On-Chain-Unlock

On-Chain Unlock (OCU) is the first trustless physical access control system built on Enjin Blockchain. Rather than producing its own hardware, OCU provides CoreSDK: a precompiled shared library for Linux ARM64 that hardware manufacturers link directly into their own firmware. The result is a complete ecosystem for sovereign physical access, where the NFT in a user's wallet is the cryptographic key to a door, a camera, a gate, or any other Linux-based access control device.

Moving Physical Access Control Onto the Blockchain

Traditional access control systems depend on centralized servers, credential databases, and vendors who hold permanent privileged access to the infrastructure. A compromised server is an open door. OCU removes that dependency entirely by moving all verification logic into the device firmware and using Enjin MatrixChain as the sole source of truth.

The choice of MatrixChain was driven by technical requirements. CoreSDK makes real-time on-chain RPC calls from resource-constrained ARM64 devices, which calls for a chain with accessible node infrastructure and a focus on long-term ecosystem stability over short-term throughput hype. Enjin's architecture is purpose-built for NFT and digital asset management, which lines up cleanly with OCU's firmware-level requirement for hardware-bound, non-clonable NFT keys. For a project whose devices need to last years in the field, the long-term reliability of the chain matters as much as its features.

NFTs as Tokenized Hardware Keys

The NFT in OCU is not a digital asset. It is the root of trust for a physical object. The firmware recognises one specific NFT ID on MatrixChain as the master admin key, and ownership of that NFT in a wallet is the only way to authorise commands on the device.

This binding works because the NFT ID is stored on a removable EEPROM chip inside the device, connected via I2C. The physical chip only accepts the matching digital key. Swapping the EEPROM means swapping the lock, which requires a new NFT issued by the manufacturer.

Authorisation itself happens through a local challenge-response loop. The device issues a one-time nonce, the wallet signs it with sr25519, and the firmware verifies the signature locally and checks NFT ownership directly on MatrixChain. No on-chain transaction is required, which makes every authentication gasless and instant for the end user.

The Triple Binding and the Logic Guillotine

OCU does not trust a single source of truth. Every authorisation requires the convergence of three layers: a unique serial number injected into the firmware binary, the hardware NFT ID stored on the removable EEPROM, and live on-chain verification of NFT ownership. If any one of these links breaks, the SDK refuses to close the circuit.

The local encrypted vault inside each device is keyed off all three layers, which makes it unreadable on any other device or with cloned firmware. When the SDK detects a binding mismatch, for instance when a new EEPROM is inserted to recover access after a lost wallet, it triggers what OCU calls a Logic Guillotine. The old vault is wiped before the new identity is initialised, so the previous owner's data and permissions are destroyed at the hardware level before any handover takes place.

If a device loses connectivity or the EEPROM is removed, the system falls back to a PIN mode that allows guest routes only. Admin authority cannot be exercised without the on-chain NFT.

Sovereign Delegation Without a Central Server

OCU eliminates the traditional Access Control List. The NFT holder, acting as admin, signs a delegation permit for a guest wallet, with optional time and weekly schedule constraints. The permit is stored inside the device's local vault. When a guest attempts access, the SDK verifies the guest's signature against the stored permit locally, with no server involved in the decision. No third party knows who the guests are. The delegation is a private agreement between the owner and the device.

Built for Manufacturers, Integrated by SDK

OCU's target is the hardware manufacturer building cameras, smart locks, enterprise access control, automotive systems, or smart building infrastructure. CoreSDK is written in C++17 and exposes a strictly defined extern "C" ABI. Manufacturers integrate it through a callback pattern, hooking their existing hardware functions into the SDK and querying it for a simple yes or no before any action is performed. The authorisation logic stays in its own isolated enclave, so even a compromise of the main application firmware leaves the security core intact.

A new manufacturer can typically port CoreSDK to their hardware in a few days. The complete ecosystem also includes a relay server, a license dashboard with integrated payments, and a dedicated wallet built in Flutter, C++, and Rust.

A Long-Term Bet on Trustless Infrastructure

By integrating Enjin MatrixChain, OCU offers something the IoT industry has not been able to deliver at scale: hardware that the manufacturer themselves cannot hack, spy on, or disable remotely. The cost of that freedom is the user's responsibility over their own keys. For high-stakes physical access, that trade is the point.

OCU is preparing a public test environment that lets integrators run the full authorisation flow in a simulated setup, without any of the physical components, so manufacturers can evaluate CoreSDK end to end before committing to a hardware integration.