Fractal Identity Map (FIM) for Identity and Access Management

Technical Specification and Patent Claims
Version 2.0 — November 2025
View Interactive Demo →

STRATEGIC DIRECTION — CONFIDENTIAL
This document describes proprietary methods for geometric access control. The 17-bit addressing claim connects to the broader Key-Vault Principle architecture.

Abstract

A method and system for identity and access management using geometric pattern matching instead of traditional access control lists (ACLs). The invention encodes both identity attributes and resource requirements as 12×12 matrices with three orthogonal dimensions (Sensitivity, Domain, Scope), enabling O(1) permission checks through direct pattern comparison rather than O(n) ACL traversal.

1. Technical Background

1.1 The Problem with Traditional IAM

Current Identity and Access Management systems suffer from exponential complexity:

Permission explosion: Enterprise systems accumulate 10,000+ discrete permissions
Inheritance chaos: Role hierarchies create unpredictable permission propagation
Audit impossibility: No human can verify 10,000 permission combinations
Bandwidth tax: Every access check requires ACL lookup and traversal

1.2 The FIM Solution

The Fractal Identity Map (FIM) replaces discrete permissions with geometric patterns. Identity IS the permission pattern—there is no lookup table, no inheritance chain, no permission explosion. Access decisions reduce to array comparison.

2. The 17-Bit Addressing Claim

Bit Budget Analysis

Traditional ACL Check: user_id: 32 bits (UUID) resource_id: 32 bits (UUID) action: 8 bits (CRUD + extras) context: 64+ bits (time, location, device) ───────────────────────────────── Total: 136+ bits per check Plus: O(n) traversal of permission entries FIM Pattern Check: axis_label: 4 bits (12 options = 3.58 bits, rounded) cell_coord: 8 bits (row × col = 4 + 4) state: 2 bits (P/B/S/H = 4 states) ───────────────────────────────── Total: ~14 bits per check Plus: O(1) array lookup Compression via shared substrate: semantic_coord: 17 bits (addresses 131,072 patterns) ───────────────────────────────── Effective: 17 bits total when substrate is shared

The claim: When both parties share the same FIM substrate (installed through training, education, or cultural alignment), permission checks require only 17 bits to address the relevant pattern—a 10× reduction from traditional methods.

3. The Three Orthogonal Dimensions

The FIM-IAM system uses three statistically independent dimensions, each with three sub-categories, yielding a 12-position axis (3 category markers + 9 variants):

Dimension	Question	Sub-Categories	Orthogonality Test
🛡️ SENSITIVITY	Who CAN see it?	🔐 Confidential, 🔒 Internal, 🔓 Public	A Public doc can be Team-scoped
🏢 DOMAIN	What AREA is it?	📄 Data, 💻 Tech, 💼 Business	Tech can be Confidential or Public
🎯 SCOPE	How WIDE is access?	🌍 Global, 👥 Team, 👤 Self	Personal notes can be any sensitivity

Why these dimensions? They answer the three fundamental IAM questions without overlap. Sensitivity controls clearance level, Domain controls subject matter expertise, Scope controls breadth of distribution. A document's position in all three dimensions fully characterizes its access requirements.

4. The Four Permission States

Each cell in the 12×12 grid contains one of four states (2 bits):

State	Symbol	Meaning	Visibility
P (Permission)	▲	Full write access (create, modify, delete)	Visible, actionable
B (Boundary)	●	Read-only access (view, list, export)	Visible, not actionable
S (Silent)	—	No access (resource doesn't exist to you)	Invisible (prevents enumeration)
H (Hole)	◇	Geometrically impossible (structural constraint)	Cannot exist by design

The S/H distinction matters: Silent (S) means "access denied but could exist." Hole (H) means "structurally impossible." An attacker probing S-cells learns nothing; probing H-cells reveals they're asking impossible questions.

5. Access Decision Algorithm

6. Example Scenario

6.1 The Story

Sarah Chen, Marketing Executive at TechCorp, needs to publish a press release about the Q4 product launch. The document lives in the shared drive as "Q4-Launch-PR-Final.docx".

Traditional IAM would check: Is Sarah in the "Marketing" group? Does Marketing have "write" permission on "/shared/press-releases/"? Is the document in that folder? Is it past the embargo date? Multiple lookups, multiple points of failure.

