]> JIS: JTel Identity Standard Humotica
Den Dolder Netherlands jasper@humotica.com https://humotica.com
Humotica
root_ai@humotica.nl https://humotica.com
Security Internet Engineering Task Force identity intent semantic security AI governance trust This document specifies JIS (JTel Identity Standard), a semantic security protocol providing identity management, trust establishment, and intent validation across multiple communication protocols. Unlike traditional security systems that react to attack patterns, JIS validates semantic intent before execution. JIS introduces FIR/A (First Initiation Revoke/Accept) for trust genesis, SNAFT for semantic firewall, BALANS for risk scoring, and Humotica for human-readable context. JIS integrates with TIBET for complete provenance tracking where audit is a precondition for behavior, not an observation of it.
Introduction
Problem Statement Modern computing suffers from three fundamental challenges, made urgent by emerging regulations including and :
  1. Protocol Fragmentation: N protocols require N-squared bridges
  2. Reactive Security: Firewalls block attacks after seeing patterns
  3. Context Blindness: Systems know what is requested but not why
The JIS Solution JIS addresses these challenges through:
  1. Intent-First Architecture: N protocols need only N adapters
  2. Proactive Security: Semantic validation before execution
  3. Humotica Context: Every request includes human-understandable reasoning
Design Principles JIS is designed to be:
  • Protocol Agnostic: Works over HTTP, MQTT, SIP, WebSocket, etc.
  • Privacy First: HID never leaves the device; only DID transmitted
  • Zero Trust: Every request validated through semantic intent
  • Human Empathy: Context enables understanding of urgency and frustration
Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .
BALANS
Behavioral Analysis and Legitimacy Assessment Network Scoring. Risk scoring system (0.0 = blocked, 1.0 = full trust).
Continuity Chain
HMAC-linked sequence of tokens providing tamper-proof audit trail.
DID (Device Identity)
Ed25519 key pair for device authentication.
FIR/A (First Initiation Revoke/Accept)
Trust genesis protocol establishing secure relationships.
HID (Human Identity)
X25519 key pair for human-device binding. MUST never be transmitted.
Humotica
Human-readable context layer capturing sense, context, intent, and explanation for every transaction.
NIR (Notify, Identify, Rectify)
Dialogue-based security resolution protocol.
SNAFT (Semantic Network Analysis Firewall Tool)
Proactive semantic firewall that validates intent legitimacy.
Identity Layer
HID (Human Identity) HID is an X25519 key pair for human-device binding. CRITICAL: HID MUST NEVER leave the device. Only the binding hash with DID is shared. The private_key field is shown for completeness but MUST NEVER be transmitted.
DID (Device Identity) DID is an Ed25519 key pair for device authentication. The public key is shared during FIR/A establishment. The private key MUST remain on the device.
DID URI Format JIS defines a URI format for device identifiers:
  • did:jtel:identifier - Human ID
  • did:robot:identifier - Device/Robot ID
  • did:service:identifier - Service ID
Examples: did:jtel:jasper_2025, did:robot:warehouse_bot_007, did:service:bank_fraud_dept
Trust Layer (FIR/A)
FIR/A Protocol FIR/A (First Initiation Revoke/Accept) is the trust genesis protocol - the digital handshake. Phase 1 - INITIATE: The initiator sends a request: Phase 2 - CAPABILITIES: The responder returns capabilities: Phase 3 - CONFIRM: The initiator accepts capabilities: Phase 4 - EXECUTE: Both parties now have an established trust relationship. All subsequent actions are linked to this FIR/A.
Trust Establishment Flow
FIR/A Protocol Flow | | | | 2. FIR/A CAPABILITIES | | (Rules + Available Actions) | |<----------------------------------------| | | | 3. FIR/A CONFIRM | | (Accepted + Genesis Hash) | |---------------------------------------->| | | | [Trust Established] | | | ]]>
Security Layer
SNAFT (Semantic Network Analysis Firewall Tool) SNAFT provides proactive security through semantic intent analysis. Blocked Intents (no legitimate Humotica context possible):
  • sql_injection
  • command_injection
  • crypto_mining (unauthorized)
  • gpu_hijack
  • shell_company_payment
Validation Rules:
  1. Intent Blocklist: Check if intent in BLOCKED_INTENTS
  2. Humotica Required: Explanation MUST be at least 50 characters
  3. Intent-Explanation Coherence: Semantic match required
Why Malware Fails: Malware cannot provide legitimate Humotica context. "Why are you running SQL injection?" has no valid answer.
BALANS (Risk Assessment) BALANS provides risk scoring from 0.0 (blocked) to 1.0 (full trust). Factors:
  • complexity_factor: Complex operations = riskier
  • humotica_quality: Short/vague explanation = riskier
  • user_trust_history: New user = lower score
  • transaction_size: Large amounts = riskier
  • time_anomaly: Unusual hours = riskier
Thresholds:
  • score at least 0.5: ALLOW
  • score at least 0.3: TRIGGER_NIR (start dialogue)
  • score below 0.3: BLOCK
NIR (Notify, Identify, Rectify) Dialogue-based security resolution instead of blind blocking:
  1. Notify: "A call from your VERIFIED Bank was flagged as unusual"
  2. Identify: "Confirm with fingerprint to proceed"
  3. Rectify: User verifies, action proceeds
HICSS (Emergency Halt) HICSS (HALT Immediate Critical System Stop) provides emergency halt for threshold violations. Triggers: Physical safety risks, security breach detection, critical system threshold violation. Action: Immediate system halt, no gradual degradation.
