Abstract

This publication discloses methods and systems for determining the derived committed status of sealed decision records by computing that status from the existence and verification of execution proofs rather than reading a stored mutable status value. In one embodiment, a sealed decision record is stored in a tamper- evident immutable record store without any mutable value indicating whether execution has occurred, and committed status is derived at the time of a status query by checking whether a valid execution proof exists in a separate proof store and passes multi-condition verification. The elimination of mutable status values structurally prevents status manipulation attacks — scenarios in which committed status is asserted or modified without execution actually occurring. In one embodiment, verification of an execution proof includes multiple independent conditions such as proof authenticity verification, proof-to-record correspondence checking, and execution fidelity checking, and all conditions must pass for committed status to be derived. In one embodiment, the execution proof is generated at an execution boundary component — a component that directly performs actions on external systems — ensuring that proof generation authority is limited to the point where execution actually occurs. Sealed decision records and execution proofs are stored separately, with status determined by joining across the two stores and verifying cryptographic binding between the artifacts, preventing committed status from being asserted by modifying either store independently. The disclosed approach parallels non-repudiation mechanisms in digital transaction processing, where confirmation of an action is derived from cryptographic evidence rather than a mutable ledger entry. In one embodiment, stable execution identities support idempotent execution patterns with settlement finality characteristics, ensuring correct status derivation across retry attempts. The specific verification mechanism, storage architecture, cryptographic algorithm, proof data structure, and verification timing strategy are not prescribed.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Download

Share

COinS