Protocol Specification
The complete technical specification for the Digital Identity Authorization Protocol.
The Internet Lacks Identity Infrastructure
AI generation quality has crossed the “convincing” threshold. The result is legal risk, reputational harm, fragmented deals, and talent opting out entirely.
Unauthorized Generation at Scale
AI makes it cheap to synthesize convincing humans. Likenesses and voices are generated without consent, creating legal risk and reputational harm.
Fragmented Enforcement
No standard method exists to request consent, enforce scope limits, or prove authorization across apps and vendors.
No Standard Verification
Platforms and distributors lack a shared verification method to confirm whether synthetic content was authorized.
Weak Audit Trails
Studios, unions, and talent representatives have no reliable way to audit how identity assets are being used.
Value Misalignment
Value accrues to platforms while talent lacks residual-like economics for their digital identity usage.
Visibility Exposure
Even being searchable or selectable inside an AI app can violate talent intent if platform access was never granted.
Why Now
Two-Layer Consent Engine
DIAP distinguishes between platform visibility and project usage authorization, preventing premature exposure of identities inside AI applications.
Platform Visibility Authorization
A policy decision by the identity owner controlling whether a given AI app can list, search, display, or select their identity. If denied, the identity is completely invisible and unselectable.
Project/Campaign Usage Authorization
A scoped license token grant for a specific project or campaign under a compliance profile. Enables rendering within defined limits and triggers provenance and receipt logging.
Enforcement Flow
Certification Check
App verifies its own DIAP-Certified status via Trust Registry
Visibility Check (PVA)
App checks Platform Visibility Authorization for target identity
Identity Displayed
If allowed, identity may be shown as selectable under listing constraints
License Request (PCUA)
On selection, app creates a scoped LicenseRequest for the project
Token Issuance
Issuer evaluates request against compliance profile; approval yields signed token
Execution & Receipts
Gateway verifies token, enforces scope, produces outputs and provenance receipts
Human-Rooted Authority
Least Exposure
Interoperable
Revocable
Auditable
Policy-First Safety
Protocol Components
A modular, build-ready architecture designed for security, interoperability, and enterprise-grade deployment.
Identity Vault
Stores identity modules (voice, face, expression, motion) with KMS/HSM integration and secure enclave support. Assets never leave the vault without authorization.
Platform Visibility Service
Evaluates PVA policies in real-time. Returns allow/deny decisions with listing constraints (discoverable, invite-only, hidden).
Policy / Consent Engine
Evaluates LicenseRequests against compliance profiles. Manages approval workflows including per-render, per-project, and quota-based modes.
License Authority (Issuer)
Issues signed, PoP-bound license tokens. Manages quotas, audit logs, and delegation from the DIAP Central Authority.
Revocation Registry
Low-latency revocation checks with push-based updates and webhooks. Supports license, app, and campaign-level revocation with emergency kill switches.
Execution Gateway
The enforcement point. Verifies tokens, enforces policy, routes generation through adapters, embeds dual-layer watermarks, and emits events for provenance tracking.
Provenance Service
Watermarking and receipt generation. Verification endpoints enable downstream platforms to confirm authorization of any synthetic output.
Trust Registry Service
Central directory of certified issuers, apps, keys, and revocation endpoints. The root of trust for the entire DIAP ecosystem.
Developer Portal & SDKs
Registration, key management, conformance tests, and integration examples. Integrate once, be compliant everywhere.
Studio Compliance Suite
Approvals dashboard, audit exports, role-based controls, and campaign management for enterprise studio workflows.
Identity Modules
Identity is represented as independent modules with explicit purpose limitation and sensitivity metadata. Each module can be licensed independently.
VoiceModuleVoice embeddings and synthesis parameters
VOICE_RENDERFaceModuleFacial geometry, texture, and appearance
FACE_RENDERExpressionModuleFacial expression mapping and control
EXPRESSION_RENDERMotionModuleBody motion capture and kinematics
MOTION_RENDERFootprintModuleOptional persona metadata (not required for core auth)
Rights Taxonomy & Scope
Rights
TRAINING_USE is explicitly separate from render/inference rights.