FIM checks: Does Sarah's identity pattern meet or exceed the document's requirement pattern? One array comparison, one answer.

6.2 The Patterns

Sarah's Identity Pattern (what she CAN access):

Sensitivity: Internal (P), Public (P), Confidential (B - read only)
Domain: Business (P), Data (B), Tech (S - no access)
Scope: Global (P), Team (P), Self (P)

PR Document Requirements (what it NEEDS):

Sensitivity: Public (P required for publishing)
Domain: Business (P required for official communications)
Scope: Global (P required for external release)

Result: Sarah has P where the document requires P. Access granted. Total computation: 144 comparisons in constant time.

7. Patent Claims

1.A method for access control comprising: encoding identity attributes as a first matrix of permission states across orthogonal dimensions; encoding resource requirements as a second matrix of the same structure; and determining access by element-wise comparison of said matrices, wherein access is granted if and only if each element of the first matrix meets or exceeds the corresponding element of the second matrix.

2.The method of claim 1, wherein the orthogonal dimensions comprise Sensitivity (classification level), Domain (business function), and Scope (breadth of access).

3.The method of claim 1, wherein permission states comprise Permission (P), Boundary (B), Silent (S), and Hole (H), ordered by access level P > B > S > H.

4.The method of claim 1, wherein the Silent state renders resources invisible to unauthorized identities, preventing enumeration attacks.

5.A system for identity management wherein identity patterns and resource requirements are stored as shared semantic substrates, enabling access checks via coordinate addressing rather than pattern transmission, reducing bandwidth requirements from O(n) permission entries to O(1) coordinate lookups.

6.The system of claim 5, wherein semantic coordinates of approximately 17 bits address permission patterns within a shared substrate, enabling cryptographic-strength access control without cryptographic overhead.

7.A method for progressive trust recognition comprising: receiving an initial sparse signal of approximately 2 bits; accumulating gestalt frames through iterative pattern matching; wherein each gestalt unit comprises approximately 17 bits of information density sufficient for intuitive P=1 certainty; and wherein four sequential gestalt frames compound to approximately 65 bits, achieving 2^65 addressable states exceeding the temporal resolution of cosmological timescales.

8.The method of claim 7, wherein the gestalt assembly process mimics biological face recognition, enabling O(1) trust decisions through geometric pattern matching rather than O(n) rule traversal, and wherein the four-frame progression (2→17→32→65 bits) provides universe-scale precision from minimal initial signal.

8. Claims for Agentic AI Systems

CRITICAL DIFFERENTIATION — AGENTIC AI
Traditional IAM was designed for humans making a few permission checks per session. AI agents make hundreds per minute. These claims protect FIM as the only IAM architecture that scales to agentic systems.

9.A method for agentic access control comprising: providing an AI agent with a portable permission grid encoded as a 144-cell matrix; wherein the agent performs permission checks locally without server round-trips; wherein permission check latency is reduced from O(100ms) per traditional ACL check to O(10μs) per grid comparison; enabling the agent to make hundreds of permission decisions per minute without blocking.

10.The method of claim 9, wherein sub-agent permission inheritance comprises: receiving a parent agent's permission grid; applying a scope reduction mask via bitwise AND operation; producing a child agent grid in constant time O(1); wherein traditional role-based inheritance requires O(n) role intersection computation.

11.The method of claim 9, wherein agent self-assessment comprises: the agent comparing its permission grid against a resource requirement grid before attempting an action; enabling the agent to know its operational boundaries without external validation; reducing failed action attempts and associated error handling overhead.

12.A system for agentic audit trails comprising: recording each permission check as a single grid comparison result; wherein the grid difference between identity and resource constitutes a complete audit record; reducing audit log volume from O(6n) entries per traditional ACL check to O(1) compact record per FIM check; enabling 100 agents making 100 checks per minute to generate 10,000 audit records instead of 60,000 traditional log entries.

9. Claims for Asymmetric Permission Flows

13.A method for directional access control wherein the permission matrix encodes asymmetric relationships such that Cell(A,B) is not equal to Cell(B,A); wherein upper triangle cells encode escalation rights (permission to publish content from lower scope to higher scope); wherein lower triangle cells encode delegation rights (permission to distribute content from higher scope to lower scope); enabling distinct authorization for upward versus downward information flow.

