Trust · CHTR-P1 Protocol

Conceptual Health Trust Root Protocol v1.

An open specification for healthcare-grade master-key custody. Three-of-five Shamir threshold across senior officers, hardware-attested WebAuthn for every share release, every lifecycle event chain-stamped to a public, append-only audit log. We publish it because integrity in all we do means the spec can be read, criticized, and adopted by anyone — including other healthcare networks who want to hold their trust root to the same bar.

Draft — implementation Phase 1A. The schema, attestation policy, and threat model below are committed and chain-stamped. Enrollment endpoints (Phase 1B) and grant-side WebAuthn verification (Phase 1C) are work-in-progress; the live CHTR ceremony console at corp/admin/chtr-ceremony.html currently runs an interim safety interlock (audit_logs seq #24724) that refuses production grants without a verified mfa_proof_id. This page becomes FINAL when Phase 1C closes and the interlock is replaced by full assertion verification.

1 · What CHTR-P1 protects

The master key, and everything it signs.

A single AES-256 root key (the master KEK) wraps every per-record encryption key on the Conceptual Health® network. The same root chain-signs every officer decision, every PHI access, every clinical attestation, every HCC/HCR mint. A single key, sealed behind threshold cryptography, with five senior-officer custodians and a 3-of-5 share release required to unseal.

If that master key is silently reconstructed, every downstream surface — audit chain, FHIR records, token settlement, compliance attestation — loses its trust anchor. CHTR-P1 is the protocol that says reconstruction never happens silently and never by a single compromised actor.

2 · Threat model

Three adversaries. One protocol.

External attacker. Outside the corporate perimeter. May achieve XSS against an officer's browser, phish credentials, run malware on an officer's laptop, intercept TLS via a state-level CA compromise. Defeated by: (a) hardware-bound WebAuthn — credential never leaves the secure element; (b) per-ceremony challenges with origin binding — phishing-proof; (c) cross-channel notification — malware on one device is visible on the other two.

Insider (compromised officer). A single custodian's session, key, and device all under adversary control. Defeated by the threshold — 1-of-5 is insufficient; the adversary must compromise three independent officers simultaneously. Each compromise is a chain-stamped event with cross-channel notification.

Coerced custodian. A custodian under physical or legal duress, forced to release their share. Defeated by the duress-release path — looks identical to a normal release but covertly alerts the security team and chain-stamps a separate alarm row. The ceremony's chain output is marked suspect; no key material flows.

Out of scope: a compromise of three or more custodians simultaneously by an attacker who also defeats the cross-channel notification on all three. At that threshold the protocol commits the breach to the chain — recovery happens through governance, not cryptography.

3 · The protocol, in writing

Five phases. Each chain-stamped. Each independently verifiable.

Phase A · Enrollment

A custodian binds a hardware credential.

The custodian's hardware authenticator (Yubikey, Apple Secure Enclave, Android StrongBox, TPM) runs a WebAuthn registration. The backend verifies attestation against the policy at backend/app/security/policies/chtr_attestation_policy.json, stores the credential in chtr_custodian_credentials, and chain-stamps the enrollment.

Phase B · Ceremony initiation

A senior officer (role ≥ 4) requests a ceremony.

The reason is recorded verbatim. A 5-minute cooling-off window begins — out-of-band notification reaches every custodian (email + SMS + push on independent devices). The ceremony row in chtr_ceremony_sessions chain-stamps itself.

Phase C · Challenge issuance

A custodian asks to release their share.

The backend issues a 32-random-byte challenge, stores it in chtr_webauthn_challenges with a 5-minute TTL, returns it bound to the ceremony ID + custodian ID. Single-use; consumption recorded with credential ID, IP, user-agent.

Phase D · Assertion + verification

The hardware authenticator signs the challenge.

The browser invokes navigator.credentials.get(); the custodian taps / biometric-confirms; the device returns a signed assertion. Backend verifies: signature valid, challenge matches, origin = corp.conceptualhealth.com, sign-count strictly increasing, credential is in the active set. Grant row in chtr_ceremony_share_grants chain-stamps itself.

Phase E · Quorum + proof bundle

3 grants → master key reconstructed → ceremony complete.

