TRACE
TRACE // ARCHITECTURE

Built on a chain that records the
truth of every transfer.

TRACE is five cooperating layers: an on-chain token, multi-party custody endorsement, checkpoint and EMCON event recording, an offline-resilient IoT pipeline, and a set of integrations that push verified events out to FORGE, AFRL, and the four DoD enterprise systems.

L1

Tokenized assets · asset-token-cc

Every asset is a Hyperledger Fabric token anchored to the government UII parsed from the MIL-STD-130N Data Matrix barcode. The UII is immutable from mint onward — TRACE does not maintain a parallel numbering system.

  • Ten asset classes (ClassI–ClassX) validated at mint time.
  • CouchDB rich queries by NSN, by custodian, by serial number.
  • On-chain history surfaced through GetTokenHistory — every revision is auditable.
L2

Multi-party custody · custody-transfer-cc

A transfer cannot complete with one signature. The initiator submits a PENDING proposal; the receiving party authenticates independently and confirms or rejects. Both signatures land on-chain.

  • MSP-enforced initiator check — only the current custodian can propose.
  • Same-identity confirmation rejected by chaincode (two parties required).
  • Batch dispatch shares a batchID across one team load-out for fast scan-list workflows.
L3

EMCON & checkpoints · checkpoint-cc

Custody-significant location events are written on-chain. EMCON state transitions — including hardware dark mode and tamper events — are recorded with timestamps from the tag’s non-volatile memory, not the moment of network reconnect.

  • Seven checkpoint types: depot departure through final delivery.
  • Dark mode activation lat/lon and timestamp persisted in tag NVM, submitted on reconnect.
  • Verification routine reports gaps in the canonical checkpoint sequence per token.
L4

IoT pipeline · SQS FIFO + Lambda

Tag publishes flow through AWS IoT Core → SQS FIFO (preserving per-token order) → tag-event-processor Lambda. EMCON events are highest-priority and are never dropped — partial-batch failures requeue the message until Fabric submission succeeds.

  • X.509 mutual TLS, certificate provisioned per tag at manufacture.
  • Greengrass V2 edge component buffers events through WAN outages.
  • Tag IoT policy restricts each tag to its own topic prefix.
L5

FORGE & AFRL integrations

Verified asset state is pushed to FORGE via a cross-account API the moment chaincode confirms a checkpoint. A dedicated bridge channel mirrors the same events into the AFRL Hyperledger network via a bidirectional translation table.

  • FORGE asset tiles show a blockchain-verified badge when TRACE has reached final delivery.
  • AFRL bridge translates TRACE token IDs to AFRL asset IDs at submit time.
  • Both directions: AFRL chaincode events mirror back into the local TRACE asset record.

See the full chain — dispatch to recovery

A 30-minute walkthrough covers a real team dispatch, a missing item recovered through last-known GPS, an EMCON dark period with NVM-restored truth, and the resulting CDRL property accountability report.

Request a demo →