Home/ Docs/ Patents/ Claim 52
Claim Family 52 · Provisional, Patent Pending

Stateless Deterministic Document Key Rotation

Deterministic ISO-week-rotating HMAC keys gate a document corpus with two tiers (index vs asset) and zero server-side state. Authorization rotates automatically; no key database.

Independent Claim 52.1

Claim 52.1

A method for access-controlling a corpus of digital documents, comprising: maintaining at a document server a secret salt that is not disclosed to any requester; for each rotation period t of a predetermined calendar interval, deterministically deriving a pair of access keys comprising an index-tier key and an asset-tier key, by computing index_tier_key = HMAC(salt, "INDEX:" concatenated with t) and asset_tier_key = HMAC(salt, "ASSET:" concatenated with t); publishing the current-period key pair to authorized recipients via a secondary secure channel on the first day of each rotation period; in response to an index request, requiring presentation of the current-period index-tier key and serving the document manifest only if the presented key matches the deterministically-derived key; and in response to an individual asset request, requiring presentation of the current-period asset-tier key and serving the individual document only if the presented key matches the deterministically-derived key; wherein the document server maintains no persistent state regarding issued keys and rotation of valid keys occurs automatically at each rotation period without operator intervention.

Dependent Claims 52.2 - 52.11

  1. The method of claim 52.1, wherein Rotation interval is one ISO calendar week beginning Monday 00:00 UTC.
  2. The method of claim 52.1, wherein A prior period's keys cease to grant access immediately upon rotation.
  3. The method of claim 52.1, wherein HMAC function is HMAC-SHA-256.
  4. The method of claim 52.1, wherein Two tiers correspond to different document sensitivities (manifest vs individual document).
  5. The method of claim 52.1, wherein Authorized recipients receive rotated keys via a cryptographically-authenticated email message.
  6. The method of claim 52.1, wherein Method supports a third access path comprising a magic-link one-time token independent of the rotation keys.
  7. The method of claim 52.1, wherein Server persists no log of which keys were presented or by whom, preserving requester privacy.
  8. The method of claim 52.1, wherein Salt rotation cadence is configurable per document corpus.
  9. The method of claim 52.1, wherein System persists no key database and rotation recovers automatically after a complete server restart.
  10. The method of claim 52.1, wherein Authorized recipients list is a static set configured out-of-band.

Novelty Over Prior Art

Time-limited credentials (JWT expiry, OAuth2 refresh tokens) require server-side state for revocation. Deterministic key derivation (HKDF) is not combined with two-tier content gating. The specific combination - stateless, deterministic, two-tier, ISO-week, email-published - is novel for NDA-gated corpus distribution.

Enablement & Production Status

Code at apps/central-portal/src/index.ts:331-590. Deployed at https://jilsovereign.com/docs with weekly rotation emails to contact@jilsovereign.com. Keys rotate every Monday 00:00 UTC.

← Back to all 53 patent claims