Question 1

How does AI merchant verification work?

Accepted Answer

RegisteredBrands.AI verifies merchant identity through 7 automated checks: DNS domain ownership, USPTO trademark verification, GLEIF business entity validation, SSL/DMARC/SPF domain signals, SAM.gov/SEC EIN cross-referencing, document analysis, and community reputation. Results are packaged as Ed25519-signed Brand Capsules that AI agents can verify in milliseconds.

Question 2

What is a Brand Capsule?

Accepted Answer

A Brand Capsule is a machine-readable, cryptographically signed identity credential for a brand. It contains verified information about the brand's domain, business registration, trademarks, and trust score. AI agents use Brand Capsules to verify merchant identity before committing to transactions.

Question 3

Can AI agents verify brands offline?

Accepted Answer

Yes. Brand Capsules are signed with Ed25519 keys. The public key and signature travel with the credential, so agents can verify authenticity without calling the RegisteredBrands.AI API. This enables offline verification in air-gapped or latency-sensitive environments.

Question 4

What is the difference between a directory-listed and an owner-verified brand?

Accepted Answer

Directory-listed brands are compiled from publicly available data and have not been claimed by their owners. Owner-verified brands have been claimed by the brand owner, who has proven domain ownership via DNS TXT record anchoring. Only owner-verified brands can achieve Verified or higher trust tiers.

Question 5

Is RegisteredBrands.AI a government certification body?

Accepted Answer

No. RegisteredBrands.AI is a private trust registry operated by RootVaultAI LLC. Trust scores are informational indicators compiled from publicly available data sources. Similar to Dun & Bradstreet or the Better Business Bureau, our assessments represent independent analysis, not government endorsement or certification.

Threat	Mitigation
Capsule impersonation	Ed25519 signatures + domain anchoring. Agents verify the capsule's public key matches the domain's DNS TXT record.
Entitlement forgery	Entitlement tokens are signed by the platform's Ed25519 key. Agents verify the signature against the published issuer_public_key.
Receipt tampering	Receipts carry detached Ed25519 signatures over canonical JSON. Any modification invalidates the signature.
Replay attacks	Verification responses include a unique nonce and timestamp. Entitlements have expiry dates and credit caps.
Key compromise	Key rotation via .well-known/rb-merchant.json. Old signatures remain valid but new issuances use the rotated key.
Trust score manipulation	Scores are computed server-side from verified data. Community flags require a verified capsule to submit.
Payment fraud	USDC payments are verified on-chain. Payment intents expire after 30 minutes.

Security Architecture

Cryptographic Foundation

Ed25519 Signatures

Domain Anchoring

Key Fingerprints

Threat Model

Infrastructure Security

Data at Rest

Data in Transit

Audit Logging

Responsible Disclosure

Found a Vulnerability?