Scope Dimensions
Approval Modes
Protocol Mechanics
Certificates, tokens, receipts, and verification endpoints — the building blocks of machine-enforceable consent.
Proof-of-Consent Certificate
VERIFIEDEvery AI-generated frame carrying a human likeness embeds a DIAP PoC Certificate in its metadata. This is the cryptographic proof that consent was obtained before render.
Verification Semantics
Token Verification
Signature chain to certified issuer in Trust Registry + PoP binding + scope checks + revocation status
Receipt Verification
Signature chain + output hash match + dual-layer watermark (pixel + audio) validation for downstream proof
Platform Verification
Distribution platforms can require valid receipts for any monetized synthetic human content
Revocation & Threat Model
Short-lived tokens reduce blast radius by limiting exposure window
Revocation Registry: revoke by license_jti, app_id, or campaign
Push-based revocation for emergency kill-switch behavior
Gateway enforcement: registry check required at render time
Threat Model
Trust Registry (Root of Trust)
The DIAP Central Authority anchors global verification through the Trust Registry. It maintains certification status and root trust keys that allow any participant to validate whether a token/receipt is authentic and whether an issuer/app is compliant.
Root Keyset
Signs Trust Registry snapshots and updates
Issuer Registry
Approved License Authorities with public keys
App Registry
DIAP-Certified apps, versions, and status
Revocation Endpoints
Per-issuer revocation check endpoints
Policy Profiles
Canonical IDs for compliance conformance tests
Key Rotation
Documented procedures for compromise response
Dual-Layer Watermark & Modification Tracking
Every asset rendered under DIAP carries two independent watermarks: a pixel-level steganographic payload in the image data, and an ultrasonic audio frequency fingerprint in the sound track. A separate per-pixel modification mask records exactly what AI changed — and what it didn't.
Layer 1: Pixel Cryptographic Watermark
STEGANOGRAPHIC LSB ENCODING
A steganographic watermark encoded into the least-significant bits of pixel data. Invisible to the human eye but machine-readable. Survives compression, re-encoding, and social media upload.
Encodes
Channel: Visual. Embedded in pixel data — travels with images and video frames.
Layer 2: Audio Frequency Watermark
ULTRASONIC 18–20.5kHz TONES
Inaudible ultrasonic tone patterns embedded in the audio track. 49 frequency sub-bands encode a unique fingerprint. Even if the video is visually altered, the audio frequency signature persists.
Encodes
Channel: Audio. Independent of visual data — survives video re-encoding and visual alterations.
Forensic Layer: Modification Mask
STORED IN DIAP VAULT
A per-pixel binary map recording exactly which pixels are original vs. AI-modified. Stored securely in the DIAP vault, linked to the render receipt by Token ID. Never embedded in the file.
Records
Channel: Off-file. Forensic-only — visible to talent, delegates, and auditors.
Why Three Separate Layers?
Independent Channels
Pixel watermarks live in visual data; audio watermarks live in the sound track. An attacker must defeat both independently — if one is compromised, the other still tracks.
Resilience to Alteration
A deepfake can replace the visual frames, but the original audio frequency fingerprint (18–20.5kHz) persists. Audio can be stripped, but the pixel watermark in remaining frames still identifies the source.
Quality Preservation
Each layer encodes only what fits its channel. Pixel LSB stays invisible. Ultrasonic tones stay inaudible. The modification mask stays off-file entirely.
Forensic Security
The modification mask — which reveals exactly what AI did — is too large and too sensitive to embed in the file. It stays in the DIAP vault, protected.
Three Levels of Verification
Different participants see different depths of information. Public verification is open to everyone. Detailed modification data is restricted to the people it belongs to.