Context Layer (Humotica) Humotica provides human-readable context for every transaction. The Humotica context enables systems to understand human emotional state and respond appropriately. For example, detecting user frustration from repeated failed attempts and prioritizing resolution.
Audit Layer (Continuity Chain) HMAC-linked token chain for tamper-proof audit trail: Token_1 -> Token_2 -> Token_3 -> ... ]]> Tamper Detection: Attempting to inject a fake token breaks the HMAC chain and is immediately detectable. Advantages over Blockchain:
  • 99.9% less energy consumption
  • Instant verification
  • No consensus required
  • Privacy preserved (only hashes shared)
TIBET Integration JIS integrates with TIBET (Transaction/Interaction-Based Evidence Trail) for complete provenance tracking. See .
Audit as Precondition, Not Observation The JIS/TIBET coupling represents a fundamental architectural shift: Traditional approach: [Action] -> [Logging] (who) (what) (why - reconstructed) ]]> JIS/TIBET approach: [SNAFT] -> [Action+Audit] (who + why) (check) (inseparable) ]]> In traditional systems, audit is an observation of behavior that already occurred. Logs can fail, be bypassed, or be deleted. Intent must be reconstructed after the fact - "compliance archaeology". In JIS/TIBET systems, audit is a precondition for behavior. No action is architecturally possible without both identity AND intent declared upfront. The audit trail is not a side effect; it is the mechanism that enables the action. The Three Laws:
  1. No action without intent - Architecturally impossible to bypass
  2. No intent without identity - Anonymous actions cannot exist
  3. No deletion after the fact - Cryptographic immutability
Formal Coupling Definition Action(A) is valid if and only if there exists Token(T) where:
  • T.jis_identity is not null AND
  • T.intent_id is not null AND
  • SNAFT.validate(T.intent_id, A) = true AND
  • T.jis_identity.trust_score at least threshold(A)
Humotica to TIBET Mapping
  • Humotica.sense maps to TIBET.erin
  • Humotica.context maps to TIBET.eromheen
  • Humotica.intent maps to TIBET.erin.intent
  • Humotica.explanation maps to TIBET.erachter
Protocol Bindings JIS works over multiple transport protocols:
Protocol Binding Method
HTTP/RESTX-JIS-* headers or Authorization
WebSocketPayload fields in JSON messages
MQTTTopic prefix + payload fields
SIPCustom headers in INVITE/MESSAGE
MatrixEvent content fields
Email/SMTPX-JIS-* headers
CoAPOption fields
gRPCMetadata fields
WebRTCSignaling channel
BluetoothCharacteristic values
For interoperability, encoding over HTTPS is RECOMMENDED as the baseline binding. HTTP Headers:
  • X-JIS-DID: Device identity URI
  • X-JIS-FIR-A-ID: FIR/A session identifier
  • X-JIS-Intent: Declared intent
  • X-JIS-Continuity-Hash: Current chain hash
  • X-JIS-Trust-Score: BALANS score (0.0-1.0)
Security Considerations
Identity Protection HID (Human Identity) MUST NEVER be transmitted. Only DID and HID-DID binding hashes are shared. This ensures human identity remains private even if device is compromised.
Semantic Security SNAFT validates intent legitimacy BEFORE execution. Attackers must provide legitimate Humotica context - impossible for malicious actions.
Chain Integrity The Continuity Chain uses HMAC linking. Any tampering breaks the chain and is immediately detectable.
Replay Protection Actions are time-bound through FIR/A session and continuity chain position. Replayed tokens fail validation.
Privacy Humotica context MAY contain sensitive information. Implementations MUST support encryption at rest and SHOULD support field-level encryption.
IANA Considerations This document requests registration of:
Media Type Registration Media Type: application/jis+json
HTTP Header Fields
  • X-JIS-DID
  • X-JIS-FIR-A-ID
  • X-JIS-Intent
  • X-JIS-Continuity-Hash
  • X-JIS-Trust-Score
URI Scheme URI Scheme: did:jtel
References Normative References Key words for use in RFCs to Indicate Requirement Levels The JavaScript Object Notation (JSON) Data Interchange Format TIBET: Transaction/Interaction-Based Evidence Trail Informative References Regulation on harmonised rules on AI European Commission General Data Protection Regulation European Parliament JIS: JTel Identity Standard v1.0 The JIS/TIBET Coupling: Audit as Precondition
Complete Flow Example
Bank Fraud Verification Scenario
  1. Bank detects suspicious transaction
  2. Bank initiates FIR/A with customer
  3. Customer device responds with capabilities
  4. Bank confirms and establishes trust
  5. Bank creates TIBET token for the call
  6. Call proceeds with full audit trail
Conformance Levels
JIS Basic Minimum implementation: FIR/A trust establishment and Continuity Chain.
JIS Secure Basic plus: SNAFT semantic firewall and BALANS risk scoring.
JIS Complete Secure plus: NIR dialogue resolution, HICSS emergency halt, full Humotica context, and TIBET integration.
Acknowledgements JIS was developed as part of HumoticaOS, an AI governance framework built on human-AI symbiosis. The core insight - "Audit is not an observation of behavior, it is a precondition for behavior" - emerged from the JIS/TIBET coupling architecture . The full JIS specification is available at .