ECDSA P-256
Elliptic curve signatures
Industry-standard asymmetric cryptography for every signed request
<15ms
Verification time
Full trust pipeline evaluation per request
Zero trust
By default
No implicit trust — every request verified independently
Instant
Revocation
Device and session revocation takes effect immediately
The guard pipeline evaluates six verification stages before any request reaches business logic.
JWT Validation
Token structure, expiry, and signature verified
Device Check
Device identity and status confirmed
PoP Verify
Cryptographic proof of possession validated
App Chain
Application integrity and registration verified
Ability Check
Role and permission scope evaluated
Allow
Request proceeds to business logic
JWT Validation
Token structure, expiry, and signature verified
Device Check
Device identity and status confirmed
PoP Verify
Cryptographic proof of possession validated
App Chain
Application integrity and registration verified
Ability Check
Role and permission scope evaluated
Allow
Request proceeds to business logic
Six stages. Average 3ms. Pass or block — no middle ground.
| Capability | Traditional Auth | Enravo Trust |
|---|---|---|
| Token theft protection | Bearer tokens grant access to anyone who holds them | Tokens are cryptographically bound to the device's private key |
| Device binding | No link between token and physical device | Every session anchored to enrolled hardware identity |
| Hardware attestation | No verification of app or device integrity | Play Integrity and App Attest on every critical flow |
| Policy-driven access | ️ Global permissions applied uniformly | Per-endpoint policies with auth type, rate limits, and attestation |
| Instant revocation | Token valid until expiry, no real-time control | Device and session blacklist evaluated on every request |
| Continuous verification | One-time login, then implicit trust | Every request independently verified through six-stage pipeline |