Skip to content

The Gate II

How UCCA Built a Cryptographic Contact Ledger by Accident

Internal Document — Not For Distribution

12 March 2026

The Night It Happened

It started as a form.

We needed a way for investors to register interest in UCCA. Simple enough — name, email, phone, submit. But somewhere between the first brief and the teletype receipt, something else emerged. Not a form. Not a CRM. Something that had never quite existed before.

This is the story of how we got there and what it means.

The Problem With Forms

Every investor portal, every compliance SaaS, every RTO platform has a form. You fill it in, you get an email, maybe a PDF. The organisation has your details. You have nothing. No proof you contacted them. No proof they received it. No timestamp you can independently verify. No chain of custody.

For most industries this doesn't matter. For the industries UCCA serves — defence, aviation, medical, nuclear, enterprise compliance — it matters enormously. In these sectors, the record of contact is as important as the contact itself. Who knew what, when, and can they prove it.

We weren't trying to solve this problem. We were trying to build a form.

The First Insight: The Receipt

The first shift happened when we asked: what does the person on the other side actually receive?

An email confirmation feels weak. A PDF feels bureaucratic. Neither feels like the gravity of the moment — a contact with an organisation that holds cryptographically signed records of interaction.

So we built a receipt. Not a UI confirmation. A receipt. Monospace. Black screen. The kind of thing that comes out of a machine that means business.

And then we asked: what kind of machine?

The answer arrived immediately: a teletype. RS-232. Non-synchronous serial. Data arriving down the line when it arrives. The machine doesn't apologise for the pauses. The cursor blinks. You wait. Another line comes.

The cadence was the insight. The pauses aren't theatre — they're honest. The machine is actually doing something between each line. Verifying. Confirming. Signing. The teletype renders the work in real time.

The Second Insight: The Tape Never Resets

Once we had the receipt, we asked: what happens when they come back?

A receipt is a moment. A ledger is a relationship.

The punch tape doesn't reset. Every time the contact returns, more lines print. The tape grows. Each interaction appends to the record. The machine remembers everything, in order, and shows you where you stand.

12 MAR 2026  registered via ir.ucca.online
12 MAR 2026  hash generated
12 MAR 2026  endpoints confirmed
12 MAR 2026  endpoints verified
14 MAR 2026  review initiated
14 MAR 2026  trust level 1 assigned

This is a living document. Not a static receipt. Not a database record that only UCCA can see. A shared ledger that both parties can read, that neither party can alter, that grows with the relationship.

The Third Insight: The Chain

If the tape is a ledger, every line needs to be provably real.

The question was: how do you make a ledger entry tamper-evident? How do you prove that the record of contact on March 12 hasn't been altered, backdated, or fabricated?

The answer was already in the codebase. We had a signing secret. We had hash functions. We had timestamps.

What we needed was to chain them.

Each new ledger entry produces a hash derived from the previous entry's hash, the event type, and the timestamp. Change any entry and every subsequent hash breaks. The chain either verifies or it doesn't. No partial truth. No ambiguity.

ca120eae  ← root: contact registered
├─ 3ff44dfb  ← hash generated (derived from ca120eae)
├─ 9a1bc234  ← endpoints verified (derived from 3ff44dfb)
└─ 2c445def  ← trust level 1 (derived from 9a1bc234)

This is a Merkle chain. It is the same mathematical principle that makes blockchain tamper-evident, without the consensus overhead, without the public ledger, without the gas fees, without the speculation. Just the cryptography. Just the proof.

Two parties. Two keys. One chain.

The Fourth Insight: Dual Custody

A chain that only UCCA can read is an internal audit log. Useful, but not transformative.

The question became: what if the contact holds a key too?

UCCA generates two keys at registration. UCCA holds one. The contact receives the other — delivered once, to their verified endpoint. Neither key alone reveals the chain. Both keys must combine to render the full ledger.

This is the two-man rule. Dual custody. The same principle that governs nuclear launch authorisation, classified document access, and high-value financial transactions. Applied to a contact record.

The contact's key lives in their device keychain. It is unlocked by their biometrics — Face ID, Touch ID. To verify their record, they look at their phone. The app combines the keys silently. The chain renders.

No password. No typing. No searching through emails for a code. One look. The machine does the rest.

The Fifth Insight: The Show

We almost stopped at the cryptography. We almost made it functional and invisible — a backend process that produced a certificate.

