10 independent system-level claims with 38 dependent claims covering the complete JIL Sovereign infrastructure stack. Each independent claim protects a novel combination of techniques that no prior system implements together. Dependent claims protect specific sub-innovations within each system.
| Field | Detail |
|---|---|
| Title of Invention | Systems and Methods for Self-Custody Institutional Digital Asset Settlement with Integrated Protection Coverage, Multi-Jurisdictional Sovereign Compliance Network (SCN) Validator Consensus, Entity-Level Adversarial Trade Detection, Compliance-Gated Token Deployment, Self-Healing Smart Contract Lifecycle Management, Autonomous Fleet Monitoring, and Predictive Liquidity Management |
| Applicant/Assignee | JIL Sovereign Holdings, LLC (Wyoming) |
| Correspondence Address | 661 East Main Street, Suite 200-245, Midlothian, TX 76065 |
| Filing Type | Provisional Patent Application under 35 U.S.C. §111(b) |
| Priority Date | February 1, 2026 |
| Number of Claims | 84 Claims (37 Independent, 88 Dependent) - claims 1-48 filed 2026-02; claims 49-53 filed 2026-04; claims 54-75 filing 2026-05 |
| Deadline | Non-provisional or PCT filing required by February 1, 2027 |
Each independent claim protects a novel combination of techniques. Dependent claims protect specific sub-innovations within each system. Individual components (MPC, BFT, LSTM, ZK proofs, hash chains, language-model invocation) exist in prior art. What is patentable is the specific integration that no existing system implements.
Claims A-J (1-48) cover the original 2026-02 filing scope (MPC custody, validator bridge, fleet security, anti-whale, compliance, smart contracts, predictive finance). Claims 49-53 (filed 2026-04) cover affinity-partitioned BFT settlement, non-custodial pre-clearance, parent-inherited quorum attestation, deterministic time-rotated docs access, and civil-admissible verdict records. Claims 54-75 (this filing batch, 2026-05) cover the multi-vertical compliance attestation kernel, agentic AI escalation, court-ready evidence bundle replay, vertical-LOB checks, and the Money Passport credential bundle.
MPC 2-of-3 threshold signing where the user holds the primary shard, combined with automatic coverage payout triggered by SCN validator consensus -- no manual claims.
14-of-20 BFT SCN validators across 13+ legal jurisdictions with zone-partitioned P2P settlement and fail-closed compliance gates.
7-gate bootstrap requiring code integrity before identity verification, plus dual-policy fleet remediation that overrides quorum for security threats.
Entity-level toxicity scoring across 5 behavioral dimensions with sybil cluster detection and retroactive score attribution defeating clean-wallet evasion.
Ledger-level compliance with ATCE anti-concentration controls, plus KYB-gated token factory embedding immutable compliance rules in every transfer.
Complete on-chain self-healing lifecycle: detect anomaly, auto-pause, propose fix, auto-approve known patterns or vote on novel ones, timelock, execute, resume.
AI fleet inspector with fail-open heartbeat telemetry, stateful observation windows with security exception override, and trend-aware composite threat scoring.
LSTM-driven liquidity forecasting with tax-optimized position selection, gradual TWAP execution with volatility-aware scheduling, and self-correcting allocation rebalancing.
Full technical deep-dives for each patented innovation, with architecture diagrams, competitive analysis, and implementation specifications.
