Abstract
This document discloses, enablingly and in full, a method and system for metering and billing a digital resource that is stored only on an end-user's own device, while the authoritative meter, entitlement checks, and invoice-generation remain on a server-side billing spine that never receives the resource's plaintext or ciphertext. The server persists, per usage event, exactly one artifact: an idempotent usage row whose quantity is a COUNT (a number of documents, ingest units, or retrieval units), never bytes of content, never a title, never an embedding. Exactly-once accounting under retries and cross-tenant safety under untrusted client input are obtained by a dedupe key namespaced by the server-resolved entitlement identifier, library::, combined with a globally-unique dedupe-key constraint on the store. A configurable meterfailpolicy — closed (default), bounded, or legacy open — guarantees a metering-spine outage never grants unbounded unbilled units. A provenance tag delimited by ':' (never '.') guarantees the event provenance can never parse as a schema-qualified table reference. The construction is disclosed with clean-room, dependency-free, offline-runnable reference code. It is published to establish prior art and thereby bar third parties from patenting the mechanism.
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Assuncao, gustavo matthew, "Counts-Only Entitlement Metering for Client-Encrypted Local-First Stores with Entitlement-Namespaced Dedupe and Bounded-Outage Fail Policy", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/10955