PhysID

Every humanoid, robot, and pair of AI glasses
needs a verifiable identity.

PhysID is the identity layer for physical AI. Every humanoid, robot, or pair of AI glasses ships with a tamper-resistant secure-element tag, bound to a public on-chain record. Anyone — a person, another machine, a regulator — can confirm what the unit is, who operates it, and what it's authorised to do, with one NFC tap or BLE handshake.

PhysID is from Provenance Tags — same identity stack as our ptagchain.io product, already shipping Concordium-anchored, ZKP-verified, one-tap NFC identity on mainnet for product authentication. PhysID applies it to humanoids, robots, and AI glasses, with an API and MCP server to encode identity, decode it over NFC or BLE, and resolve who's accountable.

Today the three PhysID services — Encode, Decode, Registry — are live as CIS-8004 agent cards on the Concordium Agent Registry. Anyone can resolve and verify them on-chain, and physical AIs meeting in the real world use the same A2A format to identify each other's skills on tap. No central directory, no vendor lock-in.

Request sandbox accessSee the MCP tools
Live on Concordium Agent Registry · CIS-8004 contract <10082,0> · 3 agents
two humanoids · ambient Tier-1 broadcast
ambient broadcast → verifiable Tier-1 payload
{
  "subject": "physical_ai:humanoid",
  "class": "delivery",
  "operator_class": "commercial_logistics",
  "jurisdiction": "EU-DK",
  "tier": 1,
  "registry_anchor": "ccd:agent_registry:v1",
  "unit_proof": "zk:0x9c1f4a…",
  "session_id": "rot_8f3c…",
  "freshness_ms": 412
}

PhysID — by Provenance Tags. Same Concordium-anchored identity stack as ptagchain.io, applied to physical AI.

Concordium mainnet · CIS-8004 Agent Registry · Post-quantum-ready NFC · ZK disclosure

Why this matters

Physical AI is arriving fast. Identity hasn't caught up.

Humanoids, robots, AI glasses — and no shared way to answer the most basic question: who is this machine, who's accountable for it, and is it really what it claims to be? Today that answer lives inside whichever vendor's database happens to control the unit. That doesn't scale, doesn't survive a transfer, and doesn't work across operators or jurisdictions.

PhysID makes the answer verifiable and portable. Two layers, both anchored on Concordium mainnet:

Layer 1 — the protocol
Public infrastructure, not a private API

The three PhysID services — Encode, Decode, Registry — are registered as CIS-8004 agent cards on the Concordium Agent Registry (contract <10082,0>). Their manifests are cryptographically bound to an on-chain hash, so any party — another agent, a regulator, a counterparty — can resolve and verify the PhysID services directly from the chain. No central directory, no vendor lock-in.

Layer 2 — the unit
Hardware-anchored, on-chain lifecycle

Each physical AI unit is provisioned through Encode with a keypair generated inside a tamper-resistant secure element. The unit is registered on Concordium with ownership, transfer, and revocation as first-class operations. Cloning requires a state-actor-level attack — and if a clone ever appears, the registry surfaces it and the unit can be revoked.

Layer 3 — the encounter
Physical AIs can identify each other

Every unit carries its own agent card — declaring its skills, operator, and authorisations in the same A2A format as the on-chain PhysID services. When two physical AIs meet over NFC or BLE, each can resolve the other's skills and verify them against the chain before deciding to cooperate, defer, or refuse. Machine-to-machine recognition, without a central broker.

It's the same identity stack we already run for physical products on ptagchain.io, now extended to the machines that will increasingly act on our behalf.

The API

Three primitives. One identity protocol for embodied AI.

Encode
POST https://api.physid.ai/v1/encode
Authorization: Bearer $PHYSID_API_KEY
Content-Type: application/json

{
  "unit_class": "humanoid",
  "operator_concordium_id": "ccd:0xA1F…",
  "credentials": ["jurisdiction:EU-DK", "purpose:delivery"],
  "tag_id": "physid_nfc_8f3c2d…"
}

Encode: Provision a physical AI. Bind keys to the secure element. Register the unit and its operator linkage on-chain.

Decode
POST https://api.physid.ai/v1/decode
Authorization: Bearer $PHYSID_API_KEY
Content-Type: application/json

{
  "nfc_payload": "0x9c1f…",
  "nonce": "0x44ab…",
  "tier": 1
}

Decode: Verify a tap or BLE handshake. Return the credentials the encounter is authorised to see — and nothing more.

Registry
GET https://api.physid.ai/v1/registry/{unit_id}
Authorization: Bearer $PHYSID_API_KEY

Registry: Read, update, transfer, or revoke. Lifecycle for every unit you ship.

Concordium Agent Registry · CIS-8004

Three agents. Three on-chain identities. Live on mainnet.

Each PhysID primitive is registered as a transferable CIS-8004 agent card on Concordium mainnet. The card's body is served from physid.ai/.well-known/agents/ and SHA-256-bound to the on-chain hash at mint. Anyone can resolve, verify, transfer, or revoke through the registry contract at <10082,0>.

PhysID Encode
Active
Token #15 · 0f000000

Provision a unit. Bind keys to the secure element. Register on-chain.

View agent card →View on registry →
PhysID Decode
Active
Token #16 · 10000000

Verify a tap or BLE handshake. Selective disclosure across three tiers.

View agent card →View on registry →
PhysID Registry
Active
Token #17 · 11000000

Register, transfer, query, revoke. Lifecycle for every unit you ship.

