Skip to main content

MECHANUS IQ

Forensic operational intelligence

Evidence chain

Findings become tamper-evident, not just shared.

A Mechanus IQ finding is an immutable document. Each finding is hashed, chained into a rooftop Merkle root, timestamped by a trusted authority under RFC 3161, and committed to a Hyperledger Fabric private channel for institutional and consortium attestation. The dealer gets a signed PDF. The lender, counsel, or OEM auditor gets independent verifiability.

Attestation stack

  1. 01

    Finding hash

    Each finding is canonicalized (UTF-8, normalized whitespace, deterministic field order) and hashed with SHA-256.

  2. 02

    Hour-batch chain

    Every hour, all findings in the window roll into a Merkle tree. The root is published as the hour's rooftop evidence root.

  3. 03

    RFC 3161 TSA

    The Merkle root is submitted to a trusted timestamp authority (DigiCert or Entrust). The signed TSR is retained alongside the root.

  4. 04

    Fabric private rail

    The same root is committed to a Hyperledger Fabric private channel with per-tenant isolation for institutional and consortium attestation.

Live in-page demo

Hash a finding in your browser.

The demo below runs SubtleCrypto SHA-256 locally. Nothing leaves the page. Edit the finding text to watch the hash change. Production Mechanus IQ uses the same digest function on the same canonicalized text.

SHA-256 digest (live)

computing...

Computed just now· SubtleCrypto, zero network calls

Bytes hashed
456
Digest length
256 bits / 64 hex
Next step
Enter the hour-batch hash chain
TSA attestation
RFC 3161 (DigiCert) hourly
Deterministic · identical input always produces identical digest

Why dual-rail attestation.

RFC 3161 trusted timestamping via a commercial TSA (DigiCert or Entrust) gives court-admissible, auditor-grade attestation at approximately one cent per timestamp. The hourly root is also committed to a Hyperledger Fabric private channel for per-tenant or per-consortium institutional attestation. Canadian data residency is preserved. No public-chain exposure, no PIPEDA complication, no PII on chain.

See governance: governance/registers/ for the live evidence registers and security posture for the full threat model.

What this buys you

When a lender or OEM auditor asks for proof that a finding existed on a specific date, the attestation chain produces a TSA-signed receipt that is independently verifiable. Nobody has to take Mechanus IQ at its word.

Back to report library