Skip to main content
AIP is designed with cryptographic trust at its core.
Every request, bid, and event is signed, timestamped, and verified before it is accepted by the network.
This ensures that no actor — platform, advertiser, or ad network — can fake or manipulate transactions.

1. TL;DR

AIP uses digital signatures and verifiable ledgers to guarantee that every event and payout is authentic.

2. Why it matters

In digital advertising, fraud and data tampering are common:
  • Fake clicks and impressions
  • Replay or duplicate requests
  • Manipulated billing data
AIP removes these risks by enforcing signature-based verification for every message in the protocol.

3. Core security guarantees

GuaranteeDescription
AuthenticityEvery message is signed by its sender and verified by the receiver.
IntegrityData cannot be altered after signing.
Non-repudiationParticipants cannot deny the messages they sent.
Replay protectionUnique nonces and timestamps prevent reused requests.
ConfidentialityHTTPS or gRPC ensures encrypted transport.

4. Signature Model

Each message — from ContextRequest to EventPacket — must include a signature header. 
X-AIP-Signature: HMAC(method + path + body + timestamp + nonce)
X-AIP-Version: 0.1

Verification steps

  1. Receiver re-computes the HMAC using the shared secret.
  2. If the computed signature matches, the message is authentic.
  3. If not, it’s rejected automatically.
Algorithm: SHA-256 HMAC
Timestamps: RFC 3339 UTC
Nonce Expiry: 60 seconds (prevents replay)

5. Example Signed Request

{
  "auction_id": "auc_92b134",
  "intent": "best CRM for startups",
  "timestamp": "2025-11-12T01:42:00Z",
  "nonce": "bf29eaf9",
  "signature": "45c0b8a5..."
}
If any field changes, the signature becomes invalid, blocking tampering or replay attacks.

6. Key Management

Each participant (Platform, Ad Network, Brand Agent) holds:
  • Public Key: Used for verifying signatures
  • Private Key: Used for signing outgoing messages
RoleKey Responsibility
PlatformSigns event packets and verifies auction results
Ad NetworkSigns auction results and verifies events
Brand AgentSigns bids and verifies auction requests
Keys rotate automatically every 90 days, with backward compatibility for prior transactions.

7. Replay and Duplication Defense

AIP tracks every nonce for 60 seconds.
If a duplicate nonce or timestamp drift exceeds the limit, the request is rejected:
ErrorDescription
ERR_NONCE_REPLAYReused nonce detected
ERR_TIMESTAMP_EXPIREDRequest older than 60s
ERR_INVALID_SIGNATURESignature mismatch
This ensures every message is unique and time-bounded.

8. Secure Event Verification

Each event (cpx_exposure, cpc_click, cpa_conversion) is verified using:
  • Cross-signatures (Platform + Ad Network + Brand Agent)
  • Serve token hash validation
  • Timestamp checks
Example: 
event_hash = SHA256(serve_token + event_type + timestamp)
Each verifier stores a matching event hash in the ledger — creating a cryptographic audit trail.

9. Audit and Compliance Integration

All signatures, hashes, and nonces are stored in the Ad Network’s audit ledger.
This ledger can be verified by independent auditors or connected to external compliance frameworks (e.g., SOC 2, ISO 27001).

10. Guarantees

  • No unsigned or tampered message can pass verification.
  • Replay attacks are mathematically blocked.
  • Ledgers can be externally audited for every transaction.
  • Private keys never leave secure key vaults.

Summary

AIP’s security model makes every dollar traceable and every event verifiable — creating a zero-trust, fraud-proof foundation for AI advertising.