How DotShield ConveyanceShield works

ConveyanceShield uses a Human-Verifiable Retrieval Ceremony (HVRC) to deliver documents with a verified, logged chain of custody without relying on email as the document delivery channel.

Begin registration Download workflow diagram

Plain-language summary: Email carries partial evidence only. The document is retrieved through a separate ceremony, then verified using SHA-256 after download.

Integrity profile: SHA-256 remains the standard interoperable verification baseline. ConveyanceShield HS can optionally add SHA-512 fingerprinting for high-assurance environments while retaining SHA-256 compatibility for normal recipient verification.

How to verify this HVRC ceremony is genuine

The address must begin with https://gabey.com.au/.
The document is never attached to the email.
The email only contains partial retrieval evidence.
The one-time PIN is shown only on the registration page.
The retrieval page must display the same remembered ceremony phrase.
The downloaded document can be checked using the official SHA-256 and CRC32 values.
This HVRC demo does not require payment, banking details, card details, identity documents, or account passwords.

The retrieval process — step by step

Register your details

The requester submits their full name, organisation, and email address. This creates a verified request context tied to the document. No document is transferred at this stage.

Requester action

Receive partial evidence by email

The system sends a confirmation email containing partial retrieval evidence only. The document is not attached, and the email alone is insufficient to retrieve the document.

System action

Keep your PIN from the registration page

A one-time PIN is displayed on the registration page. It is not sent by email, SMS, or chat. If the email is intercepted, it still cannot be used alone to retrieve the document.

Requester records

Retrieve through the ceremony

The requester manually navigates to the official retrieval page, enters the emailed groups and the PIN, confirms the registration phrase, and completes a short-lived human challenge before the document is released.

Ceremony

Verify the downloaded document

The recipient generates the SHA-256 hash of the downloaded file and compares it with the official verification page. A match confirms the received file aligns with the official record.

certutil -hashfile "YourFile.pdf" SHA256

Requester verifies

Enterprise capability tiers

ConveyanceShield can be deployed in staged capability tiers. Higher tiers extend the same verified custody model with stronger encryption, retention, and client-side control.

Standard

ConveyanceShield

Verified HVRC delivery for organisations requiring documented chain of custody.

Human-verifiable retrieval ceremony
SHA-256 and CRC32 integrity
Anti-phishing ceremony controls
Custody transfer logging
Partial evidence email model
International access supported

Enterprise

Enhanced

ConveyanceShield+

Adds encrypted client details and encrypted media storage for regulated environments.

Everything in Standard
Encrypted client identity details
Encrypted media storage at rest
Encrypted transport layer
Audit trail with protected metadata
Configurable retention policy

High Security

ConveyanceShield HS

Client-side controlled decryption and optional SHA-512 fingerprinting for high-assurance deployments.

Everything in Enhanced
Client-side controlled decryption
Delivered media remains encrypted as an asset
Optional SHA-512 high-assurance fingerprint profile
Authorised controller required to open
Device-bound key management path
Suitable for high-assurance and controlled-access deployments

High-security encrypted delivery model

In high-security deployments, the document travels and rests as an encrypted asset. Decryption occurs only on the recipient device, controlled by an authorised client-side controller. A SHA-512 fingerprint profile can be enabled alongside SHA-256 where elevated assurance or long-horizon integrity evidence is required.

Document
issued

→

Encrypted
in transit

→

Encrypted
at rest

→

Encrypted
on device

→

Authorised
controller

→

Decrypted
& opened

The HVRC ceremony governs custody transfer at the point of release. Client-side decryption control governs access after delivery. These are complementary, independent controls.

SecureSign integration across industries

The same verified custody principle can extend to document signing through SecureSign. Delivery and signing can be linked into one auditable, tamper-evident chain.

⚖

Legal and conveyancing

Settlement documents, contracts, executed deeds, and chain-of-custody handover.

Settlement docs Executed deeds

🏛

Government

FOI releases, ministerial correspondence, policy documents, and inter-agency transfer.

FOI releases Official records

💲

Finance and banking

Loan documents, KYC packages, client agreements, and regulatory submissions.

KYC Client agreements

✚

Healthcare

Patient consent forms, clinical referrals, research agreements, and sensitive health records.

Consent forms Clinical records

Future integration path: ConveyanceShield can become part of broader BlackGlass and VincuSeal custody, access, and signing workflows where the same evidence chain governs document release, access, and execution.

Anti-phishing controls

Verified custody transfer

SHA-256, SHA-512 option, and CRC32 integrity

International access supported