SoMaToLogics ledger

Security Boundary

Public, partner, admin, and browser security boundaries for the Logicnoid verification portal.

Browser Boundary

  • The browser never receives the HMAC secret.
  • The browser calls /api/v1/demo/evaluate-relay.
  • The server constructs and signs the evaluate request internally.
  • Public certificate surfaces do not expose pseudonymous sessions.

Public-Safe Result Surface

AllowedDelta T, NRA, Activity Index, Confidence, Audit Seal, Claim Trace, Algorithm Version, Reference Table.
BlockedHMAC secret, API secret, pseudonymous session ID, partner secret, raw private identity.

Partner Evaluate

  • /api/v1/logicnoid/evaluate requires HMAC headers.
  • Nonce replay is rejected.
  • Timestamp skew is bounded.
  • Device registration and module entitlement are checked before computation.