HUMΛN
DocsAPI ReferenceSDK ReferencePatternsCommunity
← Back to Patterns

Multi-Device Sync

Availablepassportadvanced

Overview

Your HUMΛN Passport isn't tied to a single device—it syncs securely across your Device Mesh: phone, laptop, tablet, watch, and any other trusted device you own. This creates a distributed personal identity network where no single device holds complete authority, and losing one device doesn't mean losing your identity.

Why Multi-Device Sync?

  • Portability: Your identity follows you across all your devices
  • Resilience: Losing one device doesn't lock you out
  • Redundancy: No single point of failure
  • Sovereignty: You control which devices are part of your Mesh
  • Recovery: Any 2-of-3 (or 3-of-5) devices can recover your full identity
  • Privacy: Data syncs through your chosen cloud (iCloud, Google Drive, self-hosted S3), not HUMAN's servers

    • Think of it like: Your phone, laptop, and tablet form a secure "council" where any majority can authenticate you—even if one is stolen or broken.

    How Device Mesh Works

    HUMΛN uses a threshold identity model to distribute trust:

    1. Device Enrollment: Each device gets a unique Device Passport Key 2. Threshold Authentication: Any N-of-M devices (e.g., 2-of-3) can authenticate you 3. Encrypted Sync: Each device holds an encrypted replica of your Passport data 4. Local-First: Data originates on your device, encrypted before sync 5. Cloud-Agnostic: You choose where encrypted data is stored (iCloud, Google Drive, OneDrive, S3, etc.)

    `` ┌─────────────┐ ┌──────────────┐ ┌───────────────┐ │ Phone │────│ Laptop │────│ Tablet │ │ (Device 1) │ │ (Device 2) │ │ (Device 3) │ └─────────────┘ └──────────────┘ └───────────────┘ │ │ │ └────────────────────┼─────────────────────┘ │ ┌────────▼────────┐ │ Encrypted Sync │ │ (Your Cloud) │ │ iCloud/Drive/ │ │ Self-Hosted │ └─────────────────┘ ``

    Any 2 of these 3 devices can:

  • Authenticate you
  • Rotate keys
  • Add a new device
  • Remove a compromised device
  • Recover your full Passport

    • SDK Examples

    1. Enroll a New Device

    >
    SDK:
    0

    2. Sync Passport Updates Across Devices

    >
    SDK:
    1

    3. Recover Identity After Device Loss

    >
    SDK:
    2

    Use Cases

    1. Add Work Laptop to Personal Device Mesh

    Scenario: You have a phone and personal laptop (Device Mesh). Now you want to add your work laptop.

    >
    SDK:
    3

    2. Revoke Compromised Device

    Scenario: Your phone was stolen. Immediately revoke its access using remaining devices.

    >
    SDK:
    4

    3. Peer-to-Peer Local Sync (No Internet Required)

    Scenario: You're offline but have multiple devices nearby. Sync via Bluetooth/Wi-Fi Direct.

    >
    SDK:
    5

    Conflict Resolution

    When multiple devices update the Passport simultaneously, conflicts are resolved using:

    1. Newest Valid Signature (Default)

    // Device A and Device B both add capabilities offline
// When they sync:
const resolvedUpdate = {
  capability1: { timestamp: '2026-01-10T12:00:00Z', signature: '0xabc...' }, // Device A
  capability2: { timestamp: '2026-01-10T12:05:00Z', signature: '0xdef...' }, // Device B (newer)
};
    // Device B's update wins (newer timestamp + valid signature)

    2. Manual Resolution (Human Override)

    await HumanOS.Passport.resolveConflict({
  conflictId: "conflict-abc123",
  resolution: 'manual',
  selectedVersion: 'device-b-version', // Human chooses
});

    Security Considerations

    DO:

  • Use at least 2-of-3 threshold (never 1-of-1)
  • Immediately revoke lost/stolen devices from remaining devices
  • Store encrypted backups in your cloud (not HUMAN's)
  • Regularly rotate device keys (annually recommended)
  • Use biometric authentication on each device (local protection)

    • DON'T:

  • Enroll untrusted devices (e.g., public kiosks, shared computers)
  • Use 1-of-1 threshold (no recovery if device is lost)
  • Share device keys across devices (each device = unique key)
  • Skip device revocation when upgrading (revoke old device first)
  • Disable encryption for "convenience"

    • Privacy by Design

    HUMΛN never sees your Passport data:

    ComponentWho ControlsWhere StoredHUMΛN Access
    Passport DataYouYour device + Your cloud❌ No
    Device KeysYouYour devices (Secure Enclave)❌ No
    Vault Encryption KeyYouSplit across devices (threshold)❌ No
    Sync MetadataYouYour cloud provider❌ No
    HUMΛN only knows:
  • Public keys (for verification, publicly available)
  • Ledger anchors (public blockchain data)

    • We cannot:

  • Read your Passport data
  • Impersonate you
  • Access your vault
  • Revoke your devices (only you can)

    • Seamless Login

    Authenticate on any device without re-entering credentials

    Device Loss Recovery

    Recover identity using remaining devices if one is lost or stolen

    Enterprise Mobility

    Employees access company resources from multiple trusted devices

    Agent Deployment

    Deploy agents across distributed infrastructure with consistent identity

    DO

    Use threshold authentication (N-of-M devices) for critical operations

    Encrypt all sync data before uploading to cloud storage

    Implement device attestation to prevent unauthorized enrollment

    Enable automatic device revocation for lost/stolen devices

    DON'T

    Store unencrypted private keys in cloud storage

    Allow single-device recovery without multi-factor verification

    Skip conflict resolution - handle concurrent device updates

    Trust device enrollment without physical confirmation

    ← All PatternsLearn about passport