When 3 verified grants land, the backend reconstructs the master KEK in-memory, performs the ceremony's purpose (rotation / recovery / re-enrollment), wipes the KEK, and emits a portable cryptographic proof bundle (HMAC over all grants + assertions + chain rows). Any third party can verify the bundle offline against the chain head.

Phase F · Abort + duress

Senior officers can abort. Custodians can release under duress.

Abort closes the ceremony and chain-stamps the reason. Duress-release looks identical to a normal release on every public surface, but writes a separate covert-alarm chain row that triggers immediate CISO notification, ceremony abort, and out-of-band integrity review. The ceremony's chain output is marked suspect even if quorum was reached.

4 · Cryptographic primitives

Conservative choices. With an agility path.

Threshold · Shamir Secret Sharing, 3-of-5, GF(2²⁵⁶) field, polynomial degree 2.

Share wrap (Phase 2B work) · AES-256-GCM, key derived per-custodian from the WebAuthn public key via HKDF-SHA-512. DB read alone returns nothing without a matching device signature.

Audit chain · HMAC chain with per-row hash_algo dispatch — SHA3-512 forward (since sequence #24971, 2026-05-26), SHA-256 history preserved exactly as written. Crypto agility is a corporate principle, not a one-time fix — see the governance note at NOTES/2026-05-26-crypto-agility-governance.md.

Signature algorithms accepted on credentials · ES256 (P-256), EdDSA (Ed25519), RS256 (RSA-2048 SHA-256). Whitelisted in the policy file; CHECK constraint at the database level rejects anything else.

Hash for challenge bytes · 32 bytes from os.urandom (Linux kernel CSPRNG / RDRAND seeded). Stored as bytea; UNIQUE constraint at DB level.

5 · Attestation policy

Hardware-bound only. AAGUID whitelist. No exceptions.

The full policy lives as version-tracked JSON in the backend repo at backend/app/security/policies/chtr_attestation_policy.json. The headline rules:

Hardware-bound credentials only. backup_eligible = false enforced both in the verification path and as a database CHECK constraint. Synced passkeys (iCloud Keychain, Google Password Manager, 1Password, Bitwarden) are rejected at registration. The bar is: the secret key never leaves the secure element it was generated in.
FIDO Level 1 minimum, Level 2 preferred. L2 brings independent certification of the authenticator's resistance to physical extraction and side-channel attacks.
User verification required. Biometric or PIN, not just possession. userVerification: "required" on every assertion.
AAGUID whitelist. Initial list covers Yubikey 5 Series (incl. FIPS), Apple Passkey via Secure Enclave, Google Pixel Titan M2, Feitian ePass FIDO2. Additions require board approval and a chain-stamp before going live. Removals require 7-day advance notice to affected custodians.
Direct attestation conveyance. none rejected — caller could claim any AAGUID without proof. android-safetynet rejected — deprecated 2024.
Algorithm whitelist. ES256, EdDSA, RS256 only. Defined in DB CHECK constraint.

6 · Database schema

Five tables. Defense at every layer.

The chain of tables — each FK-linked, each with CHECK constraints that enforce policy at the row level:

chtr_custodian_shares — Shamir share ciphertext, share index 1–5, KEK generation, revocation. Existing.
chtr_custodian_credentials — WebAuthn credentials per custodian (multi-credential supported). Hardware-only DB-level CHECK. New (Phase 1A).
chtr_ceremony_sessions — initiation reason, purpose, cooling-off, expiry, KEK generation, status, chain-stamp columns. Existing.
chtr_webauthn_challenges — per-ceremony challenges, 5-min TTL (max 15 by CHECK), single-use. New (Phase 1A).
chtr_ceremony_share_grants — grant record per custodian per ceremony, mfa_factor, mfa_proof_id (challenge ID), duress flag, anomaly_flags. Existing.

Full DDL is at backend/migrations/chtr_p1a.sql (when committed in the same PR as this page).

7 · Governance of the whitelist

How the AAGUID list changes.

Adding an AAGUID. Pull request against chtr_attestation_policy.json with: (a) the authenticator model + manufacturer; (b) FIDO certification level + valid-from date; (c) FIPS status if applicable; (d) any known caveats. Board approval required. Merge triggers a chain-stamped compliance_self_attestation event with the new policy JSON hash. New credentials accepted under the new AAGUID starting the next minute.

