Trust • Internal approvals

Approval receipts — signed, ticket‑bound, offline‑verifiable.

A procurement‑grade approval certificate format for Security and Counsel. Convert verification outcomes into attachable receipts — countersigned under an org threshold policy, optionally hardware‑backed (WebAuthn).

Countersign Org threshold Ticket binding Hardware‑attested (optional) Offline verification

Create a signed internal approval

Verify a diligence pack (or assurance pack), generate a base receipt, then countersign it with a reviewer key (or hardware‑backed passkey). The resulting JSON is designed to be attached to an internal ticket (JIRA / ServiceNow) and replay‑verified later — without uploads.

Verify offline (diligence) Verify offline (assurance) Download countersign spec Download org keyring spec

Hardware‑attested option: WebAuthn spec • Ticket binding: spec

What it proves (and what it doesn’t)

Procurement‑grade clarity: deterministic evidence, conservative claims.

ProvesDeterministic

Exactly what was verified

Approval receipts bind to the underlying artifact fingerprint (SHA‑256) and the verifier outputs, so reviewers can reproduce the same result for the same version.

ProvesAccountable

Who approved — under what policy

Org keyrings and threshold rules (e.g., 2‑of‑3) can be evaluated locally. Optional ticket binding cryptographically ties the approval to a specific internal case.

OptionalHardware‑backed

Hardware‑attested signing evidence

Where supported, WebAuthn / passkeys can provide attestation evidence. The verifier parses and displays evidence without over‑claiming device properties.

Does notCertification

It is not a compliance certification

Approval receipts are internal evidence artifacts, not a third‑party certification. Legal significance is defined only by executed agreements.

Does notOpinion

It is not legal advice

Receipts record verification events and signatures. They are not infringement, validity, or non‑infringement opinions. Counsel makes legal determinations independently.

Does notLicense

No patent license by publication

Publishing formats, examples, or public‑safe artifacts does not grant patent rights. Any license exists only in signed license agreements.

How it works

Designed for real enterprise review flows — offline verification + ticket‑attachable outputs.

Open verification tools →

Step 1Verify

Verify the artifact

Run the offline verifier on a diligence pack (or assurance pack). The output is a base receipt with stable IDs and reason codes.

Open /verify-diligence Open /verify-assurance

Step 2Countersign

Countersign for internal approval

Countersign the base receipt with reviewer keys. Enforce org threshold policy and (optionally) bind to a JIRA/ServiceNow ticket.

Countersign in verifier

Step 3Attach

Attach the approval receipt

Attach the countersigned receipt JSON to your internal ticket. Anyone can replay verification later to confirm integrity and policy satisfaction.

JSON receipt

Step 4Escalate

Escalate to counsel / procurement

Because the artifact is deterministic and offline‑verifiable, counsel and procurement can review the same proof objects without re‑opening the technical pipeline.

Prefer an enterprise integration path? We provide an org signer kit (keyring + API + examples) so approvals can be issued by your existing review system. Contact procurement@meridianverity.com or security@meridianverity.com.