TrueSign
Platform

A vertically integrated authorization platform.

TrueSign is purpose-built to satisfy the controls expected by Tier-1 banking, federal evaluation, and defense supply-chain integration.

I

Hardware-bound keys

Private keys generated and held inside Secure Enclave, TPM 2.0, or FIPS-validated HSM. Non-exportable, attested, bound to device identity. Compromise of the host operating system does not yield key material.

II

Canonical intent encoding

Each authorization is serialized into a deterministic canonical intent message. Identical inputs produce identical hashes. The signed payload describes exactly what is being authorized: instrument, counterparty, amount, currency, policy context, and time bounds.

III

Policy engine

Server-side policy evaluation at sign-time. Limits, segregation of duties, dual control, geofencing, time windows, anomaly signals, and external compliance hooks. Policies are declarative, versioned, and auditable.

IV

Immutable audit ledger

Append-only, hash-chained ledger of every request, signature, decision, and receipt. Designed for SOC 2, ISO 27001, and regulator inspection. Optional notarization to external witnesses.

V

Cryptographic receipts

Each completed authorization produces a verifiable receipt usable across counterparties, payment rails, and reconciliation systems. Receipts establish non-repudiation independent of TrueSign infrastructure.

Deployment topology

Single-tenant, on-premise, or sovereign cloud.

TrueSign is deployable inside customer infrastructure for institutions with data residency, sovereignty, or air-gap requirements. Reference deployments include single-tenant cloud, regional sovereign cloud, and customer-operated on-premise.

┌──────────────────┐ canonical intent ┌──────────────────┐
│ Originating sys. │ ──────────────────────▶ │ TrueSign core │
└──────────────────┘ │ • policy engine │
 ▲ │ • verifier │
 │ receipt + decision │ • audit ledger │
 └────────────────────────────────── └────────┬─────────┘
 │
 intent message ▼
 ┌──────────────────┐
 │ Bound device │
 │ Secure Enclave │
 │ TPM 2.0 / HSM │
 └──────────────────┘
Platform documentation

Detail by domain.

Technical Architecture

Component topology, trust boundaries, key custody model.

Integration

SDKs, APIs, webhook contracts, deployment patterns.

Security Architecture

Threat model, key custody, cryptographic primitives.

Post-Quantum

Hybrid signature roadmap and CNSA 2.0 alignment.

Performance & Scale

Throughput, latency, and regional topology.