But the question kept nagging: what does the moment feel like?

The contact taps a link. The UCCA Authenticator opens. Their phone asks for Face ID. They look. And then — the teletype fires.

UCCA AUTHENTICATOR
------------------------------
INITIALISING.▌

...

CONTACT   Tim Smith▌
ROOT      ca120eae▌

...

CHAIN VERIFICATION▌

...

COMPUTING.▌

...

CHAIN INTACT. ✓▌

...

LEDGER
------------------------------
ca120eae  12 MAR 2026  registered via ir.ucca.online▌
3ff44dfb  12 MAR 2026  endpoints confirmed▌
9a1bc234  12 MAR 2026  endpoints verified▌
2c445def  14 MAR 2026  trust level 1 assigned▌

------------------------------
TRUST     LEVEL 1 — VERIFIED▌

[QR CODE]

### RECORD CURRENT

The pauses are not fake. Between each line, the app is recomputing the chain hash by hash, confirming K1 is valid, logging the access event. The RS-232 cadence is the actual processing time rendered honestly.

They show it to the person next to them. "Look at this." The other person can scan the QR and independently verify the root record. The moment is theirs to share. The cryptography is underneath, invisible, doing its job.

What This Actually Is

We set out to build a form. We ended up building something else.

UCCA VCC — Verified Contact Chain — is a dual-custody cryptographic contact ledger delivered through a teletype interface unlocked by biometrics.

It is not a blockchain. Blockchain is slow, expensive, public, and requires consensus. VCC is faster, cheaper, private, and requires only two parties.

It is not a CRM. A CRM is a tool for the organisation. VCC is a shared record for both parties.

It is not a digital signature. A signature proves a document. VCC proves a relationship — every interaction, in order, chained, verified.

It is not a receipt. A receipt is a moment. VCC is a living document.

Who This Is For

Defence procurement. The chain of contact with a vendor is as important as the contract itself. Who knew what, when, and can they prove it without relying on the vendor's own records.

Aviation safety. Competency verification requires a provable chain — training completed, assessed, signed off, not altered. The assessor holds one key. The authority holds the other.

Medical credentialing. A practitioner's contact with a certifying body, their verification of competency, their standing at any point in time — all chained, all verifiable, all held in dual custody.

Enterprise compliance. The Annual Declaration on Compliance, the interaction with the regulator, the acknowledgement of standards — provable, chained, not reliant on a single party's records.

Investment. The contact with the investor, the NDA, the diligence process, the decisions made along the way — all in the chain. Both parties have a key. Neither can alter the record.

The Door

In an earlier document — The Gate — we described UCCA's competitive substrate: 15,202 atomic competency units from the Australian TGA, unreplicable, deterministic, the foundation of a verification infrastructure.

VCC is the door on top of that gate.

The gate tells you what competency looks like. VCC tells you who touched it, when, and what happened next. Together they form a complete system — from the definition of capability to the proof of contact with the people who hold it.

Every entry point into UCCA creates a root hash and starts a chain. Every surface — ir.ucca.online, ucca.online, rtopacks.com.au, a QR code at a conference, an NFC tap on a certificate — produces a verifiable, chained, timestamped record from the first moment of contact.

The name was right all along. Universal Capability Certification Authority. Every capability, every contact, every interaction — chained back to a root moment that cannot be altered.

We built it in a garage in Brisbane. Over wine. On a Thursday night.

What Comes Next

Phase 1 — Chain infrastructure live in engine-db. Auto-events wired to registration and verification. Keys card redesigned. Chain verification endpoint on ucca-keys.

Phase 2 — K2 generation and delivery. Dual-custody model live. Contact holds their key from day one.

Phase 3 — UCCA Authenticator. Native iOS. Face ID. The teletype on device. The full show.

Phase 4 — The whitepaper. Public. The Gate + The Gate II. The technical proof and the product story together.

Phase 5 — The conversation with Sepofitti Capital. With the defence procurement officer. With the aviation authority. With whoever needs to know that the record they're looking at is real.

This document is internal. It is not the whitepaper — it is the story behind the whitepaper. It exists so that when someone asks how we got here, we can tell them honestly: we were trying to build a form.

Classification: Internal Author: Tim Rignold + Claude (Anthropic) Date: 12 March 2026 Location: Brisbane, Australia