- Structural Authentication
- The category-defining paradigm EdSSA introduced. Two parties authenticate by independently constructing the same ephemeral credential from shared in-memory state and public ambient inputs — without a central authority in the hot path, without per-request communication to a third party, and without multi-node consensus. The umbrella term in the patent application "Decentralised Stateless Structural Authentication" (filed 1 May 2026).
- Adaptive Credential Plasticity
- The architectural property — also referred to as the "breathing credential" — by which independent design parameters control security level and operational resilience separately. Authentication absorbs transient ratchet ticks, oracle hiccups, schema transitions, and clock drift transparently, without weakening the cryptographic guarantee.
- EdSSA Seed
- The shared in-memory state that two endpoints derive at bootstrap and advance autonomously thereafter. Lives only in volatile memory; never written to non-volatile storage at runtime. The full mechanism is L3 material under NDA.
- Schema Blueprint
- The volatile-only positional structure each endpoint holds, used by the deterministic rule engine to construct or parse the ephemeral credential. Rotates autonomously and is never persisted. Detailed structure under NDA.
- Three-Class Oracle Taxonomy
- The classification of public ambient inputs into three roles: content oracles (which contribute to credential bytes), control oracles (which anchor protocol state, e.g., time synchronisation), and fingerprint oracles (device-local identifiers used only during cold-boot recovery). The specific source curation is L3 material under NDA.
- Recipe-and-Anchor Recovery
- A cold-boot recovery mechanism that does not require persistent storage of secret state at either endpoint. Combines a byte-offset recipe over device-local fingerprint values with a one-way recovery anchor and a PAKE handshake; the anchor itself never traverses the network. Distinct from PUF helper-data schemes.
- Breathing credential
- The marketing-level metaphor for the ephemeral credential that DSSA protocol endpoints exchange. The credential is built freshly each request from a shared in-memory state and public ambient inputs; the state advances autonomously over time.
- Bootstrap
- The single, initial post-quantum handshake between two endpoints. After bootstrap, the bootstrap material is discarded; subsequent authentication runs on derived state.
- Decentralised verification
- The property that no central authority sits in the hot path of authentication. Each endpoint can verify its counterparty locally, using only state held in volatile memory.
- Forward secrecy from quantum break
- The property that even a future quantum-break of the bootstrap handshake cannot recover authentication state established before the break. Achieved by discarding bootstrap material immediately and advancing state through one-way functions only.
- Hibernation handshake
- A protocol mode in EdSSA Orbit that allows two endpoints to remain mutually authenticated across multi-orbit or multi-day communication gaps without re-bootstrap.
- Oracle
- A public, ambient input — observable in the operating environment — that contributes to credential derivation. EdSSA uses a curated taxonomy of oracle classes; the specific source list and quality ranks are L3 material under NDA.
- Post-quantum primitive
- A cryptographic primitive whose security does not depend on assumptions broken by a cryptographically relevant quantum computer. EdSSA uses primitives standardised by NIST FIPS 203 and the related family.
- Ratchet
- The autonomous, scheduled advancement of the in-memory state. Both endpoints advance independently. The forward direction is one-way.
- Resilience margin
- The headroom designed into the protocol to absorb transient noise — clock drift, oracle hiccups, schema transitions — without weakening the cryptographic guarantee.
- Stateless authentication
- Authentication in which no per-session secret is held on disk. State exists in volatile memory at each endpoint, and only there.
- Threshold authentication
- A multi-member identity scheme in which the group identity remains valid as long as a threshold of members are present and authentic. Used by EdSSA Swarm.
- Validating relay
- A pass-through component that validates authentication tokens before traffic reaches origin. EdSSA Edge is the validating-relay tier of the protocol family.
- Audit emission
- The protocol's configurable ability to emit structured audit records per verification event. Tiers range from "no emission" through compliance-baseline records (suitable for DSCSA, FMD, NIS2, ISO 27001), telemetry counters (for operations dashboards), to full per-event trace (for incident response). Optional Merkle-anchored tamper-evidence available for high-assurance regimes. Detailed technical specification under NDA.