View agent card →View on registry →
contract: <10082,0> (module ba03e953…b63855f)
chain: ccd:9dd9ca4d19e9393877d2c44b70f89acb (Concordium Mainnet)
owner: 3suZfxcME62akyyss72hjNhkzXeZuyhoyQz1tvNSXY2yxvwo53
registered: 2026-05-31 · native agents, external_reference = None
MCP-native

Your agent can identify the physical AI it just met.

Every PhysID primitive is exposed as an MCP tool. A humanoid's onboard agent can decode the credentials of another humanoid it encounters. A fleet operator can register a hundred delivery bots in a single conversation. Claude, GPT, and any MCP-compatible agent can call these tools natively — no SDK, no custom integration.

User: Register the new fleet of 12 delivery bots
      for our DK operation, jurisdiction EU-DK.

Agent: I'll register them under your Concordium
      operator ID and bind a PhysID NFC credential
      to each unit.

      [calls physid.encode × 12]
      [calls physid.registry.link_fleet]

      Done. 12 units registered. Tags ready to ship.
      Registry entries: physid_unit_001 … physid_unit_012.

MCP endpoint: https://mcp.physid.ai

Trust model

Three tiers of disclosure. Nothing leaks by default.

Tier 1 — Ambient (BLE broadcast)
Class, operator category, jurisdiction, rotating session ID. No identity. Anyone in range can see it.
Tier 2 — Tap (NFC, deliberate)
ZK proofs of authorisation, insurance, recall status, jurisdictional permissions. Facts, not identity.
Tier 3 — Authorised (regulator, incident response)
Full operator identity. Requires Concordium Privacy Guardian cooperation — PhysID cannot disclose unilaterally.

Built on Concordium's identity layer. Identity is anchored at account creation, split across independent Privacy Guardians, and disclosed only under documented procedure.

Provenance Tags is headquartered in Copenhagen and operates within the EU regulatory framework. The Concordium Privacy Guardian network spans jurisdictions chosen for non-collusion and procedural integrity.

Architecture

Hardware anchor. Identity layer. Local channel.

Hardware anchor

NFC tag or embedded secure element, post-quantum-ready at the hardware layer

Supports post-quantum signature schemes and is ready to be used with them as the verifier ecosystem evolves to consume PQ-signed credentials end-to-end

Identity layer

Concordium CIS-8004 Agent Registry, IDP-verified operator, ZK credentials

PhysID Encode, Decode, and Registry are live as transferable agent cards on registry contract <10082,0> — same identity primitives Provenance Tags ships on Concordium mainnet via ptagchain.io

Local channel

NFC tap (deliberate) + BLE broadcast (ambient)

Challenge-response with on-device agent; rotating session IDs

PhysID is a product from Provenance Tags, built on the same stack as ptagchain.io — their product-authentication product — and running on Concordium mainnet today. The same primitives shipping for product authentication and stablecoin-settled commerce — hardware-anchored ZKP identity, one-tap NFC verification, immutable record keeping — apply directly to physical AI: humanoids, robots, AI glasses. Identity is anchored at the hardware layer, accountable at the Concordium identity layer, and usable offline at the encounter layer.

How clone-resistance works

Each PhysID unit is provisioned with a unique keypair generated inside a tamper-resistant secure element. The private key never leaves the chip — every credential is signed on-device, and the chip itself attests to its identity through the manufacturer's certificate chain. A verifier can confirm that the signature came from a genuine PhysID-provisioned secure element, not a software emulator or a copied payload. Cloning a unit requires physically extracting a key from a tamper-resistant chip — a state-actor-level attack, not a casual one. And if a clone ever did appear, the on-chain registry makes it detectable and revocable: the operator sees one unit in two places and revokes it.

Who it's for
Robot and humanoid OEMs

Ship units identity-ready. SDK and reference hardware on request.

Fleet operators

Register, transfer, and revoke at scale. Compliance built in.

Agentic system builders

Give your agents the ability to identify and be identified. MCP endpoint live in minutes.

Access
Developer sandbox
  • — Free for evaluation
  • — Test credentials, full API + MCP access
Request sandbox access
Production
  • — Per-unit pricing for registered physical AIs
  • — Hardware tag fulfilment
  • — Volume terms for OEMs and fleet operators
Request production access
Documentation
API reference
MCP server
Integration guides
FAQ
Is PhysID actually on-chain today?+

Yes. The three PhysID primitives — Encode, Decode, Registry — are registered as CIS-8004 agent cards on Concordium mainnet contract <10082,0> (tokens #15, #16, #17). Each card body is served from physid.ai/.well-known/agents/ and SHA-256-bound to the on-chain hash, so any verifier can confirm the served card matches the chain.

What is CIS-8004?+

Concordium’s implementation of ERC-8004 v2 (Trustless Agents) — a standard for representing AI agents as transferable on-chain NFTs with a verifiable off-chain manifest. PhysID uses CIS-8004 so any MCP client or agent runtime can discover the live PhysID agents, verify their integrity, and call them through the documented API.

What happens if a unit is offline?+

Verification works offline against cached credentials and on-device signatures; on-chain status is checked when connectivity returns.

What happens if the tag is damaged or destroyed?+

Re-issuance through registry; previous tag is revoked and any holder of the old payload is informed on decode.

What happens during ownership transfer?+

Both old and new operator co-sign a transfer transaction on Concordium; tag credentials are rotated.

Can PhysID deanonymise a unit?+

No. Tier 3 disclosure requires Concordium Privacy Guardian cooperation — we are not a guardian.

Is the protocol open?+

The wire format and credential schema are documented; the three PhysID agent cards are public CIS-8004 NFTs anyone can resolve via the Concordium Agent Registry. Reference implementations available on request.