← Passports
asserro  /  technology

Trust you can check yourself.

The proof lives on a public chain, not in our database. asserro can disappear and your passport still verifies. Here's exactly how.

Polygon PoSERC-5192 soulboundZero-PII off-chainGasless · wallet-optional

The architecture

Four parts, one trust root. Your device builds the data (with AI); the public chain anchors the proof; our zero-PII store holds the detail; anyone's device verifies it.

Maker / brand device Polygon PoS · public · verifiable asserro off-chain · zero-PII Anyone's device Maker console Enrol product passport data · QR AI build & validate collect · structure · check Sign (EIP-712) gasless · wallet-optional passkey/email → smart account + paymaster 3 asserro contracts AsserroProductIdentity ERC-721 · ERC-5192 soulbound AsserroOwnership transferable · resale / warranty AsserroAnchor salted hash + lifecycle events UUPS upgradeable → freeze admin = Safe multisig + timelock Zero-PII data layer Encrypted store + IPFS passport data & media GS1 Digital Link resolver QR → role-gated passport AI / LLM knowledge regulatory corpus · self-updating never PII on-chain · GDPR erasure = delete off-chain + salt Verifier Consumer Customs Recycler scan the QR recompute the hash self-verify ✓ no trust in asserro trust boundary — your device ↔ the public chain signed tx anchor hash + events resolve recompute & verify against the on-chain hash Trust root = the public chain. asserro's servers can disappear and a passport still verifies via the on-chain hash + a public RPC.

How it actually works

The trust model

We only ever write a salted cryptographic hash + key events to the chain — never your data, never personal data, not even encrypted. The data lives off-chain (encrypted store + IPFS). To verify, anyone recomputes the hash from the passport and checks it against the chain. You don't have to trust asserro — you, a customs officer or a recycler can prove integrity independently, forever.

GDPR by design

Because no personal data is on-chain, the right to erasure is honoured by deleting the off-chain record and its salt — which makes the on-chain hash permanently unlinkable (the EDPB-blessed pattern).

The blockchain elements

Two token contracts plus a registry, on Polygon PoS:

  • Identity — soulbound (ERC-5192): the product's tamper-proof identity, can't be sold or stolen apart from the item.
  • Ownership — transferable: moves on each sale/resale, carries warranty.
  • Anchor — the salted-hash + lifecycle-event registry that powers verification.

Contracts are upgradeable now, lockable later (UUPS → freezeUpgrades), admin is a Safe multisig + timelock, and the maker UX is gasless and wallet-optional (account-abstraction smart accounts behind a passkey + a paymaster) so brands and consumers never touch crypto.

The AI layer

Compliance is mostly a data problem, and that's where cost hides. asserro uses localised, controlled AI to collect, structure and validate passport data from your documents, suppliers and systems — flagging gaps before they're non-compliance — the same approach proven in TenzaOne's AI carbon-credit certification. A controlled LLM holds the full regulatory corpus and updates itself as delegated acts land, so guidance stays current and the data work is automated, not manual.

Standards, not a silo

asserro is the verification + anti-counterfeit layer on top of the mandated data layer, not a proprietary replacement:

GS1 Digital LinkEPCIS 2.0W3C Verifiable CredentialsDIDCIRPASS-2DIN DKE SPEC 99100

A compliance-only mode works with the chain switched off — so no buyer is ever forced to touch crypto to be compliant. The chain is the opt-in trust upgrade.

asserro

Verify it yourself.

Open the console ↗ Request access