Public Verification
Anyone — platforms, moderators, audiences
Free API call, no authentication required
Returns
Does Not Return
Dual-Layer Survival: Downloads & Distribution
Both watermark layers are embedded in the content itself — not in file metadata. They travel with the file through different channels (visual + audio), providing redundant tracking.
How Verification Works in Practice
Platform verifies content
Public verificationA streaming platform receives content containing a talent's likeness.
Their content pipeline scans the file with DIAP's public Verification API.
The watermark is extracted → Token ID found → DIAP returns:
Deepfake detected
No watermark foundSomeone creates a deepfake of Marcus Rivera without going through DIAP.
The same platform scans the content. No DIAP watermark found.
Talent reviews what AI actually did
Owner verificationMarcus logs into his Identity Vault on diap.my.id.
He opens the Meridian render receipt and views the modification mask:
Modification Report — Meridian, Episode 3
Frames 4200–4847: 23% of pixels AI-modified
Model used: Nuke AI Face Enhance v3.2
Rights verified: FACE_RENDER authorized
Heatmap available: View pixel-level modification map →
Summary: What Lives Where
| Data | Stored In | Visible To | Survives Download |
|---|---|---|---|
| Layer 1: Pixel watermark | In the pixels (steganographic LSB) | Anyone (public API) | Yes — travels with images & video frames |
| Layer 2: Audio frequency watermark | In the audio (ultrasonic 18–20.5kHz) | Anyone (public API / Sound ID lookup) | Yes — travels in audio track |
| Modification mask (pixel-level) | DIAP audit trail | Talent + delegates + auditors | N/A — not in the file |
| Render receipts | DIAP audit trail | Talent + delegates + auditors | N/A — not in the file |
| License status | DIAP registry (live) | Anyone (public API) | N/A — live check per request |
Two independent watermark channels — pixel (visual) and audio (ultrasonic) — provide redundant public proof that travels with every file. The modification mask is the private forensic detail secured in DIAP's vault. Together, they form a resilient three-layer provenance system.
Vector Fingerprinting
Every asset — visual and audio — is converted into a mathematical fingerprint. Searchable, matchable, and verifiable at near-zero cost. No pixel comparison. No watermark dependency. Pure vector intelligence.
System Architecture
Visual Fingerprint Pipeline
Every visual asset is converted into a 512-dimensional vector — its unique mathematical DNA.
Asset Uploaded
Image, video frame, poster, graphic, or document visual enters the DIAP pipeline
Visual Processor
Preprocessing — normalization, denoising, resolution standardization
CNN Feature Extraction
EfficientNet-B4 encoder extracts deep visual features from the asset
Vector Embedding
512-dimensional float array generated — the asset's unique mathematical DNA
Stored in Vector Core
Embedding indexed via HNSW in the unified DIAP Vector Core database
Continuous Scan
Scan Agent queries new content against stored vectors 24/7
Match → Action
Above threshold → alert fired, compliance action triggered, audit logged
Detection Capabilities
Detects assets even when cropped, recolored, resized, rotated, or composited
Processes video by extracting keyframes and vectorizing each frame independently
Supports batch ingestion for large asset libraries (millions of assets)
Returns matches in <5ms via approximate nearest-neighbor (ANN) search
Similarity threshold configurable per client (strict vs. loose matching)
Handles partial matches — cutouts, overlays, and derivative works detected
Two Layers, One Protocol
DIAP uses two complementary detection technologies. Neither replaces the other — they solve different problems.
Steganographic Watermark
Embeds provenance data directly into pixel LSBs. Proves this specific file was authorized.
Vector Fingerprint
Converts asset into mathematical embedding. Detects any content that matches — even derivatives.
Unified Database
The central nervous system of the Asset Intelligence Layer. PostgreSQL 16+ with pgvector extension, HNSW indexing, and multimodal vector storage — visual, audio, identity, and receipts in one queryable store.
