PRIVATE.ME PLATFORM

xCleared: Zero-Trust Classified Info Sharing

Threshold-authorized classified information sharing for IC and DoD communities. K-of-N clearance holders must cooperate to reconstruct sensitive intelligence.

Government COMING SOON XorIDA Powered

Fast Onboarding

Fast Onboarding: 3 Acceleration Levels

Traditional classified information sharing requires manual PKI setup, security officer coordination, and multi-week clearance verification. Xcleared collapses this to 15 seconds with zero-click accept, 90 seconds with one-line CLI, and 10 minutes with deploy buttons.

Level 1: Zero-Click Accept

15 seconds — Auto-accept invite from env var. No manual DID setup, no clearance registry config.

Node.js/Deno/Bun

// .env file
XCLEARED_INVITE_CODE=XCL-abc123

// Auto-accept on first use
import { createClassifiedDataManager } from '@private.me/xcleared';

const manager = createClassifiedDataManager();

const result = await manager.classify(data, {
  classification: 'TS',
  threshold: 2,
  requiredClearances: ['TS', 'TS']
});
//  Invite auto-accepted, data classified

Level 2: One-Line CLI

90 seconds — Generates clearance DID, saves to .env, classifies first data.

CLI

# Install and initialize
npx @private.me/xcleared init

# Output:
#  Clearance DID generated
#  Saved to .env
#  Clearance registry configured
# Ready to classify data

# Classify your first data
npx @private.me/xcleared classify \
  --input ./intel-report.txt \
  --classification TS \
  --threshold 2 \
  --clearances TS,TS

Level 3: Deploy Buttons

10 minutes — One-click provisioning of clearance registry + share storage on Vercel/Netlify/Railway.

Included:

Clearance verification service
W3C Verifiable Credentials
Share storage (encrypted at rest)
Security officer dashboard
Audit exports

After deployment: env vars auto-configured, clearance DID auto-generated, ready to classify immediately.

Viral Growth Loop

Each clearance holder who receives a share becomes a potential inviter. The 15-second zero-click onboarding removes friction for expanding the cleared network. Traditional PKI-based classified sharing requires weeks of security officer coordination — Xcleared collapses this to seconds via invite codes.

Example: Analyst at NSA classifies intel → shares with DIA analyst → DIA analyst auto-accepts invite via env var → now both can classify/share within their networks. Network effect compounds exponentially.

Section 01

The Problem

Classified information sharing between intelligence agencies and cleared contractors requires trust in individual clearance holders, but insider threats remain the top intelligence community risk.

The DNI’s March 2026 mandate for zero-trust classified sharing reflects decades of insider threat incidents. A single cleared individual with access to classified data can exfiltrate entire programs.

Current compartmentalization relies on access controls that privileged insiders can bypass. Need-to-know is a policy, not a cryptographic guarantee. SCI markings don’t prevent copying.

The Old Way

Section 02

The PRIVATE.ME Solution

xCleared uses XorIDA threshold authorization where classified documents are split so that K-of-N clearance holders must cooperate to access them. No single individual holds enough data to reconstruct any classified document.

Classified documents are XorIDA-split across independent secure compartments. Reconstruction requires threshold cooperation of K clearance holders, each authenticated via DID identity and authorized via xLock push-auth.

Every reconstruction is HMAC-logged with clearance verification, purpose, and timestamp. The audit trail is itself XorIDA-split to prevent log tampering by insiders.

The New Way

Section 03

How It Works

xCleared combines XorIDA classified document splitting with DID-authenticated clearance verification and threshold-authorized reconstruction.

Key Security Properties

Classified documents are XorIDA-split. No single clearance holder sees complete documents. Reconstruction requires K-of-N cooperation. Audit trails are themselves XorIDA-split against insider tampering.

Section 04

Use Cases

️

Intelligence

IC Information Sharing

Threshold-controlled classified info sharing across intelligence agencies.

️

Defense

DoD Classified Access

Zero-trust classified document access with multi-party reconstruction.

DoD

Security

Insider Threat Defense

Cryptographic enforcement of need-to-know via threshold splitting.

Insider

Compliance

Audit Trail Protection

XorIDA-split audit trails preventing insider log tampering.

Audit

Section 05

Integration

Quick Start

import { ClassifiedVault } from '@private.me/classifiedsplit';

const vault = await ClassifiedVault.create({
  classification: 'TS/SCI',
  compartments: [compA, compB, compC],
  threshold: { k: 2, n: 3 }
});

ClassifiedVault.create(opts): Promise<Result<ClassifiedVault, ClassError>>

Creates a threshold-controlled classified document vault with DID-authenticated clearance verification and multi-party reconstruction.

Section 06

Security Properties

Property	Mechanism	Guarantee
Documents	XorIDA K-of-N split	Information-theoretic
Clearance	DID + xLock verify	Per-reconstruction check
Audit	XorIDA-split logs	Insider-tamper-proof
Authorization	Threshold K-of-N	Multi-party required

$18.4B

Classified IT TAM

K-of-N

Threshold access

Zero

Trust

Section 07

Benchmarks

Performance characteristics measured on Node.js 22, Apple M2. xCleared enables classified document sharing with sub-10ms cryptographic overhead — network delivery dominates total latency.

<1ms

Doc Split

~5ms

Secure Delivery

<0.1ms

Clearance Check

0 bits

Per-share Exposure

Operation	Time	Notes
XorIDA split 1 KB document	~58µs	2-of-2 threshold split over GF(2)
XorIDA split 10 KB document	~0.5ms	Typical classified memo
XorIDA split 100 KB document	~5ms	Report with embedded graphics
HMAC-SHA256 tag per share	<0.1ms	Integrity verification
Clearance level validation	<0.1ms	DID + clearance level lookup
xLink secure delivery	~5ms	Split-channel V3 with PQ KEM
Reconstruct from shares	~58µs–5ms	Size-dependent: HMAC verify + XOR
Audit log entry	<0.5ms	HMAC-chained access record

Classified Sharing Architecture Comparison

Property	SIPRNet	S/MIME	Cross-Domain Solution	xCleared
Network required	Dedicated classified network	Any network	Hardware appliance	Any network
Setup cost	$100K+ per site	PKI certificates	$500K+ appliance	npm install
Key management	NSA-managed	PKI hierarchy	HSM required	No keys (IT-secure)
Quantum resistance	NSA Suite A	RSA/ECC	Hardware-dependent	Information-theoretic
Audit capability	Classified logs	Email headers	Device logs	HMAC-chained + xProve

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xCleared generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Section 08

Honest Limitations

Five known limitations documented transparently. xCleared provides cryptographic infrastructure for classified sharing, not a replacement for accredited systems.

Limitation	Impact	Mitigation
Not a certified Cross-Domain Solution	xCleared has not undergone NSA/NIAP evaluation for cross-domain data transfer. It cannot be used as the sole CDS for classified-to-unclassified transfers without additional accreditation.	xCleared is designed to operate within an existing security architecture, not replace it. The cryptographic layer adds defense-in-depth to accredited systems. Certification pursuit is planned.
Requires authenticated endpoints	Both sender and recipient must have xLink-authenticated DID identities. Anonymous or ad-hoc sharing is not supported.	DID-based identity is intentional — classified sharing requires strong authentication. xID provides identity infrastructure with ephemeral presentations for unlinkability.
No classification label enforcement	xCleared verifies clearance levels but does not enforce or propagate classification labels (UNCLASSIFIED, SECRET, TOP SECRET) at the document metadata level.	Classification labeling is a policy function handled by the document management system. xCleared provides the cryptographic transport layer; policy enforcement sits above it.
Offline recipient cannot receive	Recipients must be online to receive xLink-delivered shares. Classified documents cannot be pre-staged for offline recipients.	xStore can pre-stage encrypted shares for later retrieval. The recipient authenticates and retrieves shares when connectivity is available. TTL controls ensure time-bounded access.
US-centric compliance mapping	Current compliance documentation maps to US frameworks (NIST 800-53, FedRAMP, CMMC). International frameworks (NATO, EU, Five Eyes) require separate analysis.	The cryptographic properties (IT-secure, no keys, quantum-proof) are jurisdiction-agnostic. Compliance mapping for international frameworks is planned. The underlying technology works regardless of regulatory context.

VERIFIED BY XPROVE

Cryptographic Proof of Correctness

This ACI's computations can be cryptographically verified by xProve — so regulators, auditors, and counterparties can confirm results without re-running the computation or accessing the underlying data.

XPROVE INTEGRATION

Tier 1: HMAC audit trail — always on, ~1.3x overhead.
Tier 2: Commit-and-reveal — anti-equivocation for Beaver triples.
Tier 3: IT-MACs — malicious-security detection between parties.
Tier 4: KKW zero-knowledge proofs — publicly verifiable, ~50 KB, post-quantum.

Read the xProve white paper →

GET STARTED

Ready to deploy xCleared?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

Deployment Options

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xcleared
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xCleared is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →