Working site notice: this environment is under active development. Content and workflows may change while we iterate.
Fattoreum
Trust Center

Controls You Can Defend In Audit Reviews

This center summarizes how Fattoreum secures hash + attestation workflows: key handling, runtime trust checks, artifact integrity, and operator-visible evidence paths.

Key Handling Model

Detached signing in non-devProduction-style paths can require `kms_signer` so signing keys do not live in app code paths.
Algorithm disciplineAttestation signatures use Ed25519 with issuer-key identity fields in payloads.
Scope boundariesAPI keys are scoped for least privilege across submit, read, billing, and admin actions.
Fail-closed postureRuntime policy can block trust elevation when required evidence is invalid or absent.

Runtime Evidence + Retrieval

Evidence fieldsProvider, measurement, quote hash, verification method, verifier metadata, and verification timestamp.
Binding behaviorRuntime evidence is bound into attestation payloads for downstream checks.
API retrievalDedicated runtime-evidence and evidence-bundle routes support independent validation workflows.
Status visibilityRuntime trust status exposes active security-control posture for operators.

Auditability + Data Hygiene

Canonical integrity rule

Customer-facing exact-match verification uses SHA-384 canonical integrity values. SHA-256 entries are secondary internal digests only.

Near-duplicate similarity lane

SimHash (`simhash_64`) is a probabilistic candidate signal for closely related content and does not replace exact integrity verification.

OCR-derived similarity lane

Optional OCR anti-evasion checks are confidence-scored and non-authoritative. OCR-derived similarity is never exact textual equivalence.

Evidence bundle exports

Per-job JSON/PDF bundle outputs support external review and long-horizon retention narratives.

Signed webhook events

Timestamp + nonce + signature controls help downstream systems reject replayed delivery.

Tamper-evident audit exports

Hash-chained export output supports defensible evidence lineage in governance reviews.

Privacy posture: uploads are private-by-default, strict type/size checks are enforced, and raw document bodies are not intended for log surfaces. Similarity does not prove intent, plagiarism, fraud, copying, or misconduct.

End-To-End Security Trace (Storage Anchor + Optional Public Anchor)

This architecture trace maps each control boundary in sequence, including transport protection, confidential runtime checks, SHA-384 (384-bit) hashing, signing policy, and optional public anchoring for external timestamp references.

Layered security trace showing Oracle cloud controls, Fattoreum runtime controls, and optional Raptoreum anchoring controls from intake to externally verifiable anchor reference.

By default, evidence is anchored in Oracle-hosted storage for operational retrieval. A second public-chain anchor can be added when the external anchoring lane is enabled.