MPC threshold signing with integrated protection coverage and cross-jurisdictional shard distribution
Epoch-based key rotation from classical to quantum-resistant algorithms
User-controlled primary shard with integrated protection coverage
Zone-based compliance evaluation at the verification layer
Zone-authorized P2P settlement with fail-closed compliance gates
SCN Validator-attested automatic protection coverage payouts
Integrity-first 7-gate ordered bootstrap protocol
SHA-256 integrity verification against centrally pinned manifests
24-hour consensus tokens with mandatory daily re-verification
Verifiable random function-based transaction ordering
Quorum-protected remediation with security exception override
Institutional trust proofs with SCN validator attestation
Multi-provider custody with competitive bidding
Per-rule per-node trigger counters with security exception override
Atomic multi-chain governance execution
Guardian-based key recovery with protection coverage integration
Zone-specific data sovereignty and event routing
Union-find wallet correlation with four-signal detection
Declarative DSL for immutable transfer logic
Graduated restrictions based on composite toxicity scores
14-of-20 SCN validator bridge with cryptographic state proofs
Portfolio margin and cross-collateralization for on-chain trading
Automatic custody provider failover with consensus verification
SCN Validator-consensus rollback of failed governance actions
Live cryptographic algorithm upgrade without service interruption
Zero-knowledge proofs for compliance without data exposure
Autonomous SCN validator monitoring with quorum-protected remediation
Per-transfer fee enforcement and compliance rules embedded in token contracts
SCN Validator-minted wrapper tokens with multi-sig authority
Noise-resistant market regime detection with asymmetric thresholds
Verifiable random function for fair order execution
Multi-round price convergence for illiquid assets
Five-dimensional behavioral scoring with sybil cluster detection
End-to-end request tracing through multi-gate SCN validator bootstrap
Union-find cluster detection with retroactive score attribution
Multi-factor lane selection with fee differentiation
Existing MPC custody platforms (Fireblocks, ZenGo, Coinbase) distribute key shares but retain operational control: the platform can freeze assets, the user cannot transact without platform cooperation, and loss coverage requires separate insurance policies with manual claims taking weeks to months. No system combines user-primary signing with automatic coverage payout.
Three elements combined for the first time: (1) User-primary shard model -- the user holds Shard A on their device (biometric/TEE secured), the platform holds Shard B in an HSM in a different jurisdiction, Shard C is in cold storage in a third jurisdiction. The user's shard is required for every transaction -- the platform cannot sign alone. (2) Protocol-embedded coverage payout -- when 14-of-20 SCN validators attest to a qualifying loss event, coverage payout executes automatically through consensus with no manual claims filing. (3) Cross-jurisdictional shard distribution -- no single legal system can compel access to 2-of-3 shards.
Market gap: Institutional investors require both self-custody (regulatory trend post-FTX) and loss protection (fiduciary requirement). Today these are mutually exclusive -- you either surrender keys for custody insurance, or self-custody with zero protection.
Revenue model: 100 bps/year on AUM for Premium tier ($250K+ coverage), creating recurring revenue scaled to assets under management. At $1B AUM, this generates $10M/year in coverage premium revenue alone.
Competitive moat: Patent prevents competitors from offering the same user-primary + auto-coverage combination. Any competitor must either require platform-primary signing (inferior UX) or offer coverage as a separate product (inferior integration).
Cross-chain bridges are the highest-value attack surface in blockchain: Ronin ($625M, 5-of-9 where one entity controlled 5 keys), Wormhole ($320M), Nomad ($190M). Common failures: insufficient SCN validator diversity, no jurisdictional distribution, no compliance-zone partitioning, fail-open compliance.
Three novel elements: (1) Regulatory jurisdiction diversity as a consensus requirement -- 14-of-20 BFT threshold distributed across 13+ independent legal jurisdictions (CH/FINMA, US/FinCEN, SG/MAS, GB/FCA, DE/BaFin, JP/JFSA, AE/FSRA, EU/ESMA, BR/CVM). No single regulator can compel a majority. (2) Zone-authorized settlement partitioning -- each SCN validator subscribes only to settlement topics for its authorized compliance zones. A DE_BAFIN SCN validator cannot process SG_MAS settlements. (3) Fail-closed compliance gates -- when the compliance service is unreachable, settlement messages are REJECTED, not approved.
Market gap: Institutional bridge users (exchanges, funds, custodians) require regulatory compliance and cannot use bridges where a single jurisdiction could compel key compromise. The $2T+ cross-chain market has no bridge meeting institutional compliance requirements.
Revenue model: 35-90 bps settlement fee per event ($1 floor) on all bridged volume. At $100M daily bridged volume, this generates $127.75M-$328.5M/year in settlement fees.
Competitive moat: Replicating the 13-jurisdiction SCN validator network requires establishing legal entities, regulatory relationships, and SCN validator infrastructure across 13 countries. The patent protects the specific zone-authorized settlement architecture that makes this viable.
Existing SCN validator bootstrap protocols (Kubernetes node join, AWS SSM, Tendermint) verify identity before verifying code integrity. This allows a node running tampered software to authenticate successfully and participate in consensus with compromised code.
