◎ OS PUB Apache 2.0 ← All specifications

P244 — AIEP — Federated Trust Attestation Hardware Path

Applicant: Neil Grassby Classification: Patent Application — Confidential Priority: Claims priority from GB2519711.2 filed 20 November 2025 Architecture Layer: AIEP Phase 2 Hardware Security Layer

Framework Context

[0001] This specification operates within an AIEP environment as defined in GB2519711.2 and GB2519798.9. The present specification defines the hardware attestation path used by the Federated Trust System (P229) to provide remote nodes with cryptographic proof of the integrity of the local AIEP software and hardware stack.

Field of the Invention

[0002] The present invention relates to hardware-level remote attestation for federated AI deployment trust establishment.

Background

[0003] Remote attestation is well-established in trusted computing. The present invention adapts and extends trusted platform module (TPM) attestation concepts specifically for the requirements of AIEP federated trust establishment, including attestation of the AIEP governance enclave (P242), the evidence ledger engine, and the active governance policy hash.

Summary of the Invention

[0004] The invention provides a Federated Trust Attestation Hardware Path (FTAHP) comprising: an attestation measurement engine that records the hash of each software layer of the AIEP stack at load time into Platform Configuration Registers (PCRs); a specialised AIEP attestation record extending standard TPM quote reports with AIEP-specific fields; and an attestation response generation module that produces a complete signed AIEP attestation report for submission to remote trust evaluators.

[0005] AIEP-specific attestation fields include: the governance enclave measurement (P242); the governance policy hash committed at enclave initialisation; the evidence ledger engine version; the CWSG storage engine version; and the active firmware version of the deterministic simulation coprocessor (P241) if present.

ASCII Architecture

AIEP Stack Boot Sequence
         |
         v
+------------------------------------------+
| FTAHP - Attestation Measurement Engine   |
|                                          |
|  Measure: OS layer                      |
|  Measure: AIEP runtime                  |
|  Measure: Governance enclave (P242)     |
|  Measure: Governance policy hash        |
|  Measure: Ledger engine version         |
|  Extend PCRs                            |
+-------------------+----------------------+
                    |
          Attestation Request (P229)
                    |
                    v
+------------------------------------------+
| Attestation Report Generation Module     |
|  Standard TPM Quote + AIEP extension    |
|  Signed with attestation identity key   |
+-------------------+----------------------+
                    |
                    v
   Signed AIEP Attestation Report
   → Federated Trust System (P229)

Detailed Description

[0006] Measurement Sequence. During system boot, the FTAHP measures each layer of the AIEP software stack in sequence: bootloader, operating system, AIEP core runtime, governance enclave, and governance policy document. Each measurement is a SHA-256 hash extended into a Platform Configuration Register.

[0007] AIEP Attestation Record. The attestation record extends the standard TPM quote structure with a signed AIEP extension block containing the governance policy hash, ledger engine version, and DSC firmware hash. This extension is signed under the same attestation identity key as the base quote.

[0008] Report Verification. A receiving node verifies the report by: checking the TPM signature against the manufacturer’s certificate; verifying PCR values against the expected AIEP software stack hashes; and checking the governance policy hash against its compatibility list.

Technical Effect

[0009] The invention enables federated AIEP nodes to establish mutual trust based on cryptographic evidence of software stack integrity, deployed governance policy identity, and ledger engine version. By extending the TPM attestation record with a signed AIEP extension block, the hardware path provides governance policy commitment in the same cryptographic binding as software integrity, preventing an adversary from deploying a different governance policy while presenting a valid stack attestation. The governance policy hash compatibility check at the receiving node enables automatic policy divergence detection before federated evidence exchange proceeds.

Claims

  1. A method of generating and verifying AIEP-extended hardware attestation for trust establishment in a federated evidence-bound artificial intelligence system, comprising the steps of: (a) during system boot, measuring each layer of the AIEP software stack in sequence—bootloader, operating system, AIEP core runtime, governance enclave, and governance policy document—and extending each measurement as a SHA-256 hash into a Platform Configuration Register; (b) constructing an AIEP attestation record comprising a standard TPM quote over all PCR values and a signed AIEP extension block containing the governance policy hash, ledger engine version, and DSC firmware hash; (c) signing the AIEP extension block under the same attestation identity key as the base TPM quote, binding extension block and quote to the same cryptographic identity; (d) providing the attestation record to any requesting federated node; (e) at a receiving node, verifying the attestation report by checking the TPM signature against the manufacturer certificate, verifying PCR values against expected AIEP stack hashes, and checking the governance policy hash against the receiving node’s compatibility list before admitting the attesting node to the federation.

  2. The method of claim 1, wherein the governance policy hash recorded in the AIEP extension block is the SHA-256 hash of the compiled governance policy package produced by the Governance Policy Execution Compiler.

  3. The method of claim 1, wherein policy compatibility checking at step (e) includes verifying that the attesting node’s governance policy version is within the maximum allowable divergence from the verifying node’s current version.

  4. The method of claim 1, wherein attestation records are admitted to the evidence ledger as trust artefacts with full Merkle chain membership proofs.

  5. The method of claim 1, wherein re-attestation is triggered automatically when any measured stack component is updated, and previously admitted trust artefacts are superseded pending re-verification.

  6. A federated trust attestation hardware path for an evidence-bound artificial intelligence system, comprising: a TPM component maintaining PCRs loaded with AIEP software stack hashes during boot; an attestation record constructor producing a base TPM quote extended with a signed AIEP extension block; and a verification module at receiving nodes checking TPM signatures, PCR values, and governance policy hash compatibility.

  7. A computer-readable medium carrying instructions for implementing the method of any preceding method claim.

Abstract

A federated trust attestation hardware path for evidence-bound artificial intelligence extends standard TPM-based platform attestation with an AIEP extension block containing the committed governance policy hash, ledger engine version, and deterministic simulation coprocessor firmware hash, all signed under the same attestation identity key as the base quote. Receiving federated nodes verify both software stack integrity and governance policy compatibility before admitting an attesting node to the federation. The hardware path provides cryptographic evidence that governance policy commitment is part of the measured, tamper-evident software stack.

Dependencies

This specification is published as open-source prior art under the Apache License 2.0. Copyright 2026 Protocol Owner. Inventor: Protocol Architect.

Patent information · Licensing · All open specifications