PMFA Evidence Model

Cryptographic proof by design

PMFA creates evidence chains that are tamper-evident, cryptographically verifiable, and designed for legal accountability.

What is evidence?

In PMFA, evidence is a verifiable record that proves:

  • What happened
  • When it happened
  • Who did it
  • That it hasn't been tampered with since

Evidence is not just data. It's data plus cryptographic proof.

How evidence is created

1. Fact recording

Every action creates a fact. Each fact includes:

  • Event type and payload
  • Server-controlled timestamp (UTC, NTP-synced)
  • Authenticated actor (user or system)
  • Authority chain (role + permission)
  • References to prior facts (forming chains)

2. Cryptographic hashing

Each fact is hashed using SHA-256. The hash includes:

  • All fact data (timestamp, actor, payload)
  • The hash of the previous fact in the chain

This creates a blockchain-like structure: changing any past fact would invalidate all subsequent hashes.

3. Optional: External timestamping

Enterprise plans can integrate with certified timestamp authorities (TSA). The TSA:

  • Receives the fact hash
  • Adds a cryptographically-signed timestamp
  • Returns a timestamp token (RFC 3161)

This provides legally-recognized proof of when the fact was created.

4. Evidence chain construction

Facts that reference each other form chains. A chain represents the complete history of an entity (e.g., a work order, a policy).

Chain example: Work order #1042

f_001 (hash: a3f9...) → Work order created
f_002 (hash: b8e1..., prev: a3f9...) → Approved
f_003 (hash: c4d7..., prev: b8e1...) → Production started
f_004 (hash: e9a2..., prev: c4d7...) → Production completed
f_005 (hash: f1c8..., prev: e9a2...) → Invoice issued

Evidence verification

Anyone with an evidence export can verify its integrity:

Hash verification

Recompute the hash of each fact using the included data. If the computed hash matches the stored hash, the fact is intact.

Chain verification

Each fact includes the hash of the previous fact. Walk the chain backward, verifying that each "previous hash" matches the actual hash of the prior fact.

Timestamp verification (if TSA used)

Extract the timestamp token and verify it against the TSA's public key. This proves the fact existed at the claimed time.

Evidence exports

PMFA can export evidence chains in multiple formats:

PDF (court-ready)

Human-readable document with:

  • Chronological timeline of events
  • Actor names, roles, and timestamps
  • Embedded metadata (hashes, signatures)
  • Optional: TSA timestamp tokens

JSON (machine-readable)

Complete fact chain with all data and hashes. Can be imported into other systems or verified programmatically.

CSV (analysis)

Tabular format for importing into spreadsheets or BI tools.

Tamper detection

If anyone attempts to modify a fact after it's written:

  • The hash no longer matches the data → detected
  • The chain breaks (next fact's "previous hash" doesn't match) → detected
  • Timestamp token verification fails → detected

PMFA makes silent tampering impossible.

Legal admissibility

PMFA evidence is designed to meet legal standards for admissibility:

Authenticity

Cryptographic hashes prove the evidence hasn't been altered.

Reliability

Server-controlled timestamps prevent backdating. Actor authentication ensures identity.

Completeness

Evidence chains include the full history, not selective excerpts.

Understandability

PDF exports are formatted for human review, with clear explanations of technical elements.

Why this matters

In legal disputes, regulatory audits, or insurance claims, the burden of proof falls on you.

PMFA shifts the burden: the evidence proves itself. You don't have to explain or reconstruct. The chain is there, cryptographically verified, ready to present.

Architecture → Company evidence model →