What are time-limited consensus authorization tokens?

Time-limited consensus authorization tokens are 24-hour cryptographic credentials issued to validators by JILHQ. Each token is bound to a specific node identity and automatically expires, forcing regular re-authentication. This limits the window of exposure if a token is compromised.

Why use 24-hour token rotation?

24-hour rotation ensures that stolen or leaked tokens become useless within a day. Combined with automatic rotation, this creates a moving target that makes persistent unauthorized access extremely difficult. Validators must re-authenticate daily to continue participating in consensus.

Can tokens be revoked before expiry?

Yes. JILHQ can revoke any validator's authorization token immediately, blocking the node from consensus participation within seconds. Revocation is broadcast to all validators, ensuring the revoked token is rejected network-wide.

How are tokens cryptographically bound to node identity?

Each token includes the validator's Ed25519 public key, node ID, compliance zone, and a timestamp. The entire payload is signed by JILHQ's authority key. Validators must prove possession of the corresponding private key when using the token, preventing token theft without key compromise.

Time-Limited Consensus Authorization

Executive Summary

JIL Sovereign's time-limited consensus authorization system issues 24-hour validity tokens to validators only after successful completion of both code integrity verification and identity authentication. This ensures that any node compromise, code tampering, or key rotation is detected within a single day.

Token Architecture

Property	Specification
Format	JWT (JSON Web Token)
Signing	HMAC-SHA256 with fleet controller secret
Validity	24 hours maximum (non-renewable)
Scope	Consensus participation, settlement processing
Revocation	Immediate via fleet controller blocklist
Renewal	Full re-bootstrap (Gates 1-7) required

Non-Renewable: Tokens cannot be extended or refreshed. When a token expires, the validator must complete the full 7-gate bootstrap sequence again, including fresh code integrity and identity verification.

Security Properties

Compromise Detection Window

The 24-hour token expiry guarantees that even if a validator is compromised, it will be detected within one day when it attempts to re-bootstrap with tampered code. The integrity verification gate (Gate 3) will detect modified container images and halt the bootstrap.

Immediate Revocation

The fleet controller can immediately revoke a consensus token by adding it to a distributed blocklist. All other validators check this blocklist before accepting consensus messages from the revoked node. Revocation propagates within seconds.

Integration with Fleet Inspector

The AI Fleet Inspector monitors token expiry across all validators. If a validator's token expires without renewal (indicating bootstrap failure), the inspector flags it for investigation and may trigger automatic remediation based on the dual-policy model.

Patent Claim

Dependent Claim 9: The method of claim 7, wherein the identity verification gate uses a 5-key-type challenge-response protocol comprising: ed25519 consensus key signing, HMAC-SHA256 shared secret computation, API key verification, SSH key verification, and HSM attestation.

Overview

How It Works

Beneficiary Identity

Policy Corridors

Deterministic Finality

Architecture

Security Model

Governance

Integration

Corridors Overview

Institutional Overview

Pricing

All Scenarios

Humanitarian Impact Fund

Technical Assurance

Verify Receipt

Receipt Example

Documentation

APIs & Bridges

Architecture Docs

Glossary

BID API

About

Team

Partners

Roadmap

Investors

Contact

Blog

All Documentation

Time-Limited Consensus Authorization

Executive Summary

Token Architecture

Security Properties

Compromise Detection Window

Immediate Revocation

Integration with Fleet Inspector

Patent Claim