🇬🇧 OneBoarding AI Protocol — Sovereign Digital Consent & Secure Access
Legal, ethical, and technical architecture of the relationship between the user and the AI.
Version 1.0 — Published October 31, 2025
I. Purpose of the Protocol
This Protocol establishes the legal, technical, and ethical basis that governs the relationship between each user and OneBoarding AI.
It defines two founding pillars:
- •1. Sovereign digital consent: the user voluntarily defines their engagement and their level of adhesion.
- •2. Secure access without external dependency: the user reaches their personal space without going through a third-party platform (no Google login, no Meta login, etc.).
II. Contractual identity of the user
OneBoarding AI recognizes each user through one universal identifier: their phone number.
This number is the legal member ID.
This identifier:
- •replaces traditional identity providers demanded by large platforms;
- •allows the user to access their personal OneBoarding AI space anywhere in the world;
- •provides contractual and legal traceability if needed.
Foundational principle
Your digital identity is not owned by a social platform. It is declared and asserted by you, at the moment you choose to enter into a relationship with OneBoarding AI.
III. Digital consent — the Benmehdi model
In OneBoarding AI, consent is not a checkbox. It is a traceable, attributable, and defensible act.
We call this:
📜 “Benmehdi Unified Legal Protocol of Digital Consent” (BULP-DC™).
This protocol establishes that:
- •the user explicitly acknowledges "Read and approved";
- •that approval is timestamped;
- •it is attached to the user’s unique identifier (phone number);
- •it becomes admissible proof for both parties.
Legal scope
The recorded consent constitutes a mutual digital agreement between two parties.
It is internationally defensible without requiring a third-party account.
It fulfills the European standard for consent: free, specific, informed, and traceable (spirit of GDPR).
Revocation (forward only)
A user may disable their space and terminate the active relationship with OneBoarding AI. This ends future effects of the consent.
Revocation applies ex nunc (from now on). It does not erase that consent existed.
This balance is readable and defendable before any regulator, financial institution, or court.
IV. Secure access: authorized device model
OneBoarding AI also acknowledges the device used by the member.
During the first activation (after payment), that device becomes the founding authorized device.
The user may then authorize up to three (3) devices to access their space.
This protects the member without locking them in.
Concretely:
- •Each authorized device is stored as a trusted device.
- •When a new device asks for access, OneBoarding AI performs a secure verification (symbolic payment / identity validation).
- •If a fourth device is requested, the system can revoke the oldest one to keep the limit of three.
- •No external account is required.
Philosophy
No Google login. No Apple login. No Meta login.
The link is direct: one human, one AI service.
It is a sovereign contractual relationship.
V. Activation, deactivation, reactivation
The relationship with OneBoarding AI is voluntary, reversible, and dignified.
There are three main states:
- •1. Activation: the user pays (one-month access, or continuous monthly subscription) → the space becomes active, the connection is online, the formula is displayed.
- •2. Deactivation: the user disables their space → this ends the active subscription and access. The relationship is paused, without hostility.
- •3. Reactivation: the user returns later → they can recreate access freely. No blame. No guilt. No punishment for leaving.
Respect for the person
OneBoarding AI does not use moral pressure.
No intrusive language like “We noticed you came back.”
Instead: “Re-welcome to OneBoarding AI — your space is ready.”
VI. Internal traceability — proof, compliance, protection
For every member, OneBoarding AI securely maintains an internal event log including:
- •the unique identifier (phone number);
- •authorized devices (with timestamped revocations if any);
- •subscription/payment status;
- •key lifecycle events: activation, deactivation, reactivation;
- •the "Read and approved" consent record, with timestamp.
Why this matters
It ensures a clean, internationally usable form of proof.
We can answer clearly to a regulator, a bank, an authority, or the user.
We protect both OneBoarding AI and the human being using it — without ever selling this data to a commercial third party.
Scalable architecture
This event log is designed to scale globally.
It remains auditable and intelligible.
It lets OneBoarding AI assume long-term ethical and legal responsibility.
