Public Verification Layer Public Verification Layer Camada de Verificacao Publica
Von der Dokumentenerstellung zur offentlichen Integritatsprufung From Document Creation to Public Integrity Verification Da Criacao de Documentos a Verificacao Publica de Integridade
11.1 Einfuhrung 11.1 Introduction 11.1 Introducao
Das WINDI Verification Layer bildet den Abschluss der dokumentaren Governance-Pipeline. Es transformiert abstrakte kryptographische Hashes und interne Registrierungsdaten in eine offentlich zugangliche, visuell verstandliche Validierungsschnittstelle. Diese Schicht ermoglicht es jedem Stakeholder — vom Auditor bis zum Endnutzer — die Authentizitat und Integritat eines WINDI-governierten Dokuments zu verifizieren. The WINDI Verification Layer represents the conclusion of the documentary governance pipeline. It transforms abstract cryptographic hashes and internal registration data into a publicly accessible, visually comprehensible validation interface. This layer enables every stakeholder — from auditor to end user — to verify the authenticity and integrity of a WINDI-governed document. A Camada de Verificacao WINDI representa a conclusao do pipeline de governanca documental. Ela transforma hashes criptograficos abstratos e dados de registro interno em uma interface de validacao publicamente acessivel e visualmente compreensivel. Esta camada permite que qualquer stakeholder — do auditor ao usuario final — verifique a autenticidade e integridade de um documento governado pelo WINDI.
"KI verarbeitet. Mensch entscheidet. WINDI garantiert." "AI processes. Human decides. WINDI guarantees." "IA processa. Humano decide. WINDI garante."
— WINDI Core Principle11.2 End-to-End Pipeline 11.2 End-to-End Pipeline 11.2 Pipeline de Ponta a Ponta
Abbildung 11.1: Vollstandige WINDI Governance Pipeline Figure 11.1: Complete WINDI Governance Pipeline Figura 11.1: Pipeline Completo de Governanca WINDI
Document -> AI Assistance -> Hash Generation -> WINDI Receipt -> QR Code -> /verifyDie Pipeline beginnt mit der Dokumentenerstellung im BABEL Editor und endet mit einer offentlich zuganglichen Verifizierungsseite. Jeder Schritt generiert kryptographisch verifizierbare Beweise, die in der Submission Registry persistent gespeichert werden. The pipeline begins with document creation in the BABEL Editor and ends with a publicly accessible verification page. Each step generates cryptographically verifiable evidence, which is persistently stored in the Submission Registry. O pipeline comeca com a criacao de documentos no Editor BABEL e termina com uma pagina de verificacao acessivel publicamente. Cada etapa gera evidencias criptograficamente verificaveis, que sao armazenadas de forma persistente no Registro de Submissoes.
11.2.1 Komponenten der Pipeline 11.2.1 Pipeline Components 11.2.1 Componentes do Pipeline
| Component | Function | Output |
|---|---|---|
| BABEL Editor | Document creation with ISP templates | HTML content + Metadata |
| AI Form Filling | AI-assisted field population | WINDI-FILL Receipt |
| DeepDOCFakes | Structural hash calculation | Structural Hash (16 chars) |
| Submission Registry | Persistent registration | Index Entry + ISP Metadata |
| PDF Export | Governed document output | PDF with QR Code + Footer |
| Verification API | Public validation | HTML/JSON Response |
11.3 Duale Hash-Architektur 11.3 Dual Hash Architecture 11.3 Arquitetura de Hash Duplo
WINDI verwendet ein duales Hash-System, das sowohl Inhalts- als auch Strukturintegritat unabhangig verifizierbar macht. Diese Trennung ermoglicht differenzierte Integritatsprufungen und erhoht die forensische Aussagekraft. WINDI employs a dual hash system that makes both content and structural integrity independently verifiable. This separation enables differentiated integrity checks and enhances forensic expressiveness. O WINDI emprega um sistema de hash duplo que torna tanto a integridade do conteudo quanto a estrutural independentemente verificaveis. Esta separacao permite verificacoes de integridade diferenciadas e aumenta a expressividade forense.
