Consumer-side encryption for AI agent purchases. Per-tier projections, registry-routed refunds, retention enforced by the device.
Live · CinematicCard
ABT-C — coffee purchase walkthrough
A concrete commercial transaction showing token-release decryption, vault storage, retention-driven destruction of personal identifying information, and refund through structural first-party participation.
Reference implementation: cinematiccard.com · Provisional patent priority: May 4, 2026
Plaintext never moves over the wire. Ciphertext and tokens move; decryption happens at endpoints.
Maya buys a $4.50 coffee
Her phone holds a persistent API key. From it, the device derives a tokenized decryption key scoped to this one transaction.
Maya's device
Phone
api_key_maya
never leaves phone
↓ derives
tx_token_a3f2
(this transaction only)
encrypted envelope tx_a3f2
Merchant
Cafe Reverie
receives ciphertext
cannot decrypt yet
no token held
Plaintext never moves. What travels from Maya's device is the encrypted envelope. The cafe receives ciphertext only — they cannot read the envelope contents at this stage.
on-deviceapi_key_maya is the persistent key that derives every per-transaction token. It exists only on the phone. No party — not the cafe, not the registry, not the vault — ever sees it.
Envelope created, tokenized key goes to the vault
The encrypted envelope is bound to a tokenized decryption key. Both are stored in the vault. The merchant holds neither.
The envelope contains all 18 ABT-C tier categories. Three are active: operational_consumer, operational_merchant, taxation. Fifteen are placeholders — architectural reservations for tier authorities not yet onboarded to the registry.
The tokenized key is the controller. The merchant cannot decrypt the envelope without it. The vault holds the token, but releases tier-specific slices only when Maya's device authorizes.
Merchant requests, Maya's device releases, decryption at endpoint
The cafe asks for the merchant-tier portion of the token. Maya's device authorizes. The cafe decrypts at its endpoint.
Cafe Reverie
Asks vault
"release merchant tier
slice for tx_a3f2"
token request
Vault
Forwards request
requires Maya's
device authorization
authorize?
Maya's device
Authorizes
verifies merchant
releases token slice
scoped to merchant tier
Cafe Reverie
Decrypts at endpoint
$4.50 · oat latte · pickup
consumer identity layer: sealed
taxation layer: sealed
15 placeholders: sealed
Plaintext appears only at the merchant's endpoint, only briefly, only for the layer Maya authorized. No plaintext ever traversed the network. The cafe cannot decrypt Maya's identity layer or the taxation layer, even though both are in the same envelope.
Retention expires — personal identifying information destroyed
After 30 days, the consumer identity layer's decryption pathway is irreversibly destroyed. The transaction record remains.
refund_pathwayrequires Maya's device to reconstruct
The consumer identifying information is gone. The cafe cannot retrieve Maya's identity from this envelope anymore — not by request, not by court order applied to the cafe alone, not by any unilateral action. The decryption capability for that tier was destroyed at retention expiration.
The transaction itself remains for legitimate ongoing access:
Merchant tier: the cafe retains amount, item, jurisdiction for their own records.
Taxation tier: the taxation authority — registered in the registry — can still decrypt the taxation layer for tax compliance audits. They see $4.50, taxable food, jurisdiction, merchant identity. They never saw Maya's identity, and now they couldn't even if they wanted to.
Maya wants a refund 45 days later
The PII layer is destroyed. The only path to reconstruct the transaction for refund processing runs through Maya's device — through registry, to merchant.
Maya's device
Refund request
"refund tx_a3f2"
signed with api_key_maya
refund request, signed
Registry
Routes request
verifies Maya signature
routes to merchant
verified refund request
Cafe Reverie
Receives request
cannot process alone
PII layer destroyed
awaits fresh token
The merchant cannot process the refund unilaterally. The customer identity tier is destroyed in the vault. Without a fresh token release from Maya's device, there is no way to bind the refund to the original buyer.
The registry's role here is routing, not authorization. The registry verifies Maya's signature and forwards the request to the merchant. It does not hold any decryption material. Only Maya's device can release a token that re-enables decryption.
Maya's device releases a fresh token, refund processes
A new tokenized decryption key, derived freshly from her on-device API key, restores the consumer identity layer for the duration of the refund.
Maya's device
Releases new token
api_key_maya
↓ derives
tx_token_a3f2_refund
scoped to refund only
refund token
Vault
Reconstructs PII layer
re-encrypts consumer tier
with refund token
retention: 7 days
re-enabled envelope
Cafe Reverie
Processes refund
refund $4.50 to Maya
consumer tier readable
briefly, for refund only
Restoration is structurally tied to Maya's device. The cafe could not initiate this. The registry could not initiate this. The on-device API key is the only material in existence that can derive a valid token. No third party — not Anthropic, not the cafe's payment processor, not the cafe's accountant, not a court order applied to anyone other than Maya — can reconstruct the envelope.
After the refund completes, the new retention window (7 days) closes. The refund-scoped token is destroyed. The consumer identity layer goes back to destroyed state. The taxation tier and merchant transaction record persist — the refund event becomes part of the merchant's records and shows up in subsequent taxation authority audits as a legitimate refund.