide.com.