- Structural Authentication
The category-defining paradigm EdSSA introduced. Two parties authenticate by independently constructing the same ephemeral credential from shared in-memory state and public ambient inputs — without a central authority in the hot path, without per-request communication to a third party, and without multi-node consensus. The umbrella term in the patent application "Decentralised Stateless Structural Authentication" (filed 1 May 2026).
- Adaptive Credential Plasticity
The architectural property — also referred to as the "breathing credential" — by which independent design parameters control security level and operational resilience separately. Authentication absorbs transient ratchet ticks, oracle hiccups, schema transitions, and clock drift transparently, without weakening the cryptographic guarantee.
- EdSSA Seed
The shared in-memory state that two endpoints derive at bootstrap and advance autonomously thereafter. Lives only in volatile memory; never written to non-volatile storage at runtime. The full mechanism is L3 material under NDA.
- Schema Blueprint
The volatile-only positional structure each endpoint holds, used by the deterministic rule engine to construct or parse the ephemeral credential. Rotates autonomously and is never persisted. Detailed structure under NDA.
- Three-Class Oracle Taxonomy
The classification of public ambient inputs that contribute to credential derivation. EdSSA distinguishes three oracle roles, each with a distinct function in the protocol. Specific roles, source curation, and quality ranks are L3 material under NDA.
- Recipe-and-Anchor Recovery
A cold-boot recovery mechanism that does not require persistent storage of secret state at either endpoint. Designed to differ structurally from PUF helper-data schemes. Construction details under NDA.
- Breathing credential
The marketing-level metaphor for the ephemeral credential that EdSSA protocol endpoints exchange. The credential is built freshly each request from a shared in-memory state and public ambient inputs; the state advances autonomously over time.
- Bootstrap
The single, initial post-quantum handshake between two endpoints. After bootstrap, the bootstrap material is discarded; subsequent authentication runs on derived state.
- Decentralised verification
The property that no central authority sits in the hot path of authentication. Each endpoint can verify its counterparty locally, using only state held in volatile memory.
- Forward secrecy from quantum break
The property that even a future quantum-break of the bootstrap handshake cannot recover authentication state established before the break. Achieved by discarding bootstrap material immediately and advancing state through one-way functions only.
- Hibernation handshake
A protocol mode in EdSSA Orbit that allows two endpoints to remain mutually authenticated across multi-orbit or multi-day communication gaps without re-bootstrap.
- Oracle
A public, ambient input — observable in the operating environment — that contributes to credential derivation. EdSSA uses a curated taxonomy of oracle classes; the specific source list and quality ranks are L3 material under NDA.
- Post-quantum primitive
A cryptographic primitive whose security does not depend on assumptions broken by a cryptographically relevant quantum computer. EdSSA uses primitives standardised by NIST FIPS 203 and the related family.
- Ratchet
The autonomous, scheduled advancement of the in-memory state. Both endpoints advance independently. The forward direction is one-way.
- Resilience margin
The headroom designed into the protocol to absorb transient noise — clock drift, oracle hiccups, schema transitions — without weakening the cryptographic guarantee.
- Stateless authentication
Authentication in which no per-session secret is held on disk. State exists in volatile memory at each endpoint, and only there.
- Threshold authentication
A multi-member identity scheme in which the group identity remains valid as long as a threshold of members are present and authentic. Used by EdSSA Swarm.
- Validating relay
A pass-through component that validates authentication tokens before traffic reaches origin. EdSSA Edge is the validating-relay tier of the protocol family.
- Audit emission
Configurable emission of structured audit records per verification event, with tiers from no emission through compliance-baseline records (suitable for DSCSA, FMD, NIS2, ISO 27001) up to high-assurance modes with optional cryptographic tamper-evidence. Detailed specification under NDA.