Foundational patent portfolio governing how autonomous machines are identified, authorized, governed, and receipted — across every enforcement architecture.
AMIAP establishes the foundational protocol governing how autonomous machines acquire, exercise, and are held accountable for execution authority. Every execution request must be accompanied by a cryptographically signed authority artifact encoding the exact scope, permission boundary, constraints, and expiration of the authorization — issued by an authority whose signing key is held in a Hardware Security Module. No action executes unless the artifact is valid, the runtime context satisfies all encoded constraints, and the result is recorded as a tamper-evident verifiable receipt.
The prior art — including XACML, Open Policy Agent, and conventional IAM systems — evaluates policy at credential issuance or session establishment time, not at the moment of execution. AMIAP enforces constraints against the runtime context obtained at the time the computational operation is actually requested, closing the window between authorization and execution that existing systems leave ungoverned.
VEMP governs how encrypted communications are admitted into enterprise systems through a dual-plane architecture that evaluates a message authority artifact before any decryption key is released. The admission control plane operates on the ciphertext — never exposing plaintext to the evaluation layer. Only upon satisfaction of all artifact-encoded admission preconditions does the state machine advance to the release-qualified state and authorize HSM key release.
The protocol defines nine formally specified communication states — delivered, admission-pending, admitted, release-qualified, released, partially-released, reevaluation-pending, revoked, and expired — with deterministic, artifact-bound transition logic. Lineage constraints propagate cryptographically to derived communications, preventing any derived communication from asserting a wider authority scope than its parent.
CVEAR defines the receipt layer beneath all enforcement architectures. A CVEAR-compliant receipt carries a globally unique receipt identifier, a request-bound nonce contributed by the requesting machine entity that prevents replay, a prior receipt hash chain linking every receipt to its predecessor, and an issuer cryptographic signature — enabling any authorized verifier in any administrative domain to confirm, from the receipt and the enforcement point's public key alone, that an authorization decision was made under stated conditions.
CVEAR is a standalone root application filing independently of AMIAP, VEMP, and AIRAP. Any enforcement system that generates verifiable receipts — regardless of which governance protocol sits above it — operates within the CVEAR receipt layer and requires a CVEAR license independently.
Standalone root application — horizontal receipt infrastructure underlying AMIAP, VEMP, and AIRAP. Any enforcement system generating verifiable receipts licenses this protocol independently of the governance layer above it.
AIRAP applies the artifact-bound governance model to cybersecurity incident response. Every automated remediation action must be authorized by a cryptographically signed incident authority artifact encoding the exact set of authorized actions, affected asset scope, severity tier, escalation rules, and revocation conditions for that specific incident. No action executes without it.
The protocol enforces a ten-state deterministic finite automaton governing the complete incident lifecycle from DETECTED through VALIDATED, TRIAGED, AUTHORIZED, CONSTRAINED_EXECUTION, ESCALATED, REMEDIATED, REEVALUATION_PENDING, REVOKED, to CLOSED. Each transition requires cryptographic validation of the incident authority artifact and generation of a verifiable transition receipt.