Visual Vector Store
512-dim embeddings per image/frame
Audio Vector Store
256-dim embeddings per audio window
Identity Module Store
FaceVector, VoiceVector, ExpressionVector, MotionVector per identity
Receipt Hash Store
SHA-256 hashes of all render receipts — immutable, write-once
Search Performance
ANN Search
Approximate Nearest Neighbor search for speed at scale — not brute force, not compromised accuracy
HNSW Indexing
Hierarchical Navigable Small World graphs for high-recall vector retrieval
Multimodal
Visual and audio vectors live in the same queryable space — cross-modal matching supported
Immutable Receipts
Write-once render receipts with SHA-256 integrity hashes — no UPDATE, no DELETE
Client Isolation
Each client's vectors are logically partitioned — no cross-client leakage
Encrypted at Rest
AES-256 encryption on all stored vectors — TLS 1.3 in transit
Vector Search Queries
Visual Similarity Search
Find top 10 most similar visual assets to a query vector
SELECT
v.asset_id,
a.asset_name,
a.client_id,
1 - (v.embedding <=> $1::vector) AS similarity_score
FROM visual_vectors v
JOIN assets a ON v.asset_id = a.asset_id
WHERE a.status = 'active'
ORDER BY v.embedding <=> $1::vector
LIMIT 10;Uses pgvector <=> operator for cosine distance. HNSW index ensures sub-linear query time.
Database Schema
10 core tables. Write-once receipts. HNSW vector indexes. Client-partitioned.
AI Agents & Compliance
Five autonomous agents replace manual compliance operations. Running 24/7, scaling independently, failing gracefully. Human oversight, machine execution.
Scan Agent
Continuous DetectionContinuously crawls the internet, internal networks, broadcast feeds, and social media — comparing discovered content against all stored vector fingerprints in real time.
Always running — scheduled sweeps + event-driven scans
End-to-End Data Flow
Compliance Dashboard
Real-time visibility into every asset, every match, every authorization.
Match Alerts
Prioritized queue of unauthorized usage detections with similarity scores and source URLs
Usage Statements
Auto-generated reports per asset, per client, per campaign — full authorization chain
Audit Export
One-click export of full compliance bundle for legal/regulatory use
Role-Based Access
Admin, Compliance Officer, Viewer permission tiers with granular controls
Real-Time Feed
Live stream of all system events — scans, matches, authorizations, revocations
Asset Monitor
Per-asset dashboard showing all known usages, authorized and unauthorized
API Surface
/api/v1/assets/register/api/v1/assets/search/visual/api/v1/assets/search/audio/api/v1/assets/{id}/matches/api/v1/tokens/issue/api/v1/tokens/{id}/revoke/api/v1/receipts/submit/api/v1/compliance/{client}/report/api/v1/scan/trigger/api/v1/matches/unauthorized/api/v1/profiles/createCost Model — 98% Reduction
Vector search replaces brute-force comparison. AI agents replace human reviewers. The economics are not incremental — they are structural.
| Component | Traditional | DIAP Vector | Saving |
|---|---|---|---|
| 1M visual checks/month | ~$10,000 | ~$100 | 99% |
| 1M audio checks/month | ~$8,000 | ~$80 | 99% |
| Compliance review (human) | $5,000/mo | ~$200 (agent) | 96% |
| Audit generation (human) | $2,000/mo | ~$50 (agent) | 97.5% |
| Total monthly at scale | ~$25,000 | ~$430 | 98% |
Build Roadmap — 20 Weeks
Core Infrastructure
Weeks 1–6- DIAP Vector Core setup (HNSW index, sharding, encryption)
- Visual Fingerprint Engine (CNN encoder, batch ingestion)
- Basic dashboard (asset upload, vector search, match viewer)
Audio Layer
Weeks 5–10- Audio Fingerprint Engine (spectrogram, landmark extraction)
- Audio Vector Store integration into Vector Core
- Broadcast + stream scan pipeline
Rights Engine
Weeks 8–14- License Token issuer + schema
- Render Receipt Generator (write-once, HMAC-signed)
- Revocation Registry + kill switch integration
- Compliance Profile Manager
Agent Layer
Weeks 12–18- Scan Agent (web crawler + broadcast monitor)
- Consent Agent (real-time authorization)
- Revocation Agent (instant deactivation)
- Audit Agent (report generator)
- Alert Agent (multi-channel routing)
Dashboard & API
Weeks 16–20- Compliance Dashboard (match alerts, usage statements, audit export)
- Full REST API with JWT authentication
- Client onboarding + SDK documentation
- Load testing + production hardening
Database
PostgreSQL 16+ with pgvector, 32GB RAM, 8 CPU cores, NVMe SSD
Encoder Service
Python 3.11+, PyTorch 2.x, NVIDIA A10G GPU for batch encoding
Agent Runtime
Celery + Redis distributed task queue, horizontally scalable workers
API Layer
FastAPI async, JWT auth, client-scoped API keys, rate limiting
ScriptModule
Writer & authorship protection. A first-class protected asset type for authored writing and project literary materials — extending DIAP with consent-first script governance.