Removing an AAGUID. 7-day advance notice to affected custodians via the cross-channel notification path. After 7 days, new enrollments blocked; existing credentials at that AAGUID flagged for re-enrollment with a deadline. Chain-stamped at every step. Emergency removals (active CVE) bypass the 7-day window but require sub-1-hour board sign-off.

Anyone can audit. The policy file is in the public repo; every change is in git log; every change is chain-stamped; every credential's AAGUID is queryable against the policy at any time.

8 · Standards alignment

Where CHTR-P1 sits in the regulatory landscape.

NIST SP 800-63B AAL3 — Authenticator Assurance Level 3. CHTR-P1 exceeds AAL3 on every requirement (hardware-bound, attestation-verified, user-verification-required, replay-protected).
FIPS 140-3 — for FIPS-certified authenticators (Yubikey 5 FIPS). The AAGUID whitelist marks these explicitly.
FIDO L2 — preferred certification level. The whitelist marks L1 vs L2 per AAGUID.
HIPAA Security Rule §164.308(a)(1)(ii) — administrative safeguards. The CHTR protocol satisfies the requirement for "appropriate access controls" on the system-of-record encryption root.
HIPAA Security Rule §164.312(a)(2)(iv) — encryption / decryption. The master KEK never exists outside the threshold-reconstruction window of an active ceremony.
21 CFR Part 11 §11.10(g) — electronic signatures. The grant assertion (signed by the custodian's hardware key) is an electronic signature meeting the §11.50 requirements.

9 · Reference implementation + license

Read it, run it, fork it.

The CHTR-P1 reference implementation is the production code at github.com/ConceptualHC/WebOrb — specifically backend/app/routes/chtr.py, backend/app/security/audit_logger.py, backend/app/security/policies/chtr_attestation_policy.json, and the database schema. We commit to publishing the implementation in lockstep with the spec — when this page moves from DRAFT to FINAL, the code that fulfills it is already in main.

License. Implementation: Apache License 2.0 (with patent grant). Spec: CC BY-SA 4.0. Other healthcare networks are explicitly welcome to adopt CHTR-P1; the patent non-assertion covenant at /legal/patent-pledge/ covers under-served care and includes any implementation of an open spec we author.

10 · Out of scope

What CHTR-P1 does not pretend to solve.

Key escrow for legal compulsion. CHTR-P1 does not provide a back door for law enforcement, regulatory production orders, or any other lawful-access pathway. The master key is reconstructed only by the corporation's own threshold custodians via the live ceremony protocol. A subpoena to Conceptual Healthcare Corporation can only compel the corporation to execute the ceremony itself if there is a lawful basis to do so — and any such ceremony is chain-stamped publicly.

Quantum-resistant signatures. The accepted public-key algorithms (ES256, EdDSA, RS256) are classical. A post-quantum migration path follows the same crypto-agility pattern as the SHA-3 migration: per-row public_key_alg column allows mixed-era credentials; CRYSTALS-Dilithium / SLH-DSA addition is a future policy_id version bump.

Side-channel resistance of host hardware. CHTR-P1 trusts the authenticator's secure element; we do not solve laptops with cold-boot vulnerabilities, dirty RAM, or compromised microcode. Custodian devices are subject to a separate physical-security policy.

11 · Contribute

How to make this protocol better.

Issues, pull requests, security disclosures, and adoption-by-another-network reports are all welcome at:

Spec / implementation issues: github.com/ConceptualHC/WebOrb
Security disclosure: security@conceptualhealth.com (PGP key on the bug-mining program page) — eligible for HCC bounty per the program tier table
AAGUID whitelist additions: open a PR against chtr_attestation_policy.json with the rationale section filled in
Adopt + implement at your network: we'd love to hear about it at counsel@conceptualhealth.com

Version

v1.0-draft · 2026-05-26

This page is chain-anchored when it goes to FINAL — the SHA-256 of the canonical text will be written to the public audit chain so any future revision is visible. Until FINAL, the rough edges are part of the publication. Integrity In All We Do℠.