GuardSuite, VXMSecure

Hollywood FL USA tom@vxmsecure.com

GuardSuite, VXMSecure

Houston TX USA pat.estis@gmail.com

This document defines PRE-RCT, the Pre-Execution Authorization Receipt, a cryptographically signed and attestation-aware receipt format used to record high-risk authorization events. PRE-RCT is intended for use with pre-execution authorization protocols such as GNA.

Introduction Pre-execution authorization systems require durable, verifiable records capturing action parameters, policy state, approver decisions, and attestation evidence at the moment of authorization. PRE-RCT defines a standard structure to support interoperability, auditing, compliance, and long-term integrity.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 (, ) when, and only when, they appear in all capitals, as shown here.

Design Goals PRE-RCT is intended to: * Provide strong non-repudiation. * Bind action parameters to policy state. * Support HAE attestation evidence. * Support N-of-M approvals. * Be portable across authorization systems.

Receipt Structure PRE-RCT defines a structured object with required fields and optional domain extensions. The receipt MUST be integrity protected and cryptographically signed.

Required Fields The following fields MUST be present: receipt_id action_hash policy_hash approver_identities approver_signatures timestamp execution_token hae_masking_profile_id hae_attestation_token context_snapshot (OPTIONAL)

Verification Verifiers SHOULD: * Validate structural integrity. * Verify all digital signatures. * Recompute and compare action_hash and policy_hash. * Validate attestation tokens if present. * Enforce timestamp bounds and replay protection.

IANA Considerations This document has no IANA actions.

Security Considerations PRE-RCT improves auditability and tamper-evidence but does not prevent collusion, coercion, or compromise below the firmware root of trust. Implementations MUST protect receipt confidentiality and integrity.

Normative References