A 7-gate ordered bootstrap protocol where code integrity verification (Gate 3: image digest matching against pinned manifest) is a mandatory prerequisite before identity verification (Gate 4: 5-key-type challenge-response) can begin. Combined with 24-hour consensus authorization tokens (Gate 5) forcing daily re-verification of both integrity and identity. A node with tampered images cannot even attempt authentication.
Security value: Prevents supply-chain attacks where a compromised node binary authenticates and joins consensus. In a $1B+ bridge network, a single compromised SCN validator could enable theft of bridged assets.
Defensive patent: Prevents competitors from claiming this specific protocol ordering. Forces alternative bootstrap designs that are inherently less secure (identity-first leaves a window where compromised code can participate).
Automated remediation systems face a fundamental tension: acting on threats risks cascading failures (taking too many nodes offline), while not acting risks undetected compromise. All existing systems use a single policy -- either always respect availability (missing security threats) or always prioritize security (risking availability cascades).
A dual-policy remediation model: (1) For operational issues (container down, performance degradation), auto-remediation is permitted ONLY IF the action would not reduce healthy nodes below quorum minimum: max(7, ceil(total * 0.70)). (2) For cryptographic integrity violations (image digest mismatch = possible tampering), auto-remediation overrides quorum protection and executes immediately. A compromised node inside the network is a greater threat than the availability cost of removing it.
Operational value: Reduces incident response time from hours (human-in-the-loop) to seconds (autonomous) for 80% of fleet issues while preventing cascading failures that would take the entire network offline.
Security value: Image tampering (supply-chain attack) triggers immediate node isolation regardless of quorum impact. This is critical for a network securing $1B+ in bridged assets -- a tampered SCN validator could sign fraudulent withdrawals.
DEX liquidity providers lose billions annually to adversarial traders who extract value through informational advantages, coordinated manipulation, and sybil attacks. All existing protections (per-wallet rate limits, MEV protection, sandwich detection) operate at the wallet level and are trivially defeated by creating new wallets. No system evaluates traders at the entity level or detects correlated wallets as a single actor.
Three novel elements: (1) Five-dimensional entity-level toxicity scoring computed over a 7-day rolling window: edge extraction vs. mid-market (30% weight), win rate excess (20%), one-way flow ratio (20%), inventory skew trend (15%), and LP spread capture (15%). (2) Four-signal sybil cluster detection: temporal correlation (synchronized submissions), directional correlation, funding chain analysis, and behavioral fingerprinting. Identified clusters are treated as a single entity. (3) Retroactive cluster attribution: when a new wallet is linked to an existing cluster, all historical trades are reassigned and the entity score is recalculated with merged data -- defeating "clean wallet" evasion instantly.
LP protection: Liquidity providers on Uniswap and other DEXs lose an estimated 20-50% of their fee income to toxic flow. Entity-level detection prevents the majority of adversarial extraction, making LP positions significantly more profitable and attracting deeper liquidity.
Whale defense: Prevents coordinated pump-and-dump schemes where multiple wallets controlled by the same entity accumulate positions, pump the price, then dump. Sybil detection treats the entire cluster as one actor, enforcing aggregate position limits and toxicity scoring.
Competitive moat: The retroactive attribution mechanism is technically difficult to replicate and creates an ever-improving detection capability -- the longer the system runs, the larger its cluster graph and the harder evasion becomes.
Compliance in digital assets is typically bolted-on via external services that can be bypassed, disabled, or fail-open. Token vesting schedules prevent immediate selling but enforcement is contractual (not technical) -- a holder can violate terms and face only legal consequences after the fact.
(1) Compliance as a mandatory transaction gate -- every transaction passes through an 8-check pipeline (sanctions, jurisdiction, asset, corridor, velocity, amount, zone, ATCE). If unreachable, the transaction is REJECTED (fail-closed). (2) 10 zone-specific compliance configurations (CH/FINMA, US/FinCEN, SG/MAS, etc.) with distinct limits, sanctions lists, and corridor rules. (3) ATCE (Anti-Token Concentration Exploitation): after a vesting unlock, a daily sell limit (10% of unlocked amount per day) is technically enforced for 30 days, preventing large holders from dumping their entire position immediately.
Regulatory requirement: MiCA (EU), MAS (Singapore), and other regulatory frameworks increasingly require transaction-level compliance evaluation. Platforms without ledger-level compliance face regulatory exclusion from key markets.