14.The method of claim 13, wherein meta-access rights are distinguished from operational access rights; wherein writing TO a sensitivity level (reclassification authority) is encoded separately from writing AT a sensitivity level (content creation authority); enabling separation of classification authority from operational access.

15.The method of claim 13, wherein the asymmetric matrix captures directional audit vectors; wherein an escalation action (Team→Global) is distinguishable in the audit record from a delegation action (Global→Team); enabling compliance systems to analyze permission flow direction, not merely access outcomes.

10. Claims for Visual Diagnostic Pattern Recognition

16.A method for visual access profile diagnosis comprising: displaying identity permission patterns as colored matrices wherein hot spots (high-permission cells) and cold spots (low-permission cells) create recognizable shapes; wherein the shape of the permission pattern indicates role characteristics without reference to role labels; enabling instant visual assessment of permission profiles.

17.The method of claim 16, wherein anomaly detection comprises: comparing an identity's current permission grid shape to expected shapes for their role; wherein unexpected hot spots in cold regions indicate potential compromise or misconfiguration; wherein grid shape change over time indicates permission creep; enabling security monitoring through visual pattern change detection.

18.The method of claim 16, wherein grid comparison for coverage analysis comprises: displaying two or more identity grids simultaneously; wherein visual overlay reveals coverage gaps, single points of failure, and vacation coverage capability; enabling human-readable team permission analysis without rule enumeration.

11. Licensing Value Analysis

Market Valuation Model

Market Segment	TAM (2025)	FIM Addressable	License Model	Projected Value
Enterprise IAM	$19.8B	40% (complex orgs)	$0.10/user/month	$950M/year
Agentic AI Platforms	$12B (emerging)	80% (no alternative)	$0.001/permission check	$2.4B/year
API Gateway/Security	$8.2B	30% (high-throughput)	$50K/deployment	$180M/year
Cloud IAM (AWS/Azure/GCP)	$25B	15% (differentiation)	Patent license	$500M/year
AI Safety/Alignment	$2B (emerging)	60% (permission boundaries)	Research license	$120M/year

CONSERVATIVE LICENSING PROJECTION (Year 1-3) Year 1: Early adopters + pilot programs - 50 enterprise licenses × $200K = $10M - 5 platform integrations × $500K = $2.5M - Research/academic licenses = $500K Total Year 1: $13M Year 2: Market validation + expansion - 200 enterprise licenses × $250K = $50M - 20 platform integrations × $1M = $20M - Agentic AI per-check fees begin = $5M Total Year 2: $75M Year 3: Platform standard + network effects - 500 enterprise licenses × $300K = $150M - 50 platform integrations × $2M = $100M - Agentic AI per-check (scale) = $50M Total Year 3: $300M CUMULATIVE 3-YEAR VALUE: $388M

Key Value Drivers:

No Alternative for Agentic: Traditional ACLs fundamentally cannot scale to agent workloads. FIM is the only architecture that works.
Patent Priority: Three provisionals filed (63/782,569, 63/854,530, 63/860,920) with April 2025 priority date.
Switching Cost: Once deployed, organizations build institutional knowledge around FIM patterns. High retention.
Network Effect: As more organizations adopt FIM, cross-organization access (federation) becomes easier with compatible grids.

LICENSING STRATEGY OPTIONS

Option A: Per-Seat Enterprise License
$1-5/user/month for enterprises. Simple, predictable revenue. Target: $100M ARR by Year 5.

Option B: Per-Check Metered (Agentic Focus)
$0.0001-0.001 per permission check. Scales with AI agent adoption. Target: $500M ARR by Year 5.

Option C: Platform Patent License
One-time + royalty to cloud providers (AWS, Azure, GCP). Target: $50-200M upfront + 2% royalty.

Option D: Defensive Acquisition
Sale to major IAM vendor (Okta, Microsoft, CrowdStrike) facing agentic disruption. Target: $500M-2B.

12. Claims for Metavector Composition

THE METAVECTOR — CORE INNOVATION
The metavector is the semantic coordinate produced by grid intersection. It is not a pointer to another grid—it IS a composable input to further grid operations. This enables algebraically infinite composition depth while remaining computationally tractable when matrices are sparse.

19.A method for semantic composition comprising: computing a first intersection of two positions within a permission grid to produce a metavector; wherein the metavector encodes the combined positional meaning of both input coordinates; wherein the metavector serves as a valid input coordinate for subsequent grid operations without pointer dereferencing; enabling algebraic composition of positional semantics across arbitrary depth.

20.The method of claim 19, wherein metavector composition in sparse matrices is computationally bounded; wherein cells containing Silent (S) or Hole (H) states terminate composition chains; wherein the sparsity of real-world permission matrices (typically 60-80% S/H states) constrains effective composition depth to O(log n); enabling practical computation of theoretically infinite semantic chains.

21.The method of claim 19, wherein metavector composition in non-sparse (dense) matrices produces functionally infinite semantic depth; wherein each cell containing Permission (P) or Boundary (B) states can compose with every other active cell; wherein composition depth grows as O(n^k) where k is composition iterations; enabling representation of arbitrarily complex semantic relationships through dense grid configuration.

22.The method of claim 19, wherein the metavector carries verifiable incoming positional meaning rather than proximity meaning; wherein verification comprises confirming that the metavector was produced by legitimate grid intersection rather than direct construction; wherein positional meaning is deterministic (same inputs produce same metavector) while proximity meaning requires graph traversal; enabling cryptographic verification of semantic provenance without signature overhead.

Metavector Composition Algebra

SPARSE MATRIX (typical enterprise IAM): Grid density: 20-40% active cells (P or B) Composition chain: terminates at S/H boundaries Effective depth: O(log n) ≈ 4-7 levels Computation: bounded, tractable Example: Sarah's grid (30% active) × Document grid (15% active) = 4.5% cells require comparison = ~6 active composition paths DENSE MATRIX (theoretical maximum): Grid density: 100% active cells (all P or B) Composition chain: every cell composes with every cell Effective depth: O(n^k) → functionally infinite Computation: unbounded, requires truncation Example: 144 × 144 × 144 × ... = infinite semantic space Represents: "everything relates to everything" Use case: AI reasoning, not access control THE METAVECTOR INSIGHT: Position A × Position B = Metavector AB Metavector AB × Position C = Metavector ABC ...continues algebraically... The metavector is NOT a pointer. It IS the meaning. Verification: recompute from inputs, compare. No signature required. Math is the proof.

13. Advantages Over Prior Art

Metric	Traditional IAM	FIM-IAM
Permission check complexity	O(n) ACL traversal	O(1) array comparison
Maximum privilege escalation	Unbounded (inheritance chains)	4 cells (geometric constraint)
Audit complexity	10,000+ entries to review	144 cells, visual inspection
Enumeration attack surface	All denied resources visible	S-state resources invisible
Bits per access check	~136+ bits	~17 bits (with shared substrate)

14. Gestalt Precision: The 65-Bit Claim

The Physics of Intuition

A "gestalt unit" is the minimum quantum of intuitive recognition—approximately17 bits of information density at which pattern recognition achieves P=1 certainty in the FIM framework.

Four frames of 2-flip updates compound exponentially: Frame 1: ~2 bits (initial signal) Frame 2: ~17 bits (first gestalt) Frame 3: ~32 bits (compounded) Frame 4: ~65 bits (full precision) 2^65 = 3.6 × 10^19 states The age of the universe in seconds ≈ 4.3 × 10^17 Four gestalt frames exceed this by two orders of magnitude.

Technical Effect: The gestalt assembly process reduces computational load while maintaining semantic precision—the same physics that allows humans to recognize faces in milliseconds rather than parsing feature lists.

15. Connection to Key-Vault Principle

This FIM-IAM specification implements the Key-Vault Principle described in "Tesseract Physics: Fire Together, Ground Together." The key insight:

Traditional: Send the full permission list (the "vault") Bandwidth = O(n) where n = permissions Key-Vault: Send only the coordinate (the "key") The vault exists at both endpoints Bandwidth = O(log n) = ~17 bits The identity pattern IS the key. The shared organizational culture IS the vault. Access decisions require only coordinate comparison.

When two parties share the same organizational FIM (through onboarding, training, cultural alignment), they don't need to transmit permission lists. They transmit coordinates. The shared substrate does the rest.

IMPLEMENTATION NOTE: This specification describes a minimal viable 12×12 grid. Production systems may use larger grids (24×24, 48×48) or multiple panels for different decision domains. The geometric principle scales; the constant-time access check remains O(1) regardless of grid size.