Skip to content

Prove it's a real device. Not a good guess — a hardware fact.

Fingerprints, IPs, and captchas only guess: attackers tune past them, and the signal fades the moment cookies clear. Root Herald turns “is this a real machine?” into one verify call, anchored to the TPM or Secure Enclave the device already ships. The device just collects opaque evidence; your backend passes it to Root Herald server-to-server and gets a verdict back — with an optional portable, JWKS-verifiable badge.

Proof vs probability

Fingerprints fade when cookies clear. A TPM doesn't.

Browser fingerprintprobabilistic · decays
threshold
day 0day 120

Match confidence erodes as users clear cookies, update browsers, and rotate devices. You set a threshold, then babysit it.

TPM attestationcryptographic · permanent
pass
day 0day 120

The signature either verifies against the published roots or it doesn't. No threshold, no decay: the same hardware fact today and a year from now.

The economics

A fake device rents for $0.01/hr. A real one costs $30+ of silicon.

Probabilistic checks fail open against rented infrastructure: there's nothing scarce to spend. Anchoring to hardware moves the attacker's floor from cents to silicon, per device, every time.

Spin up a fake (cloud VM)$0.01/ hour
Forge a real device (hardware TPM)$30+of silicon

Same scale, drawn to ratio. The bar a fake can afford is the thin one.

How it works

The IETF RATS Background-Check model, end to end.

The device collects a fresh proof; your backend relays it to Root Herald in one server→server call and gets a verdict back. Standard remote attestation, nothing bespoke to trust. Prefer a portable badge? Opt into a signed EAT JWT you verify offline against our JWKS.

1Device

Collects a fresh proof

The TPM / Secure Enclave produces a quote and EK certificate chain, signed over a one-time challenge. The client holds no keys and renders no verdict — it hands the opaque evidence to your backend.

opaque evidence
2Root Herald

Appraises the evidence

Your backend relays the opaque evidence to us in one server→server call. We validate the EK chain against published manufacturer roots, replay the boot event log, and apply your policy.

verdict
3Your backend

Gets the verdict

The verify call returns the typed verdict directly — pass / warn / fail plus a per-tenant device id. No TPM code on your side. Opt in to a signed EAT JWT if you want a portable, offline-verifiable badge.

verdict from POST /api/v1/attestations/verify

Integration

One contract. Node available today; more SDKs rolling out.

The default is one server→server rh.verify() call that returns the verdict directly — no token to handle. Prefer a portable badge? Opt in with returnToken and verify the signed EAT JWT against the published JWKS in any stack.

server · @rootherald/nodets
import { RootHerald } from "@rootherald/node";

const rh = new RootHerald({ secretKey: process.env.RH_SECRET_KEY }); // rh_sk_…

// Your client relayed the device's opaque evidence. Appraise it server→server:
const verdict = await rh.verify(req.body.evidence, { challengeId: req.body.challengeId });

if (verdict.device.verdict !== "pass") {
  return res.status(403).json({ status: verdict.device.earStatus });
}
// verdict.device.ueid — stable, anonymous, per-tenant device pseudonym
await users.create({ ...req.body, deviceId: verdict.device.ueid });
SDK availability
  • NodeAvailable
  • .NETIn development
  • GoIn development
  • JavaIn development
  • RubyIn development
  • PythonIn development
  • Browser / ReactComing soon
  • Native C / C++In development
  • iOS / AndroidComing soon

Until a native binding ships, appraise evidence server→server with @rootherald/node — or opt into a portable token and verify it with any JWKS-aware JWT library.

Honest scope

What this is best at — and where it stops.

Every verifier has bounds. We publish ours, because a proof you can audit beats a score you have to believe.

Best-in-class at
  • Hardware device identity: bound to a real, distinct TPM / Secure Enclave.
  • Sybil resistance: one real device, one account; rented VMs don't qualify.
  • Standards-based: IETF RATS / EAT verdicts, signed against a public JWKS.
Explicit bounds
  • Physical extraction: a determined attacker with the device in hand and lab gear is out of scope.
  • PKI liveness: trust rests on manufacturer roots and revocation staying sound.
  • TOCTOU: attestation proves the device at signing time, not every moment after.

Start free — 10K attestations/mo, no card.

Wire up your first verify call in an afternoon. Upgrade in the dashboard when you outgrow it.

Sign-up is for developers and organizations creating a Root Herald tenant, not for your end-users.