Token price stability: ATCE prevents the "vesting cliff dump" pattern that destroys token value. For JIL's $10B token supply, uncontrolled vesting dumps could crater price 30-50% in a single day. ATCE limits this to ~3% daily maximum impact.
Token creation on existing platforms (ERC-20, SPL) is permissionless: anyone can deploy with no identity verification and no mandatory compliance rules. Compliance is bolted-on via external contracts that can be bypassed. Fraudulent tokens (rug pulls, unregistered securities) cannot be recalled once circulating.
(1) KYB-gated deployment -- token creation requires verified Know Your Business credentials. No anonymous entity can create a token. (2) Immutable compliance in every transfer -- five rules set at creation and enforced inside do_transfer() on every call: zone restrictions, transferability flag, humanity fee (basis-point deduction routed to designated pool), account freezing, and certification ID. These cannot be disabled or upgraded away. (3) Cooldown activation -- tokens enter Pending state for 24 hours (1 hour fast-track for certified issuers) before becoming Active, preventing immediate post-deployment pump-and-dump.
Fraud prevention: Eliminates rug pulls at the deployment layer. In 2023, crypto rug pulls caused $2.6B in losses. KYB-gated deployment with cooldown activation prevents the entire attack class.
Revenue model: Humanity fee (configurable per token, default 10 bps) on every transfer creates a continuous social impact revenue stream. At $1B daily transfer volume across all JIL20 tokens, this generates $365K/year per basis point.
Regulatory advantage: Tokens launched on JIL are born compliant -- zone restrictions, KYB verification, and transfer-level rules are embedded from day one, satisfying MiCA tokenization requirements without additional infrastructure.
Smart contract vulnerabilities cause catastrophic losses ($3.8B in 2022). Current response is fragmented: Forta detects, Pausable pauses, proxies upgrade, Governor votes. No system manages the complete lifecycle -- detect, pause, diagnose, fix, approve, execute, resume -- through coordinated on-chain contracts with a unified state machine.
A complete on-chain healing lifecycle through two coordinated contracts: (1) On-chain anomaly registry with 6-state machine (NOT_ENROLLED → ACTIVE → MONITORING → EMERGENCY_PAUSED → HEALING → RECOVERED) and 8 anomaly types. Four critical types (reentrancy, flash loan, oracle manipulation, invariant violation) trigger automatic emergency pause without human intervention. Gas baseline monitoring with 1.5x threshold triggers alerts. (2) On-chain fix governance with 7 vulnerability classes and pre-validated fix templates. Known patterns (reentrancy guard, safe math, access control) are auto-approved without voting. Novel patterns require 3+ voter approvals, 24-hour voting period, 1-hour timelock, then execution. Admin veto provides emergency override.
Asset protection: Reduces exploit response time from hours/days (manual Forta alert → human review → governance proposal → timelock → fix) to seconds (auto-detect → auto-pause → auto-approve known fix → timelock → execute). In the 2022 Euler Finance hack ($197M), the exploit window was 3+ hours. Auto-pause would have limited losses to the first transaction.
Insurance qualification: On-chain self-healing with auditable state transitions satisfies the "automated risk mitigation" requirement increasingly demanded by crypto insurance underwriters. Platforms with provable self-healing qualify for 40-60% lower premiums.
Developer ecosystem: Template-based auto-approval for known patterns (reentrancy, overflow, access control) means that 70%+ of vulnerabilities are fixed in minutes, not days. This makes building on JIL significantly safer than any competing L1.
Distributed SCN validator networks require monitoring across multiple dimensions (consensus, settlement, containers, disk, memory, message queues, crypto integrity). Existing tools collect metrics but don't remediate. Existing remediation tools trigger on single thresholds without composite scoring. No system combines fail-open telemetry, transient-issue filtering, and trend-aware scoring.
