Working site notice: this environment is under active development. Content and workflows may change while we iterate.
Fattoreum
Trust Center

Controls You Can Defend In Audit Reviews

This center summarizes how Fattoreum secures hash + attestation workflows: key handling, runtime trust checks, artifact integrity, and operator-visible evidence paths.

Key Handling Model

Detached signing in non-devProduction-style paths can require `kms_signer` so signing keys do not live in app code paths.
Algorithm disciplineAttestation signatures use Ed25519 with issuer-key identity fields in payloads.
Scope boundariesAPI keys are scoped for least privilege across submit, read, billing, and admin actions.
Fail-closed postureRuntime policy can block trust elevation when required evidence is invalid or absent.

Runtime Evidence + Retrieval

Evidence fieldsProvider, measurement, quote hash, verification method, verifier metadata, and verification timestamp.
Binding behaviorRuntime evidence is bound into attestation payloads for downstream checks.
API retrievalDedicated runtime-evidence and evidence-bundle routes support independent validation workflows.
Status visibilityRuntime trust status exposes active security-control posture for operators.

Auditability + Data Hygiene

Evidence bundle exports

Per-job JSON/PDF bundle outputs support external review and long-horizon retention narratives.

Signed webhook events

Timestamp + nonce + signature controls help downstream systems reject replayed delivery.

Tamper-evident audit exports

Hash-chained export output supports defensible evidence lineage in governance reviews.

Privacy posture: uploads are private-by-default, strict type/size checks are enforced, and raw document bodies are not intended for log surfaces.

End-To-End Security Trace (Storage Anchor + Optional Public Anchor)

This architecture trace maps each control boundary in sequence, including transport protection, confidential runtime checks, SHA-384 (384-bit) hashing, signing policy, and optional public anchoring for external timestamp references.

Layered security trace showing Oracle cloud controls, Fattoreum runtime controls, and Raptoreum anchoring controls from intake to immutable anchor.

By default, evidence is anchored in Oracle-hosted storage for operational retrieval. A second public-chain anchor can be added when the external anchoring lane is enabled.