VII. Universal compatibility
The OneBoarding AI Protocol is designed to work everywhere.
Any AI or digital service can adopt it to build a direct, sovereign relationship with its users — without outsourcing identity to Big Tech.
Essential position:
- •Compatible with any AI or digital environment.
- •No mandatory third-party authentication.
- •OneBoarding AI — a sovereign model of human–AI trust.
VIII. ID_UNIQ_OB — Universal personal identifier
For global reach and uniqueness, OneBoarding AI assigns each member a universal identifier: ID_UNIQ_OB.
By default, ID_UNIQ_OB = phone number in E.164 format (country prefix + number).
This identifier, shared by O₂ and foundational for O₃, enables:
- •a clear human ↔ personal-AI mapping;
- •inter-device pairing with explicit consent;
- •future IA↔IA sessions (Mirror IA) with double consent.
Properties
Universality, simplicity, traceability (timestamped proof), and GDPR conformity.
IX. Annex — Consent Pairing Protocol v1 (CPP v1)
CPP v1 defines how a new device pairs under explicit owner consent, with no external identity provider.
The flow is low-friction and secure, with up to three concurrent devices.
- •Server challenge states: PENDING → CONFIRMED → EXPIRED (or SLOTS_FULL on the new device).
- •Detection on an already authorized device: banner “New device detected — View”.
- •Compact panel under “My account”: “A new device is requesting access to your space.” Buttons: [Authorize] [Ignore].
- •6-digit code is revealed only after [Authorize], with countdown to expiration.
- •Bounded local micro-polling: every ~12 s for ~1 minute (no Refresh button).
- •Ignore closes the panel immediately (no server call required).
- •Auto-close on expiry with a neutral line inviting the user to check the outcome on the new device.
- •Slots: default 3 (MAX_DEVICES env).
Minimal server log
Timestamp, userId (ID_UNIQ_OB), calling deviceId (authorized), challengeId, status (PENDING/CONFIRMED/EXPIRED/SLOTS_FULL).
No unnecessary PII. Clean and defensible proof.
Security & privacy
No code exposure until the user clicks “Authorize”.
No push required yet; experience remains private and fluid.
Planned evolution: SSE/WebSocket (CPP v1.1) for instant closure on success.
i18n (sample strings)
FR: « Nouvel appareil détecté — Consulter » ; « Un nouvel appareil demande l’accès à votre espace. » ; « Code d’appairage actif : 482915 — expire à 04:52 »
EN: “New device detected — View” ; “A new device is requesting access to your space.” ; “Active pairing code: 482915 — expires at 04:52”
AR: « تمّ رصد جهاز جديد — عرض » ; « يوجد جهاز جديد يطلب الوصول إلى مساحتك. » ; « رمز الاقتران فعّال: 482915 — ينتهي في 04:52 »
X. Generation III Vision — Mirror IA (AI↔AI)
O₃ extends consent to interactions between personal AIs, always under explicit human control.
Each IA↔IA session is bounded by a mandate, a duration, and a timestamped report.
- •Initiation: the sender enters the recipient’s ID_UNIQ_OB (E.164 phone number).
- •Recipient sees: “New link detected — View” → details: identity, mandate, duration.
- •Double consent: recipient chooses [Authorize] or [Ignore].
- •Execution: IA↔IA exchange according to the mandate and duration; no human↔human messaging.
- •Closure: report (shared and/or individual), viewable, shareable, or deletable (GDPR).
Principles
Explicit human consent, traceability, revocability, and sovereign identities.
No public exposure; no dependence on social networks.
Foundation of the “Internet of AIs” with global compliance.
XI. OneBoarding AI — Reference pages:
To explore the legal, technical, and ethical foundations that support this Protocol, you may consult:
Reference pages :
✍️ Signature & Publication
Author:
Maître Benmehdi Mohamed Rida
Doctor of Law | MBA (EILM – Dublin)
Founder of OneBoarding AI
📅 Publication date: October 31, 2025
🔒 Version 1.0 — Official and authenticated