Non-goal: ScriptModule is not a replacement for copyright registration, chain-of-title, or legal guild processes. It is a technical enforcement and audit layer that ensures scripts are handled according to their owner's authorized policies within AI systems.
Protected Writing Assets
DIAP is primarily an identity authorization protocol (voice / face / expression / motion). However, studio-grade compliance requires protecting writing assets and their authorized downstream use — especially when scripts are used to generate derivative outputs or as training material.
Any authored writing used in development/production — screenplay drafts, outlines, treatments, bibles, pitch decks, scene text, dialogue, alt-lines, script notes, revisions.
The natural person(s) who authored the Script Asset, or an authorized rights holder/representative (estate, production company) acting on their behalf.
Any AI-assisted generation using Script Assets as input/context — new scenes, dialogue, scene variants, summaries, character breakdowns.
Using Script Assets to train/fine-tune a model, build embeddings for general reuse, or incorporate content into persistent model weights beyond the specific job.
Rights Taxonomy (Writing)
Industry Implementation
From film production to distribution verification, DIAP provides the consent infrastructure for every stage of the AI identity pipeline.
Film & Television
Previs, dubbing, localized promos, and digital doubles under strict scope. Union-ready controls with mandatory checkpoints for role/script approval and final output review.
No-photoshoot posters & key art via Marketing Avatar Workflow
DIAP-Certified design tools check PVA before showing talent
Creative-lock checkpoints: shortlist approval, final select
Every exported output carries dual-layer watermark (pixel + audio) for verification
Audit bundles for legal/compliance; usage statements for talent
Advertising & Marketing
Actor avatars for posters, billboards, social ads, and international variants. Brand-safe compliance profiles with reputational protection.
FACE_RENDER + EXPRESSION_RENDER under DIAP-Brand-Safe
Territory-specific licensing with global campaign support
Creative-lock workflow ensures brand alignment
Per-line or per-spot approvals for sensitive campaigns
Games & VR
Motion and voice licensing with usage statements. Real-time rendering authorization with quota-based approval modes.
MOTION_RENDER + VOICE_RENDER scoped to game/experience
Quota-based authorization for interactive applications
Watermarked outputs for distribution verification
Education & Enterprise
Authorized speaker avatars with mandatory disclosure and comprehensive audit trails. Non-commercial constraints enforced by policy.
DIAP-Education-NonCommercial profile with disclosure_required
Blocks on political persuasion, endorsements, fundraising
Full audit trail for institutional compliance
Distribution Verification
"Was this authorized?" — verification for platforms. Distribution platforms can require valid receipts for monetized synthetic human content.
Receipt verification via /v1/receipts/verify endpoint
Watermark scanning toolkit for platform-level compliance
High-volume verification API for content moderation
Studio Marketing Workflow: No-Photoshoot Posters & Key Art
DIAP turns identity usage into a controlled, auditable workflow that mirrors existing entertainment contract structures.
Studio uses DIAP-Certified design tool (e.g., Nano Banana Studio Tier)
Tool checks Platform Visibility Authorization for Actor X
If allowed, Actor X is selectable under listing constraints
Studio requests marketing-static rights (FACE_RENDER + EXPRESSION_RENDER) under DIAP-Brand-Safe
Actor/rep approves with optional creative-lock checkpoints
Design tool generates variants; only authorized final selects are exported
Every exported final select carries dual-layer receipt/watermark + Sound ID
Studio obtains audit bundle; actor receives usage statement + compensation
Localization & Dubbing
VOICE_RENDER scope granted per territory/language with strict rating and claim restrictions. Per-line approvals supported for sensitive campaigns.
Union-Ready Controls
Mandatory checkpoints (role/script approval, final output review). Exportable statements for reps. Distribution hold for disputes. Training rights always separate.
Policy Presets
Standardized policy templates that define approval modes, category blocks, provenance requirements, and audit exports. Stored as first-class policy objects.
Talent-Strict
Maximum control for public figures
Brand-Safe
Commercial use with reputational safety
Union-Ready
Union-style approvals and dispute workflows
Indie Creator
Low friction licensing with provenance
Enterprise-Verified
High assurance for studios/enterprises
Education / Non-Commercial
Learning/research with strict constraints
Transparent Pricing
DIAP monetizes infrastructure and compliance — not a percentage of talent pay. Talent access to vault and policy controls is free or subsidized to maximize participation.
Central Authority Access
SDK + registry access + certification + verification endpoints for AI applications.
Studio Compliance Suite
Dashboard, approvals, audit exports, and campaign management for studio workflows.
Distribution Verification
High-volume verification API + watermark scanning toolkit for platforms.
Enterprise Security Pack
Dedicated tenancy, SLAs, advanced attestations, and incident response.
Annual Fee
A predictable annual subscription covers platform access, certification, compliance tooling, and baseline API capacity. Designed to fit studio procurement models — one line item, no surprises.
Usage-Based Billing
Beyond the base tier, usage scales with your actual consumption. Pay only for what you use — billed monthly, metered transparently. No percentage-based fees on talent compensation.
Why This Pricing Model Works
Procurement Fit
Studios buy SaaS tools, not usage taxes. DIAP fits existing procurement workflows with a single, predictable line item.
Predictability
Annual fees give budget certainty. Usage-based overages are transparent and proportional — no hidden multipliers.
Neutrality
No percentage of talent pay avoids conflict-of-interest perception with compensation structures.
Scalability
Supports massive volumes across multiple apps and platforms. Marginal cost decreases as usage grows.
Standardization Path
DIAP starts centralized for speed and evolves to federation as unions, studios, and major platforms participate. Common verification always anchored.
Centralized Pilot
Single DIAP Central Authority + delegated issuers. Publish spec, schemas, and conformance tests publicly. Launch DIAP-Certified program.
Multi-Issuer Expansion
Multiple certified issuers (studios, unions) listed in the registry. Pilot with anchor talent + studio marketing workflow. Expand to localization/dubbing.
Federation Governance
Multi-party steering, transparent audits, standardized key ceremonies. Multi-stakeholder governance for studios, unions, and platforms.
DIAP-Certified Program
Conformance test suite ensures apps enforce tokens correctly and emit receipts
Security requirements: key handling, PoP binding, audit logging, revocation checks
Versioned certification tied to app version + integration mode
Ongoing compliance with periodic audits; immediate suspension for violations
Operational Security & Key Management
Formal key ceremonies and rotation schedules for Trust Registry root keys
Issuer key rotation requirements and incident reporting SLAs
Audit logs and tamper-evident storage for critical events
Emergency suspension process for compromised apps/issuers
Standardization Strategy
Publish DIAP spec + schemas + conformance tests publicly
Launch DIAP-Certified program for AI apps and studio modules
Pilot with anchor talent + studio marketing workflow including PVA
Expand to localization/dubbing and distribution verification
Form multi-stakeholder governance for federation