Agentic AI
Patent pending · Filed 1 May 2026 · Standards-track for QUIC · Helsinki HQ
The Thesis
The 1995-era certificate authority model is collapsing — from two directions at once.
From above, the pressure is scale. AI agents now authenticate to other AI agents millions of times per second across services they have never met before. Non-human identities already outnumber human ones by more than a hundred to one, and the ratio is doubling roughly every eighteen months. No certificate authority on Earth can issue and validate that volume of credentials in the latency budgets autonomous systems actually run in.
From below, the pressure is reach. Drones operate under jamming. Satellites pass between ground stations. Wind farms sit 80 km offshore. Pharmaceutical containers traverse six handlers across three continents. Industrial sensors deployed today must outlive RSA and ECDSA. Each of these environments breaks the assumption that you can call home to a central authority before doing anything.
EdSSA is a stateless, post-quantum machine-to-machine authentication paradigm that needs no central authority in the hot path. Two computing nodes that have bootstrapped once can keep authenticating each other for years — through link drops, jamming, satellite handoffs, multi-day disconnects, AI-agent fan-out — without ever calling home.
The cryptography is post-quantum from the first handshake. The shared state lives only in volatile memory and never crosses the wire after bootstrap. Verification fits in a single CPU cache line and completes in sub-microsecond time. The protocol is on a standards track for QUIC; the reference implementation is shipping today.
Harsh conditions
The reach problem the CA model cannot answer
Post-quantum
Designed for 2045, not 2025
Sovereign by design
Built in Helsinki, for European critical infrastructure
A new paradigm
Structural Authentication.
Existing machine-to-machine authentication products fall into two camps: a centralised authority issues tokens and verifies signatures, or two parties exchange a shared secret and rotate it on a schedule. Both depend on something you call home for — a vault, a certificate authority, a key management service, a token-issuer round-trip. When the network is unreliable, contested, saturated, or simply not there, both camps degrade.
Structural Authentication is a third category. Two parties bootstrap once via a post-quantum handshake and derive identical state in volatile memory. From that point forward, each side independently constructs the same ephemeral credential from the shared state and from public ambient inputs — and authenticates the counterparty by matching what was independently constructed. There is no central authority in the hot path. There is no per-request call home. There is no shared message that has to traverse the network for authentication to succeed.
We coined the term because no existing category named what we built. DSSA — the protocol behind EdSSA — is the first family in this paradigm. The patent application “Decentralised Stateless Structural Authentication” (filed 1 May 2026, with continuations rolling through the May 2027 priority window) establishes the umbrella.
What it isn’t
Not a vault. Not a blockchain. Not a PUF.
Where it goes next
Standards-track for QUIC.
Strategy
Open protocol. Commercial reference implementation. Enterprise platform.
The protocol becomes the substrate the ecosystem builds on. The high-performance reference implementation and the operational platform around it are our commercial moat. The patent portfolio sits underneath all three, deepening through continuation filings throughout the priority window.
Protocol
Open, royalty-free, standards-track.
Implementation
High-performance, commercial.
Platform
Enterprise-grade operations.
Who we work with
Operators in markets that the vault model can't serve.
Agentic-AI platforms · Drone OEMs · Satellite operators · Pharmaceutical logistics · Central banks · Defence integrators · Industrial-edge platforms
DRONES & UAV
Authentication that survives jamming, mesh disconnects, and 50,000-unit swarm scale.
SATELLITE CONSTELLATIONS
Archive-grade provenance above the existing space-security stack.
DEFENCE & NATIONAL SECURITY
Sovereign-grade post-quantum auth for mission-critical operations.
INDUSTRIAL-EDGE & UTILITIES
Twenty-five-year device lifetime, intermittent backhaul, regulatory tailwind.
PHARMACEUTICAL COLD-CHAIN
Cryptographic chain of custody from manufacturer to patient.
SPECIALISED COURIERS
Organ transplant, evidence custody, diplomatic mail, controlled substances.
CONNECTED VEHICLES (V2X)
Sub-millisecond authentication for cooperative mobility.
SUBSEA & UNDERWATER
Authentication over acoustic links, surfacing-window-tolerant.
SPACE EXPLORATION
Archive-grade provenance for long-duration, long-archive missions.
CRITICAL INFRASTRUCTURE
Air-gapped, sovereign, post-quantum, audit-grade.
WHOLESALE CBDC & SETTLEMENT
Cross-border CBDC settlement and inter-validator authentication.
TRADE FINANCE
Documentary credit chains with cryptographic provenance.
IMPLANTABLE MEDICAL DEVICES
Authenticated firmware updates, hardware-bound identity, twenty-year device lifetime.
GAMING & ESPORTS
Anti-cheat without kernel surveillance, federated game servers, tournament-grade match records.
DATA SUPPLY CHAINS
Archive-grade provenance above contractual sub-processor chains.
PUBLIC SECTOR
Archive-grade provenance for sovereign procurement and citizen-data handling.
AGENTIC AI
Archive-grade provenance for tool execution and human oversight under the AI Act.
Why EdSSA