11.3.1 Content Hash 11.3.1 Content Hash 11.3.1 Hash de Conteudo
Der Content Hash ist ein SHA-256-Digest des vollstandigen Dokumentinhalts. Er andert sich bei jeder Modifikation des Textes und dient als primarer Integritatsindikator. The Content Hash is a SHA-256 digest of the complete document content. It changes with every text modification and serves as the primary integrity indicator. O Hash de Conteudo e um digest SHA-256 do conteudo completo do documento. Ele muda a cada modificacao de texto e serve como indicador primario de integridade.
content_hash = hashlib.sha256(content.encode()).hexdigest()[:12]
# Example: "772fc9dec169"11.3.2 Structural Hash 11.3.2 Structural Hash 11.3.2 Hash Estrutural
Der Structural Hash wird durch das DeepDOCFakes-Modul generiert und kodiert die semantische Struktur des Dokuments — Feldtypen, Governance-Level, ISP-Profil und Policy-Version. Dieser Hash bleibt stabil, auch wenn der Inhalt variiert, solange die Dokumentstruktur identisch bleibt. The Structural Hash is generated by the DeepDOCFakes module and encodes the semantic structure of the document — field types, governance level, ISP profile, and policy version. This hash remains stable even when content varies, as long as the document structure remains identical. O Hash Estrutural e gerado pelo modulo DeepDOCFakes e codifica a estrutura semantica do documento — tipos de campo, nivel de governanca, perfil ISP e versao da politica. Este hash permanece estavel mesmo quando o conteudo varia, desde que a estrutura do documento permaneca identica.
decision_payload = {
"submission_id": f"WINDI-{doc_id}",
"governance_level": "MEDIUM",
"policy_version": "2.2.0",
"isp_profile": "deutsche-bahn",
"metadata": {
"document_id": doc_id,
"form_id": "transportauftrag",
"template_type": "form"
}
}
structural_hash = compute_structural_hash(decision_payload)
# Example: "08759d5047b101af"Warum zwei Hashes? Why Two Hashes? Por que Dois Hashes?
Der duale Ansatz erlaubt es, zwischen inhaltlichen und strukturellen Manipulationen zu unterscheiden. The dual approach allows distinguishing between content and structural manipulations. A abordagem dupla permite distinguir entre manipulacoes de conteudo e estruturais.
11.4 Verifikationszustande 11.4 Verification States 11.4 Estados de Verificacao
Das Verification Layer unterscheidet drei semantisch distinkte Zustande, die dem Nutzer visuell kommuniziert werden: The Verification Layer distinguishes three semantically distinct states, which are visually communicated to the user: A Camada de Verificacao distingue tres estados semanticamente distintos, que sao comunicados visualmente ao usuario:
| Status | Description | Indicator |
|---|---|---|
| VALID | Document fully verified. All hashes correct. | VALID |
| PARTIAL | Registration present, but incomplete metadata. | PARTIAL |
| NOT FOUND | Receipt not found in database. | NOT FOUND |
Der PARTIAL-Zustand ist bewusst nicht als Fehler konzipiert. Er ermoglicht die Verifikation von Dokumenten, die sich noch im Bearbeitungsprozess befinden oder deren Metadaten aus Legacy-Grunden unvollstandig sind. The PARTIAL state is deliberately not designed as an error. It allows verification of documents that are still in the editing process or whose metadata is incomplete for legacy reasons. O estado PARTIAL nao e deliberadamente projetado como um erro. Ele permite a verificacao de documentos que ainda estao em processo de edicao ou cujos metadados estao incompletos por razoes de legado.
11.5 Mobile Verification Interface 11.5 Mobile Verification Interface 11.5 Interface de Verificacao Movel
Die Verifikationsseite ist mobile-first konzipiert, da der primare Anwendungsfall das Scannen eines QR-Codes auf einem gedruckten Dokument mit einem Smartphone ist. The verification page is designed mobile-first, as the primary use case is scanning a QR code on a printed document with a smartphone. A pagina de verificacao e projetada mobile-first, pois o caso de uso primario e escanear um codigo QR em um documento impresso com um smartphone.
