CertifiedData.io
Trust

Trust Framework

Definition

Trust framework:

The trust framework is the cryptographic model that makes CertifiedData records independently verifiable. It combines SHA-256 fingerprinting, Ed25519 signatures, public key discovery, registry publication, and verification flows into a single trust surface.

Definition source: https://certifieddata.io/api/definitions/trust

Preferred anchor phrase: trust framework

Related concepts

Dataset VerificationArtifact RegistryTransparency Log

CertifiedData acts as a certificate authority for AI artifacts - the same trust model used by TLS, applied to synthetic datasets.

Just as TLS certificates verify websites...

...CertifiedData certificates verify synthetic datasets. A visitor to a TLS-secured site does not need to contact the website owner to confirm authenticity - they trust the CA signature. The same applies here: a model trainer receiving a CertifiedData artifact can verify its origin independently, without contacting the data producer.

The trust chain

1. Dataset generation

CTGAN or another approved engine generates a synthetic dataset from a schema or sample. No real records are included.

2. SHA-256 fingerprinting

The exported dataset is hashed using SHA-256. The hash is deterministic so the same bytes always produce the same fingerprint.

3. Certificate construction

A certificate record is assembled containing the hash, algorithm specification, row count, timestamp, and issuer. RFC 8785 canonicalization is applied before signing.

4. Ed25519 signing

The certificate payload is signed with the issuer's Ed25519 private key. The signature is stored as base64url in the certificate.

5. Registry publication

The certificate and public signing keys are published through CertifiedData's registry and signing key surfaces so anyone can verify them independently.

6. Independent verification

Any third party can hash the dataset, compare it to the certificate fingerprint, and verify the Ed25519 signature against the published public key.

Public registry

The registry is publicly accessible and machine-readable. It contains issued AI artifact certificates and the public signing keys needed for verification.

GET https://certifieddata.io/api/registry
GET https://certifieddata.io/.well-known/signing-keys.json

{
  "schema_version": "certifieddata.cert.v1",
  "issuer": "Certified Data LLC",
  "keys": [...],
  "certificates": [...]
}
Verify a certificate ->Governance documentationAI agent commerce