Four novel elements: (1) Fail-open heartbeat telemetry -- 5 independent metric collectors (RedPanda, settlement, system, consensus, security) each with isolated 3-second timeouts. If any collector fails, it returns fallback values without blocking others. The heartbeat always publishes, even if all 5 collectors timeout. (2) Stateful observation windows -- per-rule, per-node trigger counters persist across 60-second inspection cycles. A rule must trigger on 3 consecutive cycles (~3 minutes sustained) before firing. Exception: SEC_DIGEST_MISMATCH (image tampering) fires immediately. (3) Majority-consensus fleet baselines -- fleet "normal" is computed from the statistical mode of all node values (version, config hash, throughput). Individual nodes are evaluated for drift against these dynamic baselines. (4) Trend-aware composite scoring -- confidence-weighted threat accumulation with 1.2x health penalty multiplier and delta-based momentum detection (spike/rising/falling/stable).
Operational cost reduction: Autonomous remediation handles 80%+ of fleet issues without human intervention, reducing on-call engineering costs by an estimated $200K-$500K/year for a 20-SCN validator network.
Uptime guarantee: Observation windows prevent false-positive remediation (which itself causes outages). The 3-cycle requirement means transient network blips don't trigger unnecessary restarts. Security exceptions ensure real threats are addressed immediately.
Trend-based preemption: Delta-based scoring detects degradation trends before they reach critical thresholds. A node with "rising" threat trajectory can be proactively cycled before it fails catastrophically. This shifts the operational model from reactive firefighting to predictive maintenance.
Digital asset holders frequently need fiat liquidity (payroll, rent, margin calls, taxes) but cannot predict needs until urgent, forcing emergency liquidations at unfavorable prices during high volatility. Liquidation is executed without tax awareness, resulting in unnecessary capital gains when loss positions could be sold first or when borrowing would be cheaper than selling.
Four elements in an integrated pipeline: (1) LSTM-based liquidity prediction -- 2-layer LSTM (64 hidden units, 20% dropout) trained on 30 days of per-user on-chain history (10 features including volume, volatility, holder count) produces 7-day forecasts with 95% confidence intervals. Auto-detects recurring obligations from transaction regularity. (2) Tax-optimized position selection -- evaluates every portfolio position across 4 tax strategies: tax-loss harvesting (sell losses first for deductions), long-term capital gains deferral, holding period awareness (defer if 2 weeks from crossing 12-month threshold), borrow-vs-sell analysis (compare 4% APR borrow cost vs. 24% capital gains tax). (3) Gradual TWAP execution -- spreads liquidation over 3-5 days with volatility-aware scheduling that pauses during market stress and MEV-protected routing. (4) Self-correcting rebalancing -- compares predicted vs. actual needs, adjusting allocation limits proportionally with tier-based constraints and daily change caps.
Tax savings: For a $10M portfolio, tax-optimized liquidation (selling loss positions first, deferring short-term gains, borrowing when cheaper) can save $200K-$500K annually in tax liability compared to naive FIFO selling. This is a quantifiable, measurable benefit that drives institutional adoption.
Slippage reduction: Gradual TWAP execution over 3-5 days reduces market impact by 60-80% compared to single large sells. For a $1M liquidation in a $50M liquidity pool, single-sell slippage is ~200 bps ($20K); TWAP reduces this to ~40 bps ($4K).
Premium feature revenue: Predictive liquidity management is a premium feature for institutional and high-net-worth users. At $99-199/month Premium tier pricing, this feature alone justifies the subscription cost through tax savings and reduced slippage.
Competitive moat: The integrated pipeline (predict → tax-optimize → gradually execute → self-correct) creates a compound advantage that improves over time as the LSTM model learns user-specific patterns. No competitor offers this integration for self-custody crypto assets.
Claims 49-53 were drafted and filed in April 2026 covering affinity-partitioned BFT settlement, non-custodial pre-clearance, parent-inherited quorum, time-rotated document access, and civil-admissible verdict records. Claims 54-75 were drafted in May 2026 covering the multi-vertical attestation kernel, agentic AI escalation, court-ready evidence bundle replay, vertical-LOB-specific checks (capital markets, EB-5, H-1B, healthcare-fraud-style premise compatibility), and the Money Passport credential bundle.
Validator mesh partitioned into N affinity groups; deterministic routing by counterparty/asset-chain/currency tuple; near-linear throughput scaling.
Eight industry engines (capmarkets, p2p, trade-finance, EB-5, H-1B, grants, P&C, WC) on a single shared distributed kernel. One kernel signature set serves all engines.
Four-layer precedence (finding-context > engagement > customer-profile > system-default) with invariant table preventing privilege escalation; resolved set hashed into manifest.
Single conjunctive predicate at central dispatch (profile AND engagement AND plan AND prerequisites). No parallel free/paid implementations. Coverage manifest BFT-signed.
Uniform finding shape across all engines plus shared regulatory-basis, remediation-template, and payload-renderer registries. Single bundle renderer for all nine industries.
Abstract base class declaring two extension methods; subclasses author only check logic. Empirically: 1-2 weeks per industry engine atop 18-month kernel.
Plug-in authorization for institutional digital-asset transfers; sealed authorization signed by 14-of-20 validators across 13+ jurisdictions; civil-admissible artifact.
One BFT quorum signature covers N child attestations via Merkle path inheritance; per-finding court-admissibility at batch-signing cost.
Stateless deterministic two-tier (index, asset) keys derived per ISO calendar week from a server salt; published to authorized recipients via authenticated secondary channel.
Verdict generation engine produces FRE 902(14)-compliant sealed verdict with executive summary, structured section, BFT attestation, ledger anchor, machine manifest, and verification QR.
LLM_ENDPOINT AND LLM_ENABLED AND profile.llm_enabled AND plan in {paid, enterprise}. Each conjunct defaults false. Gate log signed into reproducibility manifest.
Temperature=0, fixed seed, schema-validated parse, numeric drift bounded by independently-computed deterministic floor, retry up to bound, fall back to floor.
Model-card record (provider, model, version, fingerprint, prompt hash, sampling params, timestamps) canonicalized and BFT-signed into the verdict's reproducibility manifest.
Agentic intermediary positioned between flat-fee deterministic detection and per-case paid investigation; budget-constrained knapsack selection of investigation clusters; sealed plan-receipt.
Six-section manifest plus standalone replay protocol any unaffiliated party can execute; deprecation fallback to deterministic-floor verification when model version retired.
Seven hash classes (input data, processing graph, parameters, deterministic floors, LLM gate log, model cards, coverage manifest) plus standalone replay verifier program for adversarial replay.
In-transaction database trigger computes per-row chain hash; periodic Merkle root anchored to distributed ledger via BFT quorum. Bounded tamper-detection latency.
Verification service operated by party distinct from issuer/customer/financial-stake party; consumes only public artifacts; multi-service concordance pattern.
BFT-quorum-attested issuance + per-command HMAC + 24h TTL + parameter constraints. Eliminates standing administrative credentials; bounded blast radius on leak.
Four-field bank fingerprint (routing, account-prefix hash, signatory name, signatory address) plus recursive UBO graph CTE plus union-find clustering. Detects coordinated rings.
Six-feature premise extractor (signage, sqft, licenses, CO-presence, zoning, address-type); ~40-rule library (hospice from personal-services, DME from residential, etc.).
Window-function grouped-run query over fixed-precision SEC FTD storage; per-instrument thresholds; issuer aggregation. Public-data only; reproducible by any third party.
Three signals (FATF/OFAC corridor flags, UBO reachability to PEP/sanctioned, bank fingerprint correlation) aggregated 0-100 with use-case weights (EB-5, private placement, remittance).
Three-way join across DOL OFLC LCA + USCIS petition + payroll fingerprints; wage-suppression, sponsor-mismatch, prevailing-wage-mismatch checks; cites 20 CFR 656.40 + INA 212(n).
Four-tier workflow (T1/T2/T3/T4); T3 -> T4 enforces dual-signoff + MFA-bound-to-engagement + irrevocability acknowledgment. Immutable attestation registry.
Single bundle binding AccreditedID + Proof of Funds + Source of Funds + Income Verification with per-constituent freshness (24h/30d/90d). Selective disclosure.
Trusted-issuer accreditation attestation with ZK disjunction proof over Rule 506(c) thresholds (net worth, individual income, joint income, entity/professional). Verifier learns only Boolean.
Filing packets for claims 49-75 are maintained in the JIL Sovereign internal repository at docs/strategy/patent_filings/claim_NN/. Each packet contains the specification (01_specification.md), drawings (02_drawings.md), USPTO SB-16 cover sheet (03_SB16_cover_sheet.txt), filing checklist (04_filing_checklist.md), and novelty memo (05_claim_novelty_memo.md). All assigned to JIL Sovereign Holdings, LLC (Wyoming).