Proof of Clean Hands
Proof of Clean Hands (PoCH) is a credential that proves a person completed identity verification and passed sanctions screening, without exposing their identity. It lets someone demonstrate they are in good standing while keeping their name, document, and biometrics private.
How it works
- Government ID check. The person verifies a government-issued ID (passport, driver’s license, residence permit, visa, or voter card).
- Liveness check. A biometric liveness scan confirms the document belongs to the person presenting it.
- Sanctions screening. The person is screened against 23 international sanctions and watchlist sources (OFAC, FATF, FinCEN, Interpol, and others), including Politically Exposed Persons data.
- Credential issuance. On success, the person receives an on-chain credential (a soul-bound attestation). It is valid for about a year and can be renewed before it expires.
Throughout, the verification runs with zero-knowledge proofs. The identity data is encrypted to a threshold network rather than held by any single party. See Zero-Knowledge Identity and Cryptographic Security.
What it proves
- The holder completed government-ID verification with a liveness check.
- The holder is not on the screened sanctions or watchlists.
- The credential is current and unexpired.
What it does not reveal
- No name, date of birth, document number, nationality, or address.
- No biometrics, IP address, or device data.
- Nothing beyond the fact that the checks passed.
Not a backdoor
PoCH does not give any party a master key to a person’s identity. Personal data is not held by human.tech in the clear. It is encrypted to a threshold network, so reading it would require cooperation across that network rather than a single operator flipping a switch. The design goal is to make compliance and privacy compatible, not to create a covert channel into anyone’s identity.
This is a strong privacy guarantee against ordinary operators and attackers. It is not a claim of invulnerability against a nation-state adversary, and key management and rotation are auditable by design.
Regulatory compatibility
The architecture is built to be compatible with frameworks such as the FATF Travel Rule, the EU’s MiCA and AML package, and FinCEN customer due-diligence expectations. These are architectural compatibility goals, not legal certifications. Applicability depends on the deploying institution and jurisdiction.
Where it’s used
PoCH gates compliant value flows on Shield and provides reusable, privacy-preserving compliance for financial institutions and governments.