Loading...
private.me Docs
Get xWarden
PRIVATE.ME PLATFORM

xWarden: Physical Evidence Custody Chain

Every evidence item is XorIDA-split into QR shares. Every custody transfer generates an HMAC-chained audit entry with Ed25519 signatures. Append-only chain provides cryptographic proof of custody integrity.

Physical-Digital COMING SOON Double XorIDA
Section 01

The Problem

Physical evidence chain of custody relies on paper logs and institutional trust. Tampered logs can undermine forensic integrity. There is no cryptographic proof that evidence was not altered between custody transfers.

From the crime scene to the courtroom, physical evidence passes through multiple custodians: investigators, transport officers, lab technicians, evidence room clerks, and attorneys. Each transfer is recorded in a paper log or basic database that can be altered without detection.

A single compromised custodian can alter the log to cover evidence tampering. Defense attorneys routinely challenge chain of custody — and win — because paper logs provide no cryptographic guarantee that the evidence presented in court is identical to what was collected at the scene. The integrity of the entire justice system depends on trust in a paper trail.

The Old Way

EVIDENCE OFFICER A LAB TECH COURT PAPER LOG TAMPERED No cryptographic proof of custody integrity
Section 02

The PRIVATE.ME Solution

Each evidence item is XorIDA-split into QR shares distributed to custodians. Every custody transfer generates an Ed25519-signed, HMAC-chained audit entry. The append-only chain is cryptographic proof of unbroken custody.

When evidence is collected, its digital fingerprint (hash + metadata) is XorIDA-split into QR shares distributed to independent custodians. The evidence item carries a QR tag linking it to its custody chain. Every transfer between custodians generates a log entry signed with the outgoing custodian's Ed25519 key and countersigned by the incoming custodian.

Each log entry includes the HMAC of the previous entry, creating an append-only chain. Altering any entry breaks the chain from that point forward. In court, the HMAC chain provides mathematical proof that the evidence custody record has not been tampered with — replacing "trust us" with "verify the math."

The New Way

EVIDENCE ITEM XorIDA + QR TAG OFFICER (QR) LAB (QR) CLERK (QR) HMAC-CHAINED CUSTODY LOG COURT: VERIFY CHAIN
Section 03

How It Works

A four-stage pipeline: evidence registration with digital fingerprint, QR share distribution to custodians, Ed25519-signed transfer logging, and HMAC-chained custody verification.

1. REGISTER Hash + Metadata 2. SPLIT XorIDA QR Shares 3. TRANSFER Ed25519 Signed 4. VERIFY HMAC Chain CUSTODY TRANSFER Outgoing custodian signs transfer with Ed25519 key. Incoming custodian counter- signs acceptance. Both signatures stored in log entry with timestamp, location, and evidence condition descriptor. APPEND-ONLY CHAIN Each log entry contains HMAC of the previous entry. Chain is tamper-evident: altering any entry invalidates all subsequent entries. Court can verify the entire chain mathematically.
Key Security Properties
Non-repudiation: Ed25519 signatures from both outgoing and incoming custodians on every transfer. No custodian can deny having handled evidence.

Tamper-evident chain: HMAC-chained entries create an append-only log. Altering any entry in the chain is immediately detectable by verifying the HMAC sequence.

Evidence integrity: The evidence item's cryptographic hash (SHA-256) is recorded at registration. Any subsequent physical tampering is detectable by re-hashing and comparing.
Section 04

Use Cases

👮
Law Enforcement
Police Evidence Rooms

Every evidence item QR-tagged at collection. Every check-in, check-out, and transfer HMAC-logged. Defense counsel can independently verify the chain. No more "lost" evidence.

Chain of Custody
🔬
Forensics
Forensic Laboratories

Lab receipt, testing, and return of evidence items cryptographically logged. Lab technician signs receipt and condition assessment. Results linked to unbroken chain.

Lab Integrity
Legal
Courtroom Chain of Custody

Attorneys and judges verify the HMAC chain independently. Mathematical proof replaces witness testimony about custody handling. Stronger evidentiary foundation.

Admissibility
📋
Insurance
Insurance Claim Evidence

Physical evidence for insurance claims (damaged goods, accident artifacts) tracked with HMAC chain. Prevents evidence substitution fraud. Adjusters verify chain before settlement.

Fraud Prevention
Section 05

Integration

Quick Start
import { registerEvidence, transferCustody } from '@private.me/physicalcustody';

// Register evidence with custodian list
const chain = await registerEvidence(
  { id: 'EV-2026-0042', hash: evidenceHash, type: 'physical' },
  ['officer-badge-1234', 'lab-tech-5678', 'clerk-9012']
);

// Transfer custody (both parties sign)
const result = await transferCustody(chain, {
  from: 'officer-badge-1234',
  to: 'lab-tech-5678',
  condition: 'sealed, intact'
});
// result.auditLog contains HMAC-chained entries
registerEvidence(item: EvidenceItem, custodians: string[]): Promise<CustodyChain>
Registers a physical evidence item and initializes its custody chain. The item's hash and metadata are XorIDA-split into QR shares. Returns a CustodyChain handle for subsequent transfers and verification.
transferCustody(chain: CustodyChain, transfer: { from: string, to: string, condition: string }): Promise<Result<CustodyEntry, CustodyError>>
Records a custody transfer with Ed25519 dual signatures (outgoing + incoming). Creates an HMAC-chained log entry with timestamp, location, and evidence condition. Returns the new CustodyEntry or error if either party is not a registered custodian.
Section 06

Security Properties

PropertyMechanismGuarantee
Evidence IntegritySHA-256 hash at registrationTamper detection via re-hash
Non-RepudiationEd25519 dual signaturesBoth custodians sign each transfer
Audit IntegrityHMAC-chained logTamper-evident append-only chain
SecrecyXorIDA QR sharesInformation-theoretic (unconditional)
VerifiabilityIndependent chain verificationAny party can verify the full chain
Ed25519
Dual custody signatures
HMAC
Append-only chain
SHA-256
Evidence fingerprint
QR
Physical evidence tags
VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL
Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →
GET STARTED

Ready to deploy xWarden?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Enterprise SLA available
View Pricing →
📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/physicalcustody
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →
🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable deployment
  • Custom SLA + dedicated support
  • Professional services included
Request Quote →

Enterprise On-Premise Deployment

While xWarden is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

  • Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
  • Air-gapped environments — SCIF, classified networks, offline operations
  • Data residency requirements — EU GDPR, China data laws, government mandates
  • Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →

Other Requirements? Need white-label deployment or custom integration? Contact our enterprise team →

PRIVATE.ME · XWARDEN WHITE PAPER

© 2026 StandardClouds Inc. dba PRIVATE.ME. All rights reserved.

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xWarden generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF
Download proofs:

Verify proofs online →

Use Cases

🏛️
REGULATORY
FDA / SEC Submissions
Prove algorithm correctness for distributed systems without exposing trade secrets or IP.
Zero IP Exposure
🏦
FINANCIAL
Audit Without Access
External auditors verify secure operations without accessing source code or production systems.
FINRA / SOX Compliant
🛡️
DEFENSE
Classified Verification
Security clearance holders verify distributed systems correctness without clearance for source code.
CMMC / NIST Ready
🏢
ENTERPRISE
Procurement Due Diligence
Prove security + correctness during RFP evaluation without NDA or code escrow.
No NDA Required