Protocol Specification
The Digital Identity Authorization Protocol. How studios prove every AI use of human identity was authorized.
Studios protect content brilliantly. Identity is the next layer.
DRM, forensic watermarking, and security operations protect the film. Legal teams and guild contracts protect the deal. TrustMark adds the identity authorization layer — so studios can prove every AI use of a human likeness was authorized, scoped, and auditable.
External AI Training
ByteDance, Midjourney — training on public footage outside studio relationships
Provenance
Studios authorize AI use — TrustMark provides the technical proof that it happened
Compliance
Guild contracts mandate machine-readable authorization — TrustMark delivers it
Two-layer authorization engine
TrustMark separates visibility from usage. Layer 1 controls who can see an identity exists. Layer 2 controls per-project usage rights — scoped by project, territory, and duration.
Visibility Authorization
Controls whether a studio can even discover a talent's identity data exists in the registry. Think of it as a directory listing — you get introduced before you negotiate.
Usage Authorization
Project-scoped license tokens with territory, duration, and usage-type limits. A render token for a poster does not imply training rights.
Six components
The protocol is modular. Studios integrate the parts they need.
Identity Vault
Secure identity records for face, voice, and motion. Verifies identity without storing raw data.
Token Registry
Project-scoped license tokens. Time-limited, territory-bound, revocable. Studios request, talent (or agents) approve.
Render Receipts
Per-frame proof of what was rendered, when, and under what authorization.
Watermark Layer
Invisible provenance watermarks in every authorized output. Detectable even in screenshots and re-encodes.
Token Heartbeat
Real-time status checks. Active tokens check in periodically. Revoked tokens are caught mid-render.
Compliance Profiles
Machine-readable policy presets that map to guild contract clauses. Union-Ready, Brand-Safe, Talent-Strict.
Three overlapping mechanisms
No single mechanism is foolproof. TrustMark uses three that overlap:
Render Receipts
Mandatory for all TrustMark-certified tools. Every AI render produces a receipt — what was produced, when, under what token, with what identity data.
Token Heartbeat
Active tokens check in periodically. If a talent revokes mid-project, the studio knows within minutes — not weeks. In-progress renders are flagged before distribution.
Watermark Verification
Invisible provenance watermarks embedded in every authorized output. Detectable after the fact — in screenshots, re-encodes, and redistributed content.
Who can do what
The delegation model mirrors how the industry already works. Agents manage day-to-day — critical actions are talent-only.
| Action | Talent | Agent | Studio |
|---|---|---|---|
| Approve license request | ✅ | ✅ | — |
| Set Layer 1 visibility | ✅ | ✅ | — |
| Emergency revocation | ✅ | — | — |
| Delete vault data | ✅ | — | — |
| Submit render receipt | — | — | ✅ |
| Request license token | — | — | ✅ |
Who pays for what
Talent
Free forever. Register, manage, revoke — no cost. Identity protection is a right, not a product.
Studios
Annual platform fee + per-token usage billing. Fits standard studio procurement. No percentage of talent pay.
Authorization for written works
TrustMark extends beyond identity to scripts, story bibles, and narrative assets. Writers register work with a unique fingerprint. Four independent rights:
READ
View the script
DERIVATIVE
Generate new work from it
EXPORT
Copy or distribute
TRAINING
Use to train AI models
TRAINING defaults to NO. Every access is logged with a permanent audit trail.
Governance & Certification
TrustMark operates the protocol, the Trust Registry, and the certification program. Studios, guilds, and talent representatives provide ongoing input through advisory channels.
Protocol Specification · DIAP v2.0