- No login required — Public accessibility
- No app download — Native browser support
- Touch-optimized — Large tap targets, scrollable cards
- Offline-tolerant — Minimal assets, fast load time
11.6 Four-Eyes-Prinzip in der Verifikation 11.6 Four-Eyes Principle in Verification 11.6 Principio dos Quatro Olhos na Verificacao
Das Verification Layer visualisiert das Four-Eyes-Prinzip — das Erfordernis, dass kritische Dokumente von mindestens zwei Personen (Author + Witness) bestatigt werden mussen. The Verification Layer visualizes the Four-Eyes Principle — the requirement that critical documents must be confirmed by at least two persons (Author + Witness). A Camada de Verificacao visualiza o Principio dos Quatro Olhos — o requisito de que documentos criticos devem ser confirmados por pelo menos duas pessoas (Autor + Testemunha).
| Role | Responsibility | Display |
|---|---|---|
| Author | Document creation and content responsibility | Name + Employee ID |
| Witness | Independent review and confirmation | Name + Relation |
EU AI Act Compliance
Die explizite Dokumentation menschlicher Rollen ist eine Kernforderung des EU AI Act (Art. 14 — Human Oversight). The explicit documentation of human roles is a core requirement of the EU AI Act (Art. 14 — Human Oversight). A documentacao explicita de papeis humanos e um requisito central do EU AI Act (Art. 14 — Supervisao Humana).
11.7 API-Spezifikation 11.7 API Specification 11.7 Especificacao da API
Das Verification Layer bietet einen dualen Zugang — HTML fur Browser-Clients und JSON fur programmatische Integration. The Verification Layer offers dual access — HTML for browser clients and JSON for programmatic integration. A Camada de Verificacao oferece acesso duplo — HTML para clientes de navegador e JSON para integracao programatica.
11.7.1 Endpoints
GET /verify/{receipt_id}
GET /verify/{receipt_id}?format=html -> HTML page
GET /verify/{receipt_id}?format=json -> JSON response
GET /api/verify/{receipt_id} -> JSON (API path)11.7.2 JSON Response Schema
{
"status": "VALID",
"receipt_id": "WINDI-BABEL-03FEB26-772FC9DEC169",
"document": {
"title": "Transportauftrag",
"governance_level": "MEDIUM",
"isp_profile": "deutsche-bahn"
},
"integrity": {
"content_hash": "772fc9dec169...",
"structural_hash": "08759d5047b1...",
"resilience_score": 100
},
"compliance": {
"eu_ai_act": true,
"human_decision": true,
"four_eyes": true
},
"issuer": {
"organization": "WINDI Publishing House",
"jurisdiction": "DE"
}
}11.8 Fazit 11.8 Conclusion 11.8 Conclusao
Das Public Verification Layer transformiert das WINDI-System von einer internen Governance-Plattform zu einer offentlichen Autoritat fur Dokumentenintegritat. Die Kombination aus kryptographischer Verifizierung, visueller Zuganglichkeit und EU AI Act Compliance positioniert WINDI als Referenzimplementierung fur KI-governierte institutionelle Dokumentation. The Public Verification Layer transforms the WINDI system from an internal governance platform to a public authority for document integrity. The combination of cryptographic verification, visual accessibility, and EU AI Act compliance positions WINDI as a reference implementation for AI-governed institutional documentation. A Camada de Verificacao Publica transforma o sistema WINDI de uma plataforma de governanca interna para uma autoridade publica para integridade de documentos. A combinacao de verificacao criptografica, acessibilidade visual e conformidade com o EU AI Act posiciona o WINDI como uma implementacao de referencia para documentacao institucional governada por IA.
Implementierungsstatus Implementation Status Status de Implementacao
Phase 3A ist vollstandig implementiert und in Produktion. Der Pipeline-Kreislauf ist geschlossen. Phase 3A is fully implemented and in production. The pipeline cycle is closed. A Fase 3A esta totalmente implementada e em producao. O ciclo do pipeline esta fechado.