Agentic Boundary Tokenization places the cryptographic boundary at the consumer device, not at the merchant or platform. AI agents transact; the protocol witnesses; no party owns the receipt chain unilaterally.
The foundational specification governs the architectural mechanism. Each variant — commerce, identity, voting, judicial authorization, medical, government records, spending, education, evidence, device — is a domain embodiment that inherits the foundational structure and specifies its actor mappings, tier composition, and per-tier projections.
The inventive property: each tier authority's cryptographic capability does not enable access to information beyond their tier's authored projection because such information is not in their ciphertext. Access levels are in the data structure. There is no policy layer to override.
A reference implementation is live at cinematiccard.com. The full specification is filed under U.S. Provisional Patent 64/056,353 and free to implement.
The cryptographic envelope is constructed at the consumer device. The merchant receives ciphertext and a callback URL. The registry observes but does not route. Plaintext never traverses the network.
The consumer's device holds the persistent cryptographic key in hardware-backed secure storage. Personal data is encrypted at the device endpoint before any ciphertext leaves the device. The merchant never holds the plaintext.
When the merchant needs to process the transaction, it requests the per-transaction key from the device through an authenticated callback. The device releases the key — never plaintext — during the negotiated retention window. After retention, releases stop.
Post-retention restoration — for a refund, a dispute, an investigation — requires structural participation by all three parties. The registry observes, countersigns, and extends a permanent hash-chained log. No party can restore unilaterally.
ACP, AP2, and UCP govern the channel — how agents discover merchants, form mandates, and execute payments. ABT governs what happens to PII inside those transactions. They are orthogonal layers that stack.
abt_consumer_pubkey. When present, the merchant routes to the ABT-C path instead of standard checkout.create_checkout_session accepts abt_consumer_pubkey. When provided, routes to ABT-C v2 checkout.| Capability | ABT | What ABT adds | Standard Encryption Visa · Mastercard · Apple Pay · Stripe |
Policy-Based Privacy |
|---|---|---|---|---|
| Encrypted envelope with permission tiers | ✓ | Cryptographic tier boundaries — each party receives only their authorized projection | ✗ | ✗ |
| User-controlled tokenization — no other party holds the key | ✓ | Consumer holds the only key — no merchant or platform can access without consumer action | ✗ | ✗ |
| Per-tier data projection (authored out, not redacted) | ✓ | Data authored out at construction — not filtered after the fact | ✗ | ✗ |
| Cryptographic enforcement — not vendor trust or policy | ✓ | Ed25519 signatures + HKDF key derivation — enforced by math, not vendor promise | Partial | ✗ |
| Hash-chained tamper-evident receipt log | ✓ | Every event signed and chained — independently verifiable by consumer, merchant, and registry | ✗ | ✗ |
| Plaintext never leaves the first party | ✓ | Envelope encrypted before any ciphertext crosses a trust boundary | ✗ | ✗ |
| Forward-only tier activation (no retroactive modification) | ✓ | New authorities added to future envelopes only — past records are structurally immutable | ✗ | ✗ |
| Three-party structural restoration — no single point of control | ✓ | Key recovery requires consumer + merchant + registry — no single party can act unilaterally | ✗ | ✗ |
Cryptography researchers studying envelope encryption, tier-bounded ciphertext, deterministic key derivation, and signed receipt chains in multi-domain consumer-controlled data management.
Privacy researchers studying architectural privacy enforcement, unlinkability, purpose limitation, retention through cessation, and consumer-controlled key custody.
Consumer protection advocates seeking architectural alternatives to policy-based privacy enforcement. Cryptographic structural enforcement, not vendor trust.
Policy researchers examining cryptographic enforcement of storage limitation (GDPR Article 5(1)(e)), data minimization (GDPR Article 5(1)(c)), and consumer protection requirements.
Standards bodies evaluating consumer-side alternatives to merchant-side and platform-issued authorization frameworks including ACP, AP2, Stripe SPT, Apple Pay agents, Visa Trusted Agent, and Mastercard Verifiable Intent.