The Trust Spine

One signed receipt, recognized across the whole suite.

Every verification, security, and provenance edition ends its work the same way — it stamps a tamper-evident receipt and hands it to you. Instead of each app inventing its own signing, the Trust Spine signs once, centrally. So a receipt from any edition verifies the same way, against the same public endpoint, under one mark: Verified by Integrity Alliance. That shared trust mark is what turns forty products into one system.

See it work

Issue a real signed receipt, then verify it. Tamper with a single character and watch the signature catch it — the guarantee is the math, not our word.

1 · An edition issues a receipt

Product (edition id)

Subject checked

Verdict

2 · Anyone verifies it

Receipt token

What gets a receipt

◆Reputation Verify → a trust report on a claim or counterparty

◆Discern Pro → a verdict that media is human, not synthetic

◆Provenance Press → proof an asset is authentic and unaltered

◆VerifyPro → a counterparty diligence result

◆ShieldScan Corporate → an exposure-reduction attestation

◆Harbor Vetting → a completed vetting packet seal

How it’s built

A compact, JWS-style token — the receipt’s claims, plus an HMAC-SHA256 signature over them. Verification is a constant-time signature check; nothing in the receipt can change without breaking it. Dependency-free Node crypto, so the same module drops into any edition’s server. Endpoints: POST /api/receipt to issue, GET /api/verify?token= to verify.