Every H33 key answers: what is this key allowed to prove, compute, delegate, or trigger — under what governance state, at what time?
H33 keys no longer just answer “is this key valid?” They answer “what is this key allowed to prove, compute, delegate, or trigger — under what governance state, at what time?”
Not metadata. Cryptographically bound authority context that travels with the key and constrains every operation.
Keys are valid for a declared period. Expired keys fail immediately. No grace period.
Keys are scoped to specific operations: attest, encrypt, sign, verify, scan. A scan key cannot attest. An attest key cannot sign governance.
Every key traces back to a human authorization. Agent keys carry their delegation lineage. Sub-delegated keys inherit parent scope constraints.
Keys carry risk classification: sandbox, production, or sovereign. Risk tier determines what the key can touch — sandbox keys cannot produce production attestations.
Keys bind to the governance state at issuance. If governance changes — policy update, role revocation — keys issued under the old state can be invalidated.
Prove this key COULD NOT have authorized a specific action. Prove the action was impossible under the key's constraints.
Not "we found no record." Proof the action was impossible under the governance state at that moment.
Given a key, timestamp, and action, H33 can prove whether the action was impossible due to creation time, revocation, expiration, authority window, scope, computation class, or recorded denial.
This is not API key management. This is verifiable authority infrastructure.
Code integrity without authority integrity is incomplete. Q-Key closes the gap between who deployed it and what it's allowed to do.
Q-Key feeds OIS. Unauthorized or over-scoped keys lower operational integrity. Time-scoped, delegated, computation-bound keys improve it.
Authority integrity is not a single feature. It's a system that builds on itself.
See how Q-Key fits into your trust architecture.