Protocol Security
Security is the protocol.
Hardware-sealed keys. Dual-signature transfers. On-chain records. Patent-protected.
NOANE was not built and then secured. The protocol is the security model. Take it apart and you do not find a stack of mitigations. You find cryptographic primitives.
Direct Answer
How NOANE is secured.
NOANE is built on three layers: hardware-anchored cryptographic identity, dual-key transfer, and tamper-evident ownership records. A custody record does not advance unless asset-side proof and custodian-side authorization both verify.
Layer One
Hardware-anchored identity.
At manufacture, a hardware-protected credential or key material is provisioned into the device associated with the asset. For supported secure-chip configurations, the private key is generated or protected inside the chip and is not exposed through normal operation. The asset's identity is anchored to the device. There is no separate paper certificate to forge. Hardware anchors the proof.
Principle
Hardware-protected. Never exposed.
Key material is protected within the chip's secure element under normal operation. The device's signature is the only proof the device is the device. No external copy. No export path.
Result
Authentication proves what. NOANE proves who owns it.
Authentication confirms the asset is genuine. NOANE confirms who holds the right to transfer it. These are different questions. The protocol answers both.
Credential provisioning
Hardware-protected key material is provisioned into the device at manufacture. For supported configurations, the key is generated inside the chip's secure element.
Chip binding
The chip's identity is cryptographically bound to the asset record on-chain. The physical object and the digital record are inseparable.
Tamper evidence
Any attempt to extract or clone the key invalidates the chip within its intended security model. The chip's silence is the proof of breach.
Non-extractability
The signature the chip produces can be verified externally, but the key that produced it cannot leave the chip. Verification without exposure.
Layer Two
Dual-key transfer.
Every ownership transfer requires asset-side proof and owner-side authorization. The asset-side proof confirms the physical object is present. The owner-side authorization confirms the current record-authorized party approved the transfer. NOANE prevents advancement of the ownership record until both proofs are confirmed for the specific transfer. Operators do not have to enforce this manually. The protocol refuses to advance without both signals.
Signature 1
Chip signature
The NFC chip signs the transfer request. This proves the physical asset is present and is the asset registered to this record.
Signature 2
Owner signature
The current owner's key authorizes the transfer. Both keys must sign before custody changes on-chain. Neither signature alone is sufficient.
Signature 01
Chip signs
Hardware key inside the NFC chip signs the transfer request. Proves physical asset is present.
Signature 02
Owner authorizes
Current owner's key authorizes the transfer. Proves the right to transfer belongs to this party.
Result
Custody changes
Both signatures verified on-chain. New owner recorded. No human intermediary. No paper required.
Threat Model
Designed for adversarial custody.
NOANE assumes that documents can be forged, databases can drift, scans can be replayed, and possession can be misleading. The protocol is designed around the condition that matters most: ownership should not advance unless the asset and the record-authorized owner both confirm the same transfer.
Failure Modes NOANE Rejects
The protocol refuses weak proof.
NOANE prevents advancement of the ownership record until both the asset-side proof and owner-side authorization are confirmed for the specific transfer.
Layer Three
Continuous custody verification.
Hardware identity proves the asset. Dual-key transfer proves authority. Continuous custody verification proves the present. Any authorized platform, reader, or agent can ask the protocol who holds the asset right now, in a single round-trip, without trusting a paper trail or a third-party attestation. The protocol answers from the on-chain custody record, not from a cached database.
Query Model
One round-trip. One signature-backed answer.
A verifier presents an asset reference. The protocol returns the current record-authorized owner, the asset-side proof state, and the policy mode under which the record advances. The answer is bound to the on-chain custody record, not synthesized from off-chain claims.
Latency Model
Designed for machine speed.
Verification is structured so platforms and agents can resolve custody inside the latency envelope of an autonomous transaction. No human attestation. No queued review. The protocol either confirms current custody or it refuses to answer.
Validation
Validation and certifications.
Patent
US Patent 12,387,199 B2
The dual-key cryptographic custody protocol. Protected intellectual property covering the core transfer mechanism and hardware-binding architecture.
Audit
Independent cryptographic audit
Independent audit partner to be listed when retained. Cryptographic review of the protocol's dual-key implementation and on-chain record integrity.
Compliance
SOC 2 Type II commitment
SOC 2 Type II certification for the NOANE platform layer is on the roadmap for the production release cycle.
Testing
Annual penetration testing
Annual penetration testing of every integration surface by a qualified third-party security firm.
Bounty
Public bug bounty program
A public bug bounty program for the protocol implementation will launch at general availability.
Request a security review.
Talk to the protocol team about integration security, pilot terms, or a technical deep-dive.
Related Research
Architecture-level reference.
For related architecture-level context, see the NOANE